Merge branch 'bug-1394' into testserver-stable
[cacert-devel.git] / includes / notary.inc.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2011 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */
18
19 define('NULL_DATETIME', '0000-00-00 00:00:00');
20 define('THAWTE_REVOCATION_DATETIME', '2010-11-16 00:00:00');
21
22 function query_init ($query)
23 {
24 return mysql_query($query);
25 }
26
27 function query_getnextrow ($res)
28 {
29 $row1 = mysql_fetch_assoc($res);
30 return $row1;
31 }
32
33 function query_get_number_of_rows ($resultset)
34 {
35 return intval(mysql_num_rows($resultset));
36 }
37
38 function get_number_of_assurances ($userid)
39 {
40 $res = query_init ("SELECT count(*) AS `list` FROM `notary`
41 WHERE `method` = 'Face to Face Meeting' AND `from`='".intval($userid)."' and `deleted` = 0");
42 $row = query_getnextrow($res);
43
44 return intval($row['list']);
45 }
46
47 function get_number_of_ttpassurances ($userid)
48 {
49 $res = query_init ("SELECT count(*) AS `list` FROM `notary`
50 WHERE (`method`='Trusted Third Parties' or `method`='TTP-Assisted') AND `to`='".intval($userid)."' and `deleted` = 0");
51 $row = query_getnextrow($res);
52
53 return intval($row['list']);
54 }
55
56 function get_number_of_assurees ($userid)
57 {
58 $res = query_init ("SELECT count(*) AS `list` FROM `notary`
59 WHERE `method` = 'Face to Face Meeting' AND `to`='".intval($userid)."' and `deleted` = 0");
60 $row = query_getnextrow($res);
61
62 return intval($row['list']);
63 }
64
65 function get_top_assurer_position ($no_of_assurances)
66 {
67 $res = query_init ("SELECT count(*) AS `list` FROM `notary`
68 WHERE `method` = 'Face to Face Meeting' and `deleted` = 0
69 GROUP BY `from` HAVING count(*) > '".intval($no_of_assurances)."'");
70 return intval(query_get_number_of_rows($res)+1);
71 }
72
73 function get_top_assuree_position ($no_of_assurees)
74 {
75 $res = query_init ("SELECT count(*) AS `list` FROM `notary`
76 WHERE `method` = 'Face to Face Meeting' and `deleted` = 0
77 GROUP BY `to` HAVING count(*) > '".intval($no_of_assurees)."'");
78 return intval(query_get_number_of_rows($res)+1);
79 }
80
81 /**
82 * Get the list of assurances given by the user
83 * @param int $userid - id of the assurer
84 * @param int $log - if set to 1 also includes deleted assurances
85 * @return resource - a MySQL result set
86 */
87 function get_given_assurances($userid, $log=0)
88 {
89 $deleted='';
90 if ($log == 0) {
91 $deleted = ' and `deleted` = 0 ';
92 }
93 $res = query_init("select * from `notary` where `from`='".intval($userid)."' and `from` != `to` $deleted order by `id` asc");
94 return $res;
95 }
96
97 /**
98 * Get the list of assurances received by the user
99 * @param int $userid - id of the assuree
100 * @param int $log - if set to 1 also includes deleted assurances
101 * @return resource - a MySQL result set
102 */
103 function get_received_assurances($userid, $log=0)
104 {
105 $deleted='';
106 if ($log == 0) {
107 $deleted = ' and `deleted` = 0 ';
108 }
109 $res = query_init("select * from `notary` where `to`='".intval($userid)."' and `from` != `to` $deleted order by `id` asc ");
110 return $res;
111 }
112
113 function get_given_assurances_summary ($userid)
114 {
115 $res = query_init ("select count(*) as number,points,awarded,method from notary where `from`='".intval($userid)."' and `deleted` = 0 group by points,awarded,method");
116 return $res;
117 }
118
119 function get_received_assurances_summary ($userid)
120 {
121 $res = query_init ("select count(*) as number,points,awarded,method from notary where `to`='".intval($userid)."' and `deleted` = 0 group by points,awarded,method");
122 return $res;
123 }
124
125 function get_user ($userid)
126 {
127 $res = query_init ("select * from `users` where `id`='".intval($userid)."'");
128 return mysql_fetch_assoc($res);
129 }
130
131 function get_cats_state ($userid)
132 {
133
134 $res = query_init ("select * from `cats_passed` inner join `cats_variant` on `cats_passed`.`variant_id` = `cats_variant`.`id` and `cats_variant`.`type_id` = 1
135 WHERE `cats_passed`.`user_id` = '".intval($userid)."'");
136 return mysql_num_rows($res);
137 }
138
139
140 /**
141 * Calculate awarded points (corrects some issues like out of range points
142 * or points that were issued by means that have been deprecated)
143 *
144 * @param array $row - associative array containing the data from the
145 * `notary` table
146 * @return int - the awarded points for this assurance
147 */
148 function calc_awarded($row)
149 {
150 // Back in the old days there was no `awarded` column => is now zero,
151 // there the `points` column contained that data
152 $points = max(intval($row['awarded']), intval($row['points']));
153
154 // Set negative points to zero, yes there are such things in the database
155 $points = max($points, 0);
156
157 switch ($row['method'])
158 {
159 // These programmes have been revoked
160 case 'Thawte Points Transfer': // revoke all Thawte-points (as per arbitration)
161 case 'CT Magazine - Germany': // revoke c't (only one test-entry)
162 case 'Temporary Increase': // revoke 'temporary increase' (Current usage breaks audit aspects, needs to be reimplemented)
163 $points = 0;
164 break;
165
166 case 'Administrative Increase': // ignore AI with 2 points or less (historical for experiance points, now other calculation)
167 if ($points <= 2) // maybe limit to 35/50 pts in the future?
168 $points = 0;
169 break;
170
171 // TTP assurances, limit to 35
172 case 'TTP-Assisted':
173 $points = min($points, 35);
174 break;
175
176 // TTP TOPUP, limit to 30
177 case 'TOPUP':
178 $points = min($points, 30);
179
180 // All these should be preserved for the time being
181 case 'Unknown': // to be revoked in the future? limit to max 50 pts?
182 case 'Trusted Third Parties': // to be revoked in the future? limit to max 35 pts?
183 case '': // to be revoked in the future? limit to max 50 pts?
184 case 'Face to Face Meeting': // normal assurances (and superassurances?), limit to 35/50 pts in the future?
185 break;
186
187 default: // should never happen ... ;-)
188 $points = 0;
189 }
190
191 return $points;
192 }
193
194
195 /**
196 * Calculate the experience points from a given Assurance
197 *
198 * @param array $row - [inout] associative array containing the data from
199 * the `notary` table, the keys 'experience' and 'calc_awarded' will be
200 * added
201 * @param int $sum_points - [inout] the sum of already counted assurance
202 * points the assurer issued
203 * @param int $sum_experience - [inout] the sum of already counted
204 * experience points that were awarded to the assurer
205 */
206 function calc_experience(&$row, &$sum_points, &$sum_experience)
207 {
208 $row['calc_awarded'] = calc_awarded($row);
209
210 // Don't count revoked assurances even if we are displaying them
211 if ($row['deleted'] !== NULL_DATETIME) {
212 $row['experience'] = 0;
213 return;
214 }
215
216 $experience = 0;
217 if ($row['method'] == "Face to Face Meeting")
218 {
219 $experience = 2;
220 }
221 $sum_experience += $experience;
222 $row['experience'] = $experience;
223
224 $sum_points += $row['calc_awarded'];
225 }
226
227 /**
228 * Calculate the points received from a received Assurance
229 * @param array $row - [inout] associative array containing the data from
230 * the `notary` table, the keys 'experience' and 'calc_awarded' will be
231 * added
232 * @param int $sum_points - [inout] the sum of already counted assurance
233 * points the assuree received
234 * @param int $sum_experience - [inout] the sum of already counted
235 * experience points that were awarded to the assurer
236 */
237 function calc_assurances(&$row, &$sum_points, &$sum_experience)
238 {
239 $row['calc_awarded'] = calc_awarded($row);
240 $experience = 0;
241
242 // High point values mean that some of them are experience points
243 if ($row['calc_awarded'] > 100)
244 {
245 $experience = $row['calc_awarded'] - 100; // needs to be fixed in the future (limit 50 pts and/or no experience if pts > 100)
246 $row['calc_awarded'] = 100;
247 }
248
249 switch ($row['method'])
250 {
251 case 'Thawte Points Transfer':
252 case 'CT Magazine - Germany':
253 case 'Temporary Increase': // Current usage of 'Temporary Increase' may break audit aspects, needs to be reimplemented
254 $experience = 0;
255 $row['deleted'] = THAWTE_REVOCATION_DATETIME;
256 break;
257 }
258 // Don't count revoked assurances even if we are displaying them
259 if ($row['deleted'] !== NULL_DATETIME) {
260 $row['experience'] = 0;
261 return;
262 }
263
264 $sum_experience += $experience;
265 $row['experience'] = $experience;
266 $sum_points += $row['calc_awarded'];
267 }
268
269 /**
270 * Generate a link to the support engineer page for the user with the name
271 * of the user as link text
272 * @param array $user - associative array containing the data from the
273 * `user` table
274 * @return string
275 */
276 function show_user_link($user)
277 {
278 $name = trim($user['fname'].' '.$user['lname']);
279 $userid = intval($user['id']);
280
281 if($name == "")
282 {
283 if ($userid == 0) {
284 $name = _("System");
285 } else {
286 $name = _("Deleted account");
287 }
288 }
289 else
290 {
291 $name = "<a href='wot.php?id=9&amp;userid=".$userid."'>".sanitizeHTML($name)."</a>";
292 }
293
294 return $name;
295 }
296
297 /**
298 * Generate a link to the support engineer page for the user with the email
299 * address as link text
300 * @param array $user - associative array containing the data from the
301 * `user` table
302 * @return string
303 */
304 function show_email_link($user)
305 {
306 $email = trim($user['email']);
307 if($email != "") {
308 $email = "<a href='account.php?id=43&amp;userid=".intval($user['id'])."'>".sanitizeHTML($email)."</a>";
309 }
310 return $email;
311 }
312
313 function get_assurer_ranking($userid,&$num_of_assurances,&$rank_of_assurer)
314 {
315 $num_of_assurances = get_number_of_assurances (intval($userid));
316 $rank_of_assurer = get_top_assurer_position($num_of_assurances);
317 }
318
319 function get_assuree_ranking($userid,&$num_of_assurees,&$rank_of_assuree)
320 {
321 $num_of_assurees = get_number_of_assurees (intval($userid));
322 $rank_of_assuree = get_top_assuree_position($num_of_assurees);
323 }
324
325 /**
326 * Helper function to sum all assurance points received by the user
327 * @param int $userid
328 */
329 function get_received_assurance_points($userid)
330 {
331 $sum_points = 0;
332 $sum_experience = 0;
333 $res = get_received_assurances(intval($userid));
334 while($row = mysql_fetch_assoc($res))
335 {
336 calc_assurances($row, $sum_points, $sum_experience);
337 }
338 return $sum_points;
339 }
340
341 /**
342 * Helper function to sum all assurance points received by the user
343 * @param int $userid
344 */
345 function get_received_experience_points($userid)
346 {
347 $sum_points = 0;
348 $sum_experience = 0;
349 $res = get_received_assurances(intval($userid));
350
351 // this loop sums experience points from recieved assurances
352 // this happens when the member has assurances with more than 150 points (super assurances)
353 // such points/assurances should be removed from the database. Afterwards, this logic can be removed.
354 while($row = mysql_fetch_assoc($res))
355 {
356 calc_assurances($row, $sum_points, $sum_experience);
357 }
358
359 $res = get_given_assurances(intval($userid));
360 while($row = mysql_fetch_assoc($res))
361 {
362 calc_experience($row, $sum_points, $sum_experience);
363 }
364 return $sum_experience;
365 }
366
367 /**
368 * Helper function to sum all points received by the user
369 * @param int $userid
370 */
371 function get_received_total_points($userid)
372 {
373 $assurance = min(100, get_received_assurance_points($userid));
374 $experience = min(50, get_received_experience_points($userid));
375 if($assurance < 100) {
376 return $assurance;
377 } else {
378 return 100 + $experience;
379 }
380 }
381
382 /**
383 * Updates the assurance points in $_SESSION['profile']
384 */
385 function update_points_in_profile(){
386 $_SESSION['profile']['points'] = get_received_total_points($_SESSION['profile']['id']);
387 }
388
389 // ************* html table definitions ******************
390
391 function output_ranking($userid)
392 {
393 get_assurer_ranking($userid,$num_of_assurances,$rank_of_assurer);
394 get_assuree_ranking($userid,$num_of_assurees,$rank_of_assuree);
395
396 ?>
397 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
398 <tr>
399 <td class="title"><?=_("Assurer Ranking")?></td>
400 </tr>
401 <tr>
402 <td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($num_of_assurances), intval($rank_of_assurer) )?></td>
403 </tr>
404 <tr>
405 <td class="DataTD"><?=sprintf(_("You have received %s assurances which ranks you as the #%s top assuree."), intval($num_of_assurees), intval($rank_of_assuree) )?></td>
406 </tr>
407 </table>
408 <br/>
409 <?
410 }
411
412 /**
413 * Render header for the assurance table (same for given/received)
414 * @param string $title - The title for the table
415 * @param int $support - set to 1 if the output is for the support interface
416 * @param int $log - if set to 1 also includes deleted assurances
417 */
418 function output_assurances_header($title, $support, $log)
419 {
420 $colspan = 7;
421 if ($support == 1) {
422 $colspan += 2;
423 }
424 if ($log == 1 || $support == 1) {
425 $colspan += 1;
426 }
427 ?>
428 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
429 <tr>
430 <td colspan="<?=$colspan?>" class="title"><?=$title?></td>
431 </tr>
432 <tr>
433 <td class="DataTD"><strong><?=_("ID")?></strong></td>
434 <td class="DataTD"><strong><?=_("Date")?></strong></td>
435 <?
436 if ($support == 1)
437 {
438 ?>
439 <td class="DataTD"><strong><?=_("When")?></strong></td>
440 <td class="DataTD"><strong><?=_("Email")?></strong></td>
441 <?
442 }
443 ?>
444 <td class="DataTD"><strong><?=_("Who")?></strong></td>
445 <td class="DataTD"><strong><?=_("Points")?></strong></td>
446 <td class="DataTD"><strong><?=_("Location")?></strong></td>
447 <td class="DataTD"><strong><?=_("Method")?></strong></td>
448 <td class="DataTD"><strong><?=_("Experience Points")?></strong></td>
449 <?
450 if ($log == 1 || $support == 1)
451 {
452 ?>
453 <td class="DataTD"><strong><?=_("Revoked")?></strong></td>
454 <?
455 }
456 ?>
457 </tr>
458 <?
459 }
460
461 /**
462 * Render footer for the assurance table (same for given/received)
463 * @param string $points_txt - Description for sum of assurance points
464 * @param int $sumpoints - sum of assurance points
465 * @param string $experience_txt - Description for sum of experience points
466 * @param int $sumexperience - sum of experience points
467 * @param int $support - set to 1 if the output is for the support interface
468 * @param int $log - if set to 1 also includes deleted assurances
469 */
470 function output_assurances_footer(
471 $points_txt,
472 $sumpoints,
473 $experience_txt,
474 $sumexperience,
475 $support,
476 $log)
477 {
478 ?>
479 <tr>
480 <td colspan="<?=($support == 1) ? 5 : 3 ?>" class="DataTD"><strong><?=$points_txt?>:</strong></td>
481 <td class="DataTD"><?=intval($sumpoints)?></td>
482 <td class="DataTD">&nbsp;</td>
483 <td class="DataTD"><strong><?=$experience_txt?>:</strong></td>
484 <td class="DataTD"><?=intval($sumexperience)?></td>
485 <?
486 if ($log == 1 || $support == 1)
487 {
488 ?>
489 <td class="DataTD">&nbsp;</td>
490 <?
491 }
492 ?>
493 </tr>
494 </table>
495 <br/>
496 <?
497 }
498
499 /**
500 * Render an assurance for a view
501 * @param array $assurance - associative array containing the data from the `notary` table
502 * @param int $userid - Id of the user whichs given/received assurances are displayed
503 * @param array $other_user - associative array containing the other users data from the `users` table
504 * @param int $support - set to 1 if the output is for the support interface
505 * @param string $ticketno - ticket number currently set in the support interface
506 * @param int $log - if set to 1 also includes deleted assurances
507 */
508 function output_assurances_row(
509 $assurance,
510 $userid,
511 $other_user,
512 $support,
513 $ticketno,
514 $log)
515 {
516 $assuranceid = intval($assurance['id']);
517 $date = $assurance['date'];
518 $when = $assurance['when'];
519 $awarded = intval($assurance['calc_awarded']);
520 $points = intval($assurance['points']);
521 $location = $assurance['location'];
522 $method = $assurance['method'] ? _($assurance['method']) : '';
523 $experience = intval($assurance['experience']);
524 $revoked = $assurance['deleted'] !== NULL_DATETIME;
525
526 $email = show_email_link($other_user);
527 $name = show_user_link($other_user);
528
529 if ($support == 1) {
530 $log = 1;
531 }
532
533 $tdstyle="";
534 $emopen="";
535 $emclose="";
536
537 if ($awarded == $points)
538 {
539 if ($awarded == 0)
540 {
541 if ($when < "2006-09-01")
542 {
543 $tdstyle="style='background-color: #ffff80'";
544 $emopen="<em>";
545 $emclose="</em>";
546 }
547 }
548 }
549 ?>
550 <tr>
551 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$assuranceid?><?=$emclose?></td>
552 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$date?><?=$emclose?></td>
553 <?
554 if ($support == 1)
555 {
556 ?>
557 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$when?><?=$emclose?></td>
558 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$email?><?=$emclose?></td>
559 <?
560 }
561 ?>
562 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td>
563 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$revoked ? sprintf("<strong style='color: red'>%s</strong>",_("Revoked")) : $awarded?><?=$emclose?></td>
564 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=sanitizeHTML($location)?><?=$emclose?></td>
565 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td>
566 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?$experience:'&nbsp;'?><?=$emclose?></td>
567 <?
568 if ($log == 1)
569 {
570 if ($revoked == true)
571 {
572 ?>
573 <td class="DataTD" <?=$tdstyle?>><?=$assurance['deleted']?></td>
574 <?
575 } elseif ($support == 1) {
576 ?>
577 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&amp;userid=<?=intval($userid)?>&amp;assurance=<?=intval($assuranceid)?>&amp;csrf=<?=make_csrf('admdelassurance')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$assuranceid)?>');"><?=_("Revoke")?></a><?=$emclose?></td>
578 <?
579 } else {
580 ?>
581 <td class="DataTD" <?=$tdstyle?>>&nbsp;</td>
582 <?
583 }
584 }
585 ?>
586 </tr>
587 <?
588 }
589
590 function output_summary_header()
591 {
592 ?>
593 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
594 <tr>
595 <td colspan="4" class="title"><?=_("Summary of your Points")?></td>
596 </tr>
597 <tr>
598 <td class="DataTD"><strong><?=_("Description")?></strong></td>
599 <td class="DataTD"><strong><?=_("Points")?></strong></td>
600 <td class="DataTD"><strong><?=_("Countable Points")?></strong></td>
601 <td class="DataTD"><strong><?=_("Remark")?></strong></td>
602 </tr>
603 <?
604 }
605
606 function output_summary_footer()
607 {
608 ?>
609 </table>
610 <br/>
611 <?
612 }
613
614 function output_summary_row($title,$points,$points_countable,$remark)
615 {
616 ?>
617 <tr>
618 <td class="DataTD"><strong><?=$title?></strong></td>
619 <td class="DataTD"><?=$points?></td>
620 <td class="DataTD"><?=$points_countable?></td>
621 <td class="DataTD"><?=$remark?></td>
622 </tr>
623 <?
624 }
625
626
627 // ************* output given assurances ******************
628
629 /**
630 * Helper function to render assurances given by the user
631 * @param int $userid
632 * @param int& $sum_points - [out] sum of given points
633 * @param int& $sum_experience - [out] sum of experience points gained
634 * @param int $support - set to 1 if the output is for the support interface
635 * @param string $ticketno - the ticket number set in the support interface
636 * @param int $log - if set to 1 also includes deleted assurances
637 */
638 function output_given_assurances_content(
639 $userid,
640 &$sum_points,
641 &$sum_experience,
642 $support,
643 $ticketno,
644 $log)
645 {
646 $sum_points = 0;
647 $sum_experience = 0;
648 $res = get_given_assurances(intval($userid), $log);
649 while($row = mysql_fetch_assoc($res))
650 {
651 $assuree = get_user(intval($row['to']));
652 calc_experience($row, $sum_points, $sum_experience);
653 output_assurances_row($row, $userid, $assuree, $support, $ticketno, $log);
654 }
655 }
656
657 // ************* output received assurances ******************
658
659 /**
660 * Helper function to render assurances received by the user
661 * @param int $userid
662 * @param int& $sum_points - [out] sum of received points
663 * @param int& $sum_experience - [out] sum of experience points the assurers gained
664 * @param int $support - set to 1 if the output is for the support interface
665 * @param string $ticketno - the ticket number set in the support interface
666 * @param int $log - if set to 1 also includes deleted assurances
667 */
668 function output_received_assurances_content(
669 $userid,
670 &$sum_points,
671 &$sum_experience,
672 $support,
673 $ticketno,
674 $log)
675 {
676 $sum_points = 0;
677 $sum_experience = 0;
678 $res = get_received_assurances(intval($userid), $log);
679 while($row = mysql_fetch_assoc($res))
680 {
681 $fromuser = get_user(intval($row['from']));
682 calc_assurances($row, $sum_points, $sum_experience);
683 output_assurances_row($row, $userid, $fromuser, $support, $ticketno, $log);
684 }
685 }
686
687 // ************* output summary table ******************
688
689 function check_date_limit ($userid,$age)
690 {
691 $dob = date("Y-m-d", mktime(0,0,0,date("m"),date("d"),date("Y")-$age));
692 $res = query_init ("select id from `users` where `id`='".$userid."' and `dob` < '$dob'");
693 return intval(query_get_number_of_rows($res));
694 }
695
696 function max_points($userid)
697 {
698 return output_summary_content ($userid,0);
699 }
700
701 function output_summary_content($userid,$display_output)
702 {
703 $sum_points = 0;
704 $sum_experience = 0;
705 $sum_experience_other = 0;
706 $max_points = 100;
707 $max_experience = 50;
708
709 $experience_limit_reached_txt = _("Limit reached");
710
711 if (check_date_limit($userid,18) != 1)
712 {
713 $max_experience = 10;
714 $experience_limit_reached_txt = _("Limit given by PoJAM reached");
715 }
716 if (check_date_limit($userid,14) != 1)
717 {
718 $max_experience = 0;
719 $experience_limit_reached_txt = _("Limit given by PoJAM reached");
720 }
721
722 $res = get_received_assurances_summary($userid);
723 while($row = mysql_fetch_assoc($res))
724 {
725 $points = calc_awarded($row);
726
727 if ($points > $max_points) // limit to 100 points, above is experience (needs to be fixed)
728 {
729 $sum_experience_other = $sum_experience_other+($points-$max_points)*intval($row['number']);
730 $points = $max_points;
731 }
732 $sum_points += $points*intval($row['number']);
733 }
734
735 $res = get_given_assurances_summary($userid);
736 while($row = mysql_fetch_assoc($res))
737 {
738 switch ($row['method'])
739 {
740 case 'Face to Face Meeting': // count Face to Face only
741 $sum_experience += 2*intval($row['number']);
742 break;
743 }
744
745 }
746
747 if ($sum_points > $max_points)
748 {
749 $sum_points_countable = $max_points;
750 $remark_points = _("Limit reached");
751 }
752 else
753 {
754 $sum_points_countable = $sum_points;
755 $remark_points = "&nbsp;";
756 }
757 if ($sum_experience > $max_experience)
758 {
759 $sum_experience_countable = $max_experience;
760 $remark_experience = $experience_limit_reached_txt;
761 }
762 else
763 {
764 $sum_experience_countable = $sum_experience;
765 $remark_experience = "&nbsp;";
766 }
767
768 if ($sum_experience_countable + $sum_experience_other > $max_experience)
769 {
770 $sum_experience_other_countable = $max_experience-$sum_experience_countable;
771 $remark_experience_other = $experience_limit_reached_txt;
772 }
773 else
774 {
775 $sum_experience_other_countable = $sum_experience_other;
776 $remark_experience_other = "&nbsp;";
777 }
778
779 if ($sum_points_countable < $max_points)
780 {
781 if ($sum_experience_countable != 0)
782 $remark_experience = _("Points on hold due to less assurance points");
783 $sum_experience_countable = 0;
784 if ($sum_experience_other_countable != 0)
785 $remark_experience_other = _("Points on hold due to less assurance points");
786 $sum_experience_other_countable = 0;
787 }
788
789 $issue_points = 0;
790 $cats_test_passed = get_cats_state ($userid);
791 if ($cats_test_passed == 0)
792 {
793 $issue_points_txt = "<strong style='color: red'>"._("You have to pass the CAcert Assurer Challenge (CATS-Test) to be an Assurer")."</strong>";
794 if ($sum_points_countable < $max_points)
795 {
796 $issue_points_txt = "<strong style='color: red'>";
797 $issue_points_txt .= sprintf(_("You need %s assurance points and the passed CATS-Test to be an Assurer"), intval($max_points));
798 $issue_points_txt .= "</strong>";
799 }
800 }
801 else
802 {
803 $experience_total = $sum_experience_countable+$sum_experience_other_countable;
804 $issue_points_txt = "";
805 if ($sum_points_countable == $max_points)
806 $issue_points = 10;
807 if ($experience_total >= 10)
808 $issue_points = 15;
809 if ($experience_total >= 20)
810 $issue_points = 20;
811 if ($experience_total >= 30)
812 $issue_points = 25;
813 if ($experience_total >= 40)
814 $issue_points = 30;
815 if ($experience_total >= 50)
816 $issue_points = 35;
817 if ($issue_points != 0)
818 $issue_points_txt = sprintf(_("You may issue up to %s points"),$issue_points);
819 }
820 if ($display_output)
821 {
822 output_summary_row (_("Assurance Points you received"),$sum_points,$sum_points_countable,$remark_points);
823 output_summary_row (_("Total Experience Points by Assurance"),$sum_experience,$sum_experience_countable,$remark_experience);
824 output_summary_row (_("Total Experience Points (other ways)"),$sum_experience_other,$sum_experience_other_countable,$remark_experience_other);
825 output_summary_row (_("Total Points"),"&nbsp;",$sum_points_countable + $sum_experience_countable + $sum_experience_other_countable,$issue_points_txt);
826 }
827 return $issue_points;
828 }
829
830 /**
831 * Render assurances given by the user
832 * @param int $userid
833 * @param int $support - set to 1 if the output is for the support interface
834 * @param string $ticketno - the ticket number set in the support interface
835 * @param int $log - if set to 1 also includes deleted assurances
836 */
837 function output_given_assurances($userid, $support=0, $ticketno='', $log=0)
838 {
839 output_assurances_header(
840 _("Assurance Points You Issued"),
841 $support,
842 $log);
843
844 output_given_assurances_content(
845 $userid,
846 $sum_points,
847 $sum_experience,
848 $support,
849 $ticketno,
850 $log);
851
852 output_assurances_footer(
853 _("Total Points Issued"),
854 $sum_points,
855 _("Total Experience Points"),
856 $sum_experience,
857 $support,
858 $log);
859 }
860
861 /**
862 * Render assurances received by the user
863 * @param int $userid
864 * @param int $support - set to 1 if the output is for the support interface
865 * @param string $ticketno - the ticket number set in the support interface
866 * @param int $log - if set to 1 also includes deleted assurances
867 */
868 function output_received_assurances($userid, $support=0, $ticketno='', $log=0)
869 {
870 output_assurances_header(
871 _("Assurance Points You Received"),
872 $support,
873 $log);
874
875 output_received_assurances_content(
876 $userid,
877 $sum_points,
878 $sum_experience,
879 $support,
880 $ticketno,
881 $log);
882
883 output_assurances_footer(
884 _("Total Points Received"),
885 $sum_points,
886 _("Total Experience Points"),
887 $sum_experience,
888 $support,
889 $log);
890 }
891
892 function output_summary($userid)
893 {
894 output_summary_header();
895 output_summary_content($userid,1);
896 output_summary_footer();
897 }
898
899 function output_end_of_page()
900 {
901 ?>
902 <p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p>
903 <?
904 }
905
906 //functions to do with recording user agreements
907 /**
908 * write_user_agreement()
909 * writes a new record to the table user_agreement
910 *
911 * @param mixed $memid
912 * @param mixed $document
913 * @param mixed $method
914 * @param mixed $comment
915 * @param integer $active
916 * @param integer $secmemid
917 * @return
918 */
919 function write_user_agreement($memid, $document, $method, $comment, $active=1, $secmemid=0){
920 // write a new record to the table user_agreement
921 $query="insert into `user_agreements` set `memid`=".intval($memid).", `secmemid`=".intval($secmemid).
922 ",`document`='".mysql_real_escape_string($document)."',`date`=NOW(), `active`=".intval($active).",`method`='".mysql_real_escape_string($method)."',`comment`='".mysql_real_escape_string($comment)."'" ;
923 $res = mysql_query($query);
924 }
925
926 /**
927 * get_user_agreement_status()
928 * returns 1 if the user has an entry for the given type in user_agreement, 0 if no entry is recorded
929 * @param mixed $memid
930 * @param string $type
931 * @return
932 */
933 function get_user_agreement_status($memid, $type="CCA"){
934 $query="SELECT u.`document` FROM `user_agreements` u
935 WHERE u.`document` = '" . mysql_real_escape_string($type) . "' AND u.`memid`=" . intval($memid) ;
936 $res = mysql_query($query);
937 if(mysql_num_rows($res) <=0){
938 return 0;
939 }else{
940 return 1;
941 }
942 }
943
944 /**
945 * Get the first user_agreement entry of the requested type
946 * @param int $memid
947 * @param string $type - the type of user agreement, by default all
948 * agreements are listed
949 * @param int $active - whether to get active or passive agreements:
950 * 0 := passive
951 * 1 := active
952 * null := both
953 * @return array(string=>mixed) - an associative array containing
954 * 'document', 'date', 'method', 'comment', 'active'
955 */
956 function get_first_user_agreement($memid, $type=null, $active=null){
957 $filter = '';
958 if (!is_null($type)) {
959 $filter .= " AND u.`document` = '".mysql_real_escape_string($type)."'";
960 }
961
962 if (!is_null($active)) {
963 $filter .= " AND u.`active` = ".intval($active);
964 }
965
966 $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM `user_agreements` AS u
967 WHERE u.`memid`=".intval($memid)."
968 $filter
969 ORDER BY u.`date` LIMIT 1";
970 $res = mysql_query($query);
971 if(mysql_num_rows($res) >0){
972 $rec = mysql_fetch_assoc($res);
973 }else{
974 $rec=array();
975 }
976 return $rec;
977 }
978
979 /**
980 * Get the last user_agreement entry of the requested type
981 * @param int $memid
982 * @param string $type - the type of user agreement, by default all
983 * agreements are listed
984 * @param int $active - whether to get active or passive agreements:
985 * 0 := passive,
986 * 1 := active,
987 * null := both
988 * @return array(string=>mixed) - an associative array containing
989 * 'document', 'date', 'method', 'comment', 'active'
990 */
991 function get_last_user_agreement($memid, $type=null, $active=null){
992 $filter = '';
993 if (!is_null($type)) {
994 $filter .= " AND u.`document` = '".mysql_real_escape_string($type)."'";
995 }
996
997 if (!is_null($active)) {
998 $filter .= " AND u.`active` = ".intval($active);
999 }
1000
1001 $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM `user_agreements` AS u
1002 WHERE u.`memid`=".intval($memid)."
1003 $filter
1004 ORDER BY u.`date` DESC LIMIT 1";
1005 $res = mysql_query($query);
1006 if(mysql_num_rows($res) >0){
1007 $rec = mysql_fetch_assoc($res);
1008 }else{
1009 $rec=array();
1010 }
1011 return $rec;
1012 }
1013
1014 /**
1015 * Get the all user_agreement entries of the requested type
1016 * @param int $memid
1017 * @param string $type - the type of user agreement, by default all
1018 * agreements are listed
1019 * @param int $active - whether to get an active or passive agreements:
1020 * 0 := passive,
1021 * 1 := active,
1022 * null := both
1023 * @return resource - a mysql result set containing all agreements
1024 */
1025 function get_user_agreements($memid, $type=null, $active=null){
1026 $filter = '';
1027 if (!is_null($type)) {
1028 $filter .= " AND u.`document` = '".mysql_real_escape_string($type)."'";
1029 }
1030
1031 if (!is_null($active)) {
1032 $filter .= " AND u.`active` = ".intval($active);
1033 }
1034
1035 $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM `user_agreements` AS u
1036 WHERE u.`memid`=".intval($memid)."
1037 $filter
1038 ORDER BY u.`date`";
1039 return mysql_query($query);
1040 }
1041
1042 /**
1043 * delete_user_agreement()
1044 * deletes all entries for a given type from user_agreement of a given user, if type is not given all
1045 * @param mixed $memid
1046 * @param string $type
1047 * @return
1048 */
1049 function delete_user_agreement($memid, $type=false){
1050 if ($type === false) {
1051 $filter = '';
1052 } else {
1053 $filter = " and `document` = '" . mysql_real_escape_string($type) . "'";
1054 }
1055 mysql_query("delete from `user_agreements` where `memid`=" . intval($memid) . $filter );
1056 }
1057
1058 // functions for 6.php (assure somebody)
1059
1060 function AssureHead($confirmation,$checkname)
1061 {
1062 ?>
1063 <form method="post" action="wot.php">
1064 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="600">
1065 <tr>
1066 <td colspan="2" class="title"><?=$confirmation?></td>
1067 </tr>
1068 <tr>
1069 <td class="DataTD" colspan="2" align="left"><?=$checkname?></td>
1070 </tr>
1071 <?
1072 }
1073
1074 function AssureTextLine($field1,$field2)
1075 {
1076 ?>
1077 <tr>
1078 <td class="DataTD"><?=$field1.(empty($field1)?'':':')?></td>
1079 <td class="DataTD"><?=$field2?></td>
1080 </tr>
1081 <?
1082 }
1083
1084 function AssureBoxLine($type,$text,$checked)
1085 {
1086 ?>
1087 <tr>
1088 <td class="DataTD"><input type="checkbox" name="<?=$type?>" value="1" <?=$checked?"checked":""?>></td>
1089 <td class="DataTD"><?=$text?></td>
1090 </tr>
1091 <?
1092 }
1093
1094 function AssureMethodLine($text,$methods,$remark)
1095 {
1096 if (count($methods) != 1) {
1097 ?>
1098 <tr>
1099 <td class="DataTD"><?=$text.(empty($text)?'':':')?></td>
1100 <td class="DataTD">
1101 <select name="method">
1102 <?
1103 foreach($methods as $val) {
1104 ?>
1105 <option value="<?=$val?>"><?=$val?></option>
1106 <?
1107 }
1108 ?>
1109 </select>
1110 <br />
1111 <?=$remark?>
1112 </td>
1113 </tr>
1114 <?
1115 } else {
1116 ?>
1117 <input type="hidden" name="method" value="<?=$methods[0]?>" />
1118 <?
1119 }
1120 }
1121
1122 function AssureInboxLine($type,$field,$value,$description)
1123 {
1124 ?>
1125 <tr>
1126 <td class="DataTD"><?=$field.(empty($field)?'':':')?></td>
1127 <td class="DataTD"><input type="text" name="<?=$type?>" value="<?=$value?>"><?=$description?></td>
1128 </tr>
1129 <?
1130 }
1131
1132 function AssureFoot($oldid,$confirm)
1133 {
1134 ?>
1135 <tr>
1136 <td class="DataTD" colspan="2">
1137 <input type="submit" name="process" value="<?=$confirm?>" />
1138 <input type="submit" name="cancel" value="<?=_("Cancel")?>" />
1139 </td>
1140 </tr>
1141 </table>
1142 <input type="hidden" name="pagehash" value="<?=$_SESSION['_config']['wothash']?>" />
1143 <input type="hidden" name="oldid" value="<?=$oldid?>" />
1144 </form>
1145 <?
1146 }
1147
1148 function account_email_delete($mailid){
1149 //deletes an email entry from an acount
1150 //revolkes all certifcates for that email address
1151 //called from www/account.php if($process != "" && $oldid == 2)
1152 //called from www/diputes.php if($type == "reallyemail") / if($action == "accept")
1153 //called from account_delete
1154 $mailid = intval($mailid);
1155 revoke_all_client_cert($mailid);
1156 $query = "update `email` set `deleted`=NOW() where `id`='$mailid'";
1157 mysql_query($query);
1158 }
1159
1160 function account_domain_delete($domainid){
1161 //deletes an domain entry from an acount
1162 //revolkes all certifcates for that domain address
1163 //called from www/account.php if($process != "" && $oldid == 9)
1164 //called from www/diputes.php if($type == "reallydomain") / if($action == "accept")
1165 //called from account_delete
1166 $domainid = intval($domainid);
1167 revoke_all_server_cert($domainid);
1168 mysql_query(
1169 "update `domains`
1170 set `deleted`=NOW()
1171 where `id` = '$domainid'");
1172 }
1173
1174 function account_delete($id, $arbno, $adminid){
1175 //deletes an account following the deleted account routnie V3
1176 // called from www/account.php if($oldid == 50 && $process != "")
1177 //change password
1178 $id = intval($id);
1179 $arbno = mysql_real_escape_string($arbno);
1180 $adminid = intval($adminid);
1181 $pool = 'abcdefghijklmnopqrstuvwxyz';
1182 $pool .= '0123456789!()§';
1183 $pool .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
1184 srand ((double)microtime()*1000000);
1185 $password="";
1186 for($index = 0; $index < 30; $index++)
1187 {
1188 $password .= substr($pool,(rand()%(strlen ($pool))), 1);
1189 }
1190 mysql_query("update `users` set `password`=sha1('".$password."') where `id`='".$id."'");
1191
1192 //create new mail for arbitration number
1193 $query = "insert into `email` set `email`='".$arbno."@cacert.org',`memid`='".$id."',`created`=NOW(),`modified`=NOW(), `attempts`=-1";
1194 mysql_query($query);
1195 $emailid = mysql_insert_id();
1196
1197 //set new mail as default
1198 $query = "update `users` set `email`='".$arbno."@cacert.org' where `id`='".$id."'";
1199 mysql_query($query);
1200
1201 //delete all other email address
1202 $query = "select `id` from `email` where `memid`='".$id."' and `id`!='".$emailid."'" ;
1203 $res=mysql_query($query);
1204 while($row = mysql_fetch_assoc($res)){
1205 account_email_delete($row['id']);
1206 }
1207
1208 //delete all domains
1209 $query = "select `id` from `domains` where `memid`='".$id."'";
1210 $res=mysql_query($query);
1211 while($row = mysql_fetch_assoc($res)){
1212 account_domain_delete($row['id']);
1213 }
1214
1215 //clear alert settings
1216 mysql_query(
1217 "update `alerts` set
1218 `general`='0',
1219 `country`='0',
1220 `regional`='0',
1221 `radius`='0'
1222 where `memid`='$id'");
1223
1224 //set default location
1225 $query = "update `users` set `locid`='2256755', `regid`='243', `ccid`='12' where `id`='".$id."'";
1226 mysql_query($query);
1227
1228 //clear listings
1229 $query = "update `users` set `listme`=' ',`contactinfo`=' ' where `id`='".$id."'";
1230 mysql_query($query);
1231
1232 //set lanuage to default
1233 //set default language
1234 mysql_query("update `users` set `language`='en_AU' where `id`='".$id."'");
1235 //delete secondary langugaes
1236 mysql_query("delete from `addlang` where `userid`='".$id."'");
1237
1238 //change secret questions
1239 for($i=1;$i<=5;$i++){
1240 $q="";
1241 $a="";
1242 for($index = 0; $index < 30; $index++)
1243 {
1244 $q .= substr($pool,(rand()%(strlen ($pool))), 1);
1245 $a .= substr($pool,(rand()%(strlen ($pool))), 1);
1246 }
1247 $query = "update `users` set `Q$i`='$q', `A$i`='$a' where `id`='".$id."'";
1248 mysql_query($query);
1249 }
1250
1251 //change personal information to arbitration number and DOB=1900-01-01
1252 $query = "update `users` set `fname`='".$arbno."',
1253 `mname`='".$arbno."',
1254 `lname`='".$arbno."',
1255 `suffix`='".$arbno."',
1256 `dob`='1900-01-01'
1257 where `id`='".$id."'";
1258 mysql_query($query);
1259
1260 //clear all admin and board flags
1261 mysql_query(
1262 "update `users` set
1263 `assurer`='0',
1264 `assurer_blocked`='0',
1265 `codesign`='0',
1266 `orgadmin`='0',
1267 `ttpadmin`='0',
1268 `locadmin`='0',
1269 `admin`='0',
1270 `adadmin`='0',
1271 `tverify`='0',
1272 `board`='0'
1273 where `id`='$id'");
1274
1275 //block account
1276 mysql_query("update `users` set `locked`='1' where `id`='$id'"); //, `deleted`=Now()
1277 }
1278
1279
1280 function check_email_exists($email){
1281 // called from includes/account.php if($process != "" && $oldid == 1)
1282 // called from includes/account.php if($oldid == 50 && $process != "")
1283 $email = mysql_real_escape_string($email);
1284 $query = "select 1 from `email` where `email`='$email' and `deleted`=0";
1285 $res = mysql_query($query);
1286 return mysql_num_rows($res) > 0;
1287 }
1288
1289 function check_gpg_cert_running($uid,$cca=0){
1290 //if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed
1291 // called from includes/account.php if($oldid == 50 && $process != "")
1292 $uid = intval($uid);
1293 if (0==$cca) {
1294 $query = "select 1 from `gpg` where `memid`='$uid' and `expire`>NOW()";
1295 }else{
1296 $query = "select 1 from `gpg` where `memid`='$uid' and `expire`>(NOW()-90*86400)";
1297 }
1298 $res = mysql_query($query);
1299 return mysql_num_rows($res) > 0;
1300 }
1301
1302 function check_client_cert_running($uid,$cca=0){
1303 //if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed
1304 // called from includes/account.php if($oldid == 50 && $process != "")
1305 $uid = intval($uid);
1306 if (0==$cca) {
1307 $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>NOW() and `revoked`<`created`";
1308 $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>NOW()";
1309 }else{
1310 $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>(NOW()-90*86400) and `revoked`<`created`";
1311 $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>(NOW()-90*86400)";
1312 }
1313 $res = mysql_query($query1);
1314 $r1 = mysql_num_rows($res)>0;
1315 $res = mysql_query($query2);
1316 $r2 = mysql_num_rows($res)>0;
1317 return !!($r1 || $r2);
1318 }
1319
1320 function check_server_cert_running($uid,$cca=0){
1321 //if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed
1322 // called from includes/account.php if($oldid == 50 && $process != "")
1323 $uid = intval($uid);
1324 if (0==$cca) {
1325 $query1 = "
1326 select 1 from `domaincerts` join `domains`
1327 on `domaincerts`.`domid` = `domains`.`id`
1328 where `domains`.`memid` = '$uid'
1329 and `domaincerts`.`expire` > NOW()
1330 and `domaincerts`.`revoked` < `domaincerts`.`created`";
1331 $query2 = "
1332 select 1 from `domaincerts` join `domains`
1333 on `domaincerts`.`domid` = `domains`.`id`
1334 where `domains`.`memid` = '$uid'
1335 and `revoked`>NOW()";
1336 }else{
1337 $query1 = "
1338 select 1 from `domaincerts` join `domains`
1339 on `domaincerts`.`domid` = `domains`.`id`
1340 where `domains`.`memid` = '$uid'
1341 and `expire`>(NOW()-90*86400)
1342 and `revoked`<`created`";
1343 $query2 = "
1344 select 1 from `domaincerts` join `domains`
1345 on `domaincerts`.`domid` = `domains`.`id`
1346 where `domains`.`memid` = '$uid'
1347 and `revoked`>(NOW()-90*86400)";
1348 }
1349 $res = mysql_query($query1);
1350 $r1 = mysql_num_rows($res)>0;
1351 $res = mysql_query($query2);
1352 $r2 = mysql_num_rows($res)>0;
1353 return !!($r1 || $r2);
1354 }
1355
1356 function check_is_orgadmin($uid){
1357 // called from includes/account.php if($oldid == 50 && $process != "")
1358 $uid = intval($uid);
1359 $query = "select 1 from `org` where `memid`='$uid' and `deleted`=0";
1360 $res = mysql_query($query);
1361 return mysql_num_rows($res) > 0;
1362 }
1363
1364
1365 // revokation of certificates
1366 function revoke_all_client_cert($mailid){
1367 //revokes all client certificates for an email address
1368 $mailid = intval($mailid);
1369 $query = "select `emailcerts`.`id`
1370 from `emaillink`,`emailcerts` where
1371 `emaillink`.`emailid`='$mailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and `emailcerts`.`revoked`=0
1372 group by `emailcerts`.`id`";
1373 $dres = mysql_query($query);
1374 while($drow = mysql_fetch_assoc($dres)){
1375 mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01', `disablelogin`=1 where `id`='".$drow['id']."'");
1376 }
1377 }
1378
1379 function revoke_all_server_cert($domainid){
1380 //revokes all server certs for an domain
1381 $domainid = intval($domainid);
1382 $query =
1383 "select `domaincerts`.`id`
1384 from `domaincerts`
1385 where `domaincerts`.`domid` = '$domainid'
1386 union distinct
1387 select `domaincerts`.`id`
1388 from `domaincerts`, `domlink`
1389 where `domaincerts`.`id` = `domlink`.`certid`
1390 and `domlink`.`domid` = '$domainid'";
1391 $dres = mysql_query($query);
1392 while($drow = mysql_fetch_assoc($dres))
1393 {
1394 mysql_query(
1395 "update `domaincerts`
1396 set `revoked`='1970-01-01 10:00:01'
1397 where `id` = '".$drow['id']."'
1398 and `revoked` = 0");
1399 }
1400 }
1401
1402 function revoke_all_private_cert($uid){
1403 //revokes all certificates linked to a personal accounts
1404 //gpg revokation needs to be added to a later point
1405 $uid=intval($uid);
1406 $query = "select `id` from `email` where `memid`='".$uid."'";
1407 $res=mysql_query($query);
1408 while($row = mysql_fetch_assoc($res)){
1409 revoke_all_client_cert($row['id']);
1410 }
1411
1412
1413 $query = "select `id` from `domains` where `memid`='".$uid."'";
1414 $res=mysql_query($query);
1415 while($row = mysql_fetch_assoc($res)){
1416 revoke_all_server_cert($row['id']);
1417 }
1418 }
1419
1420 /**
1421 * check_date_format()
1422 * checks if the date is entered in the right date format YYYY-MM-DD and
1423 * if the date is after the 1st January of the given year
1424 *
1425 * @param mixed $date
1426 * @param integer $year
1427 * @return
1428 */
1429 function check_date_format($date, $year=2000){
1430 if (!strpos($date,'-')) {
1431 return FALSE;
1432 }
1433 $arr=explode('-',$date);
1434
1435 if ((count($arr)!=3)) {
1436 return FALSE;
1437 }
1438 if (intval($arr[0])<=$year) {
1439 return FALSE;
1440 }
1441 if (intval($arr[1])>12 or intval($arr[1])<=0) {
1442 return FALSE;
1443 }
1444 if (intval($arr[2])>31 or intval($arr[2])<=0) {
1445 return FALSE;
1446 }
1447
1448 return checkdate( intval($arr[1]), intval($arr[2]), intval($arr[0]));
1449
1450 }
1451
1452 /**
1453 * check_date_difference()
1454 * returns false if the date is larger then today + time diffrence
1455 *
1456 * @param mixed $date
1457 * @param integer $diff
1458 * @return
1459 */
1460 function check_date_difference($date, $diff=1){
1461 return (strtotime($date)<=time()+$diff*86400);
1462 }
1463
1464 // table layout for organisation
1465 /**
1466 * org_edit_org_table()
1467 *
1468 * @param mixed $orgname
1469 * @param mixed $contactmail
1470 * @param mixed $town
1471 * @param mixed $state
1472 * @param mixed $country
1473 * @param mixed $comment
1474 * @param integer $type 0 - new, 1, edit
1475 * @return
1476 */
1477 function org_edit_org_table($orgname, $contactmail, $town, $state, $country, $comment, $type=0){
1478 if ($type > 0) {
1479 $title = _('Edit Organisation');
1480 $action = _('Update');
1481 } else {
1482 $title = _('New Organisation');
1483 $action = _('Next');
1484 }
1485 org_edit_org_table_header($title);
1486 org_edit_org_table_row(_('Organisation Name'), 'O', $orgname, 64);
1487 org_edit_org_table_row(_('Contact Email'), 'contact', $contactmail, 255);
1488 org_edit_org_table_row(_('Town/Suburb'), 'L', $town, 128);
1489 org_edit_org_table_row(_('State/Province'), 'ST', $state, 128);
1490 org_edit_org_table_country(_('Country'), 'C', $country, 2);
1491 org_edit_org_table_comment(_('Comments'), 'comments', $comment);
1492 org_edit_org_table_footer($action);
1493 }
1494
1495 /**
1496 * org_edit_org_table_header()
1497 *
1498 * @param mixed $title
1499 * @return
1500 */
1501 function org_edit_org_table_header($title){
1502 ?>
1503 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
1504 <tr>
1505 <td colspan="3" class="title"><?=$title?></td>
1506 </tr>
1507 <?
1508 }
1509
1510 /**
1511 * org_edit_org_table_row()
1512 *
1513 * @param mixed $label
1514 * @param mixed $name
1515 * @param mixed $value
1516 * @param mixed $length
1517 * @return
1518 */
1519 function org_edit_org_table_row($label, $name, $value, $length){
1520 ?>
1521 <tr>
1522 <td class="DataTD"><?=$label?>:</td>
1523 <td class="DataTD"><input type="text" name="<?=$name?>" value="<?=SanitizeHTML($value)?>" maxlength="<?=intval($length)?>" size="90"></td>
1524 <td class="DataTD"><? printf(_('max %d characters'),$length)?></td>
1525 </tr>
1526 <?
1527 }
1528
1529 /**
1530 * org_edit_org_table_country()
1531 *
1532 * @param mixed $label
1533 * @param mixed $name
1534 * @param mixed $value
1535 * @param mixed $length
1536 * @return
1537 */
1538 function org_edit_org_table_country($label, $name, $value, $length){
1539 ?>
1540 <tr>
1541 <td class="DataTD"><?=$label?>:</td>
1542 <td class="DataTD">
1543 <input type="text" name="<?=$name?>" value="<?=SanitizeHTML($value)?>" maxlength="<?=intval($length)?>" size="<?=intval($length)?>" />
1544 <? printf(_('(2 letter %s ISO code %s )'), '<a href="http://www.iso.org/iso/home/standards/country_codes/iso-3166-1_decoding_table.htm">', '</a>')?>
1545 </td>
1546 <td class="DataTD"><?=sprintf(_('max %d characters'),$length)?></td>
1547 </tr>
1548 <?
1549 }
1550
1551 /**
1552 * org_edit_org_table_comment()
1553 *
1554 * @param mixed $label
1555 * @param mixed $name
1556 * @param mixed $value
1557 * @return
1558 */
1559 function org_edit_org_table_comment($label, $name, $value){
1560 ?>
1561 <tr>
1562 <td class="DataTD"><?=$label?>:</td>
1563 <td class="DataTD"><textarea name="<?=$name?>" cols=60 rows=10><?=SanitizeHTML($value)?></textarea></td>
1564 <td class="DataTD">&nbsp</td>
1565 </tr>
1566 <?
1567 }
1568
1569 /**
1570 * org_edit_org_table_footer()
1571 *
1572 * @param mixed $label
1573 * @return
1574 */
1575 function org_edit_org_table_footer($label){
1576 ?>
1577 <tr>
1578 <td class="DataTD" colspan="3"><input type="submit" name="process" value="<?=$label?>"></td>
1579 </tr>
1580 </table>
1581 <?
1582 }
1583
1584 /**
1585 * get_array_from_ini()
1586 * gets an array from an ini file and trims all entries
1587 * @param mixed $inifile, path and filename of the ini file
1588 * @return
1589 */
1590 function get_array_from_ini($inifile){
1591 $array = parse_ini_file('../config/ttp.ini');
1592 ksort($array);
1593 foreach($array as $key => $value)
1594 {
1595 unset($array[$key]);
1596 $array[trim($key)] = trim($value);
1597 }
1598 return $array;
1599 }
1600
1601 /**
1602 * create_selectbox_HTML()
1603 *
1604 * @param mixed $name, name for the select element
1605 * @param mixed $options, array with the data for the dropdown
1606 * @param string $value, TRUE if the value for the option should be added
1607 * @param string $firstline, if the should be a first line like´Choose country
1608 * @param string $selected, if selection matches option key the
1609 * entry is preselected in the dropdownbox
1610 * @return
1611 */
1612 function create_selectbox_HTML($name, array $options, $firstline = '', $value='', $selected = ''){
1613 $return_str='<select name="' . $name . '">';
1614 if (''!= $firstline) {
1615 $return_str .= '<option>' . $firstline .'</option>';
1616 }
1617 foreach ($options as $key => $avalue) {
1618 $return_str.='<option';
1619 if ($value) {
1620 $return_str.=' value="'.$avalue.'"';
1621 }
1622 if ($key==$selected){
1623 $return_str.=' selected="selected"';
1624 }
1625 $return_str.='>'.$key.'</option>';
1626 }
1627 $return_str.='</select>';
1628 return $return_str;
1629 }
1630
1631 //user function
1632 function get_user_id_from_email($email){
1633 $email = mysql_real_escape_string(trim($email));
1634 $res = query_init ("select `id` from `users` where `email` = '" . $email . "'");
1635 $row = query_getnextrow($res);
1636
1637 return intval($row['id']);
1638 }
1639
1640 function get_number_of_adminlog_entries($uid, $typeid, $hours=1){
1641 $uid = intval($uid);
1642 $typeid = intval($typeid);
1643 $hours = intval($hours);
1644 $res = query_init ("SELECT count(*) AS `no` FROM `adminlog`
1645 WHERE `adminid` = " . $uid . " AND `actiontypeid`=" . $typeid . " and `when` > NOW() - INTERVAL " . $hours . " HOUR " );
1646 $row = query_getnextrow($res);
1647
1648 return intval($row['no']);
1649 }
1650
1651 /**
1652 * write_se_log()
1653 * writes an information to the adminlog
1654 *
1655 * @param int $uid - id of the user account
1656 * @param int $adminid - id of the admin
1657 * @param string $type - the operation that was performed on the user account
1658 * @param string $info - the ticket / arbitration number or other information
1659 * @return bool - true := success, false := error
1660 */
1661 function write_se_log($uid, $adminid, $type, $info, $typeid=1){
1662 //records all support engineer actions changing a user account
1663 $uid = intval($uid);
1664 $adminid = intval($adminid);
1665 $type = mysql_real_escape_string($type);
1666 $info = mysql_real_escape_string($info);
1667 $typeid = intval($typeid);
1668 $query="insert into `adminlog` (`when`, `uid`, `adminid`,`type`,`information`,`actiontypeid`) values
1669 (Now(), $uid, $adminid, '$type', '$info', '$typeid')";
1670 return mysql_query($query);
1671 }
1672
1673 /**
1674 * Check if the entered information is a valid ticket or arbitration number
1675 * @param string $ticketno
1676 * @return bool
1677 */
1678 function valid_ticket_number($ticketno){
1679 //a arbitration case
1680 //d dispute action
1681 //s support case
1682 //m board motion
1683 $pattern='/[adsmADSM]\d{8}\.\d+/';
1684 if (preg_match($pattern, $ticketno)) {
1685 return true;
1686 }
1687 return false;
1688 }
1689
1690 // function for handling account/43.php
1691 /**
1692 * Get all data of an account given by the id from the `users` table
1693 * @param int $userid - account id
1694 * @param int $deleted - states if deleted data should be visible , default = 0 - not visible
1695 * @return resource - a mysql result set
1696 */
1697 function get_user_data($userid, $deleted=0){
1698 $userid = intval($userid);
1699 $filter='';
1700 if (0==$deleted) {
1701 $filter .=' and `users`.`deleted`=0';
1702 }
1703 $query = "select * from `users` where `users`.`id`='$userid' ".$filter;
1704 return mysql_query($query);
1705 }
1706
1707 /**
1708 * Get the alert settings for a user
1709 * @param int $userid for the requested account
1710 * @return array - associative array
1711 */
1712 function get_alerts($userid){
1713 return mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($userid)."'"));
1714 }
1715
1716 /**
1717 * Get all email addresses linked to the account
1718 * @param int $userid
1719 * @param string $exclude - if given the email address will be excluded
1720 * @param int $deleted - states if deleted data should be visible, default = 0 - not visible
1721 * @return resource - a mysql result set
1722 */
1723 function get_email_addresses($userid, $exclude, $deleted=0){
1724 //should be entered in account/2.php
1725 $userid = intval($userid);
1726 $filter='';
1727 if (0==$deleted) {
1728 $filter .= ' and `deleted`=0';
1729 }
1730 if ($exclude) {
1731 $filter .= " and `email`!='".mysql_real_escape_string($exclude)."'";
1732 }
1733 $query = "select * from `email` where `memid`='".$userid."' and `hash`='' ".$filter." order by `created`";
1734 return mysql_query($query);
1735 }
1736
1737 /**
1738 * Get all domains linked to the account
1739 * @param int $userid
1740 * @param int $deleted - states if deleted data should be visible, default = 0 - not visible
1741 * @return resource - a mysql result set
1742 */
1743 function get_domains($userid, $deleted=0){
1744 //should be entered in account/9.php
1745 $userid = intval($userid);
1746 $filter='';
1747 if (0==$deleted) {
1748 $filter .= ' and `deleted`=0';
1749 }
1750 $query = "select * from `domains` where `memid`='".$userid."' and `hash`=''".$filter." order by `created`";
1751 return mysql_query($query);
1752 }
1753
1754 /**
1755 * Get all training results for the account
1756 * @param int $userid
1757 * @return resource - a mysql result set
1758 */
1759 function get_training_results($userid){
1760 //should be entered in account/55.php
1761 $userid = intval($userid);
1762 $query = "SELECT `CP`.`pass_date`, `CT`.`type_text`, `CV`.`test_text` ".
1763 " FROM `cats_passed` AS CP, `cats_variant` AS CV, `cats_type` AS CT ".
1764 " WHERE `CP`.`variant_id`=`CV`.`id` AND `CV`.`type_id`=`CT`.`id` AND `CP`.`user_id` ='".$userid."'".
1765 " ORDER BY `CP`.`pass_date`";
1766 return mysql_query($query);
1767 }
1768
1769 /**
1770 * Get all SE log entries for the account
1771 * @param int $userid
1772 * @return resource - a mysql result set
1773 */
1774 function get_se_log($userid){
1775 $userid = intval($userid);
1776 $query = "SELECT `adminlog`.`when`, `adminlog`.`type`, `adminlog`.`information`, `users`.`fname`, `users`.`lname`
1777 FROM `adminlog`, `users`
1778 WHERE `adminlog`.`adminid` = `users`.`id` and `adminlog`.`uid`=".$userid."
1779 ORDER BY `adminlog`.`when`";
1780 return mysql_query($query);
1781 }
1782
1783 /**
1784 * Get all client certificates linked to the account
1785 * @param int $userid
1786 * @param int $viewall - states if expired certs should be visible, default = 0 - not visible
1787 * @return resource - a mysql result set
1788 */
1789 function get_client_certs($userid, $viewall=0){
1790 //add to account/5.php
1791 $userid = intval($userid);
1792 $query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`,
1793 UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
1794 UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`,
1795 `emailcerts`.`expire`,
1796 `emailcerts`.`revoked` as `revoke`,
1797 UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`,
1798 `emailcerts`.`id`,
1799 `emailcerts`.`CN`,
1800 `emailcerts`.`serial`,
1801 `emailcerts`.`disablelogin`,
1802 `emailcerts`.`description`
1803 from `emailcerts`
1804 where `emailcerts`.`memid`='".$userid."'";
1805 if($viewall == 0)
1806 {
1807 $query .= " AND `emailcerts`.`revoked`=0 AND `emailcerts`.`renewed`=0";
1808 $query .= " HAVING `timeleft` > 0";
1809 }
1810 $query .= " ORDER BY `emailcerts`.`modified` desc";
1811 return mysql_query($query);
1812 }
1813
1814 /**
1815 * Get all server certs linked to the account
1816 * @param int $userid
1817 * @param int $viewall - states if expired certs should be visible, default = 0 - not visible
1818 * @return resource - a mysql result set
1819 */
1820 function get_server_certs($userid, $viewall=0){
1821 //add to account/12.php
1822 $userid = intval($userid);
1823 $query = "select UNIX_TIMESTAMP(`domaincerts`.`created`) as `created`,
1824 UNIX_TIMESTAMP(`domaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
1825 UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired`,
1826 `domaincerts`.`expire`,
1827 `domaincerts`.`revoked` as `revoke`,
1828 UNIX_TIMESTAMP(`revoked`) as `revoked`,
1829 `domaincerts`.`CN`,
1830 `domaincerts`.`serial`,
1831 `domaincerts`.`id`,
1832 `domaincerts`.`description`
1833 from `domaincerts`,`domains`
1834 where `domains`.`memid`='".$userid."' and `domaincerts`.`domid`=`domains`.`id`";
1835 if($viewall == 0)
1836 {
1837 $query .= " AND `domaincerts`.`revoked`=0 AND `domaincerts`.`renewed`=0";
1838 $query .= " HAVING `timeleft` > 0";
1839 }
1840 $query .= " ORDER BY `domaincerts`.`modified` desc";
1841 return mysql_query($query);
1842 }
1843
1844 /**
1845 * Get all gpg certs linked to the account
1846 * @param int $userid
1847 * @param int $viewall - states if expired certs should be visible, default = 0 - not visible
1848 * @return resource - a mysql result set
1849 */
1850 function get_gpg_certs($userid, $viewall=0){
1851 //add to gpg/2.php
1852 $userid = intval($userid);
1853 $query = $query = "select UNIX_TIMESTAMP(`issued`) as `issued`,
1854 UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() as `timeleft`,
1855 UNIX_TIMESTAMP(`expire`) as `expired`,
1856 `expire`, `id`, `level`, `email`, `keyid`, `description`
1857 from `gpg` where `memid`='".$userid."'";
1858 if ($viewall == 0) {
1859 $query .= " HAVING `timeleft` > 0";
1860 }
1861 $query .= " ORDER BY `issued` desc";
1862 return mysql_query($query);
1863 }
1864
1865
1866
1867 /**
1868 * Show the table header to the email table for the admin log
1869 */
1870 function output_log_email_header(){
1871 ?>
1872 <tr>
1873 <td class="DataTD bold"><?= _("Email, primary bold") ?></td>
1874 <td class="DataTD bold"><?= _("Created") ?></td>
1875 <td class="DataTD bold"><?= _("Deleted") ?></td>
1876 </tr>
1877
1878 <?
1879 }
1880 /**
1881 * Show all email data for the admin log
1882 * @param array $row - associative array containing the column data
1883 * @param string $primary - if given the primary address is highlighted
1884 */
1885 function output_log_email($row, $primary){
1886 $style = '';
1887 if ($row['deleted'] !== NULL_DATETIME) {
1888 $style = ' deletedemailaddress';
1889 } elseif ($primary == $row['email']) {
1890 $style = ' primaryemailaddress';
1891 }
1892 ?>
1893 <tr>
1894 <td class="DataTD<?=$style?>"><?=$row['email']?></td>
1895 <td class="DataTD<?=$style?>"><?=$row['created']?></td>
1896 <td class="DataTD<?=$style?>"><?=$row['deleted']?></td>
1897 </tr>
1898 <?
1899 }
1900
1901 /**
1902 * Show the table header to the domains table for the admin log
1903 */
1904 function output_log_domains_header(){
1905 ?>
1906 <tr>
1907 <td class="DataTD bold"><?= _("Domain") ?></td>
1908 <td class="DataTD bold"><?= _("Created") ?></td>
1909 <td class="DataTD bold"><?= _("Deleted") ?></td>
1910 </tr>
1911
1912 <?
1913 }
1914
1915 /**
1916 * Show the domain data for the admin log
1917 * @param array $row - associative array containing the column data
1918 */
1919 function output_log_domains($row){
1920 $italic='';
1921 if ($row['deleted'] !== NULL_DATETIME) {
1922 $italic=' italic';
1923 }
1924 ?>
1925 <tr>
1926 <td class="DataTD<?=$italic?>"><?=$row['domain']?></td>
1927 <td class="DataTD<?=$italic?>"><?=$row['created']?></td>
1928 <td class="DataTD<?=$italic?>"><?=$row['deleted']?></td>
1929 </tr>
1930 <?
1931 }
1932
1933 /**
1934 * Show the table header to the user agreement table for the admin log
1935 */
1936 function output_log_agreement_header(){
1937 ?>
1938 <tr>
1939 <td class="DataTD bold"><?= _("Agreement") ?></td>
1940 <td class="DataTD bold"><?= _("Date") ?></td>
1941 <td class="DataTD bold"><?= _("Method") ?></td>
1942 <td class="DataTD bold"><?= _("Active ") ?></td>
1943 </tr>
1944 <?
1945 }
1946
1947 /**
1948 * Show the agreement data for the admin log
1949 * @param array $row - associative array containing the column data
1950 */
1951 function output_log_agreement($row){
1952 ?>
1953 <tr>
1954 <td class="DataTD" ><?=$row['document']?></td>
1955 <td class="DataTD" ><?=$row['date']?></td>
1956 <td class="DataTD" ><?=$row['method']?></td>
1957 <td class="DataTD"><?= ($row['active']==0)? _('passive'):_('active')?></td>
1958 </tr>
1959 <?
1960 }
1961
1962 /**
1963 * Show the table header to the training table
1964 */
1965 function output_log_training_header(){
1966 //should be entered in account/55.php
1967 ?>
1968 <tr>
1969 <td class="DataTD bold"><?= _("Agreement") ?></td>
1970 <td class="DataTD bold"><?= _("Test") ?></td>
1971 <td class="DataTD bold"><?= _("Variant") ?></td>
1972 </tr>
1973 <?
1974 }
1975
1976 /**
1977 * Show the training data
1978 * @param array $row - associative array containing the column data
1979 */
1980 function output_log_training($row){
1981 //should be entered in account/55.php
1982 ?>
1983 <tr>
1984 <td class="DataTD"><?=$row['pass_date']?></td>
1985 <td class="DataTD"><?=$row['type_text']?></td>
1986 <td class="DataTD"><?=$row['test_text']?></td>
1987 </tr>
1988 <?
1989 }
1990
1991 /**
1992 * Show the table header to the SE log table for the admin log
1993 * @param int $support - if support = 1 more information is visible
1994 */
1995 function output_log_se_header($support=0){
1996 ?>
1997 <tr>
1998 <td class="DataTD bold"><?= _("Date") ?></td>
1999 <td class="DataTD bold"><?= _("Type") ?></td>
2000 <?
2001 if (1 == $support) {
2002 ?>
2003 <td class="DataTD bold"><?= _("Information") ?></td>
2004 <td class="DataTD bold"><?= _("Admin") ?></td>
2005 <?
2006 }
2007 ?>
2008 </tr>
2009 <?
2010 }
2011
2012 /**
2013 * Show the SE log data for the admin log
2014 * @param array $row - associative array containing the column data
2015 * @param int $support - if support = 1 more information is visible
2016 */
2017 function output_log_se($row, $support=0){
2018 //should be entered in account/55.php
2019 ?>
2020 <tr>
2021 <td class="DataTD"><?=$row['when']?></td>
2022 <td class="DataTD"><?=$row['type']?></td>
2023 <?
2024 if (1 == $support) {
2025 ?>
2026 <td class="DataTD"><?=$row['information']?></td>
2027 <td class="DataTD"><?=$row['fname'].' '.$row['lname']?></td>
2028 <?
2029 }
2030 ?>
2031 </tr>
2032 <?
2033 }
2034
2035 /**
2036 * Shows the table header to the client cert table
2037 * @param int $support - if support = 1 some columns ar not visible
2038 * @param bool $readonly - whether elements to modify data should be hidden, default is `true`
2039 */
2040 function output_client_cert_header($support=0, $readonly=true){
2041 //should be added to account/5.php
2042 ?>
2043 <tr>
2044 <?
2045 if (!$readonly) {
2046 ?>
2047 <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
2048 <?
2049 }
2050 ?>
2051 <td class="DataTD"><?=_("Status")?></td>
2052 <td class="DataTD"><?=_("Email Address")?></td>
2053 <td class="DataTD"><?=_("SerialNumber")?></td>
2054 <td class="DataTD"><?=_("Revoked")?></td>
2055 <td class="DataTD"><?=_("Expires")?></td>
2056 <td class="DataTD"><?=_("Login")?></td>
2057 <?
2058 if (1 != $support) {
2059 ?>
2060 <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
2061 <?
2062 }
2063 ?>
2064 </tr>
2065 <?
2066 }
2067
2068 /**
2069 * Show the client cert data
2070 * @param array $row - associative array containing the column data
2071 * @param int $support - if support = 1 some columns are not visible
2072 * @param bool $readonly - whether elements to modify data should be hidden, default is `true`
2073 */
2074 function output_client_cert($row, $support=0, $readonly=true){
2075 //should be entered in account/5.php
2076 $verified="";
2077 if ($row['timeleft'] > 0) {
2078 $verified = _("Valid");
2079 } else {
2080 $verified = _("Expired");
2081 }
2082
2083 if ($row['expired'] == 0) {
2084 $verified = _("Pending");
2085 }
2086
2087 if ($row['revoked'] == 0) {
2088 $row['revoke'] = _("Not Revoked");
2089 } else {
2090 $verified = _("Revoked");
2091 }
2092
2093 ?>
2094 <tr>
2095 <?
2096 if (!$readonly) {
2097 if ($verified === _("Pending")) {
2098 ?>
2099 <td class="DataTD">
2100 <input type="checkbox" name="delid[]" value="<?=intval($row['id'])?>">
2101 </td>
2102 <?
2103
2104 } elseif ($verified === _("Revoked")) {
2105 ?>
2106 <td class="DataTD">&nbsp;</td>
2107 <?
2108
2109 } else {
2110 ?>
2111 <td class="DataTD">
2112 <input type="checkbox" name="revokeid[]" value="<?=intval($row['id'])?>">
2113 </td>
2114 <?
2115 }
2116 }
2117
2118 ?>
2119 <td class="DataTD"><?=$verified?></td>
2120 <?
2121
2122 if ($verified === _("Pending")) {
2123 ?>
2124 <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : htmlspecialchars($row['CN']))?></td>
2125 <?
2126 } else {
2127 ?>
2128 <td class="DataTD">
2129 <a href="account.php?id=6&amp;cert=<?=intval($row['id'])?>">
2130 <?=(trim($row['CN'])=="" ? _("empty") : htmlspecialchars($row['CN']))?>
2131 </a>
2132 </td>
2133 <?
2134 }
2135
2136 ?>
2137 <td class="DataTD"><?=$row['serial']?></td>
2138 <td class="DataTD"><?=$row['revoke']?></td>
2139 <td class="DataTD"><?=$row['expire']?></td>
2140 <td class="DataTD">
2141 <input type="checkbox" name="disablelogin_<?=intval($row['id'])?>" value="1" <?=$row['disablelogin']?"":"checked='checked'"?> <?=$readonly?'disabled="disabled"':''?>/>
2142 <input type="hidden" name="cert_<?=intval($row['id'])?>" value="1" />
2143 </td>
2144 <?
2145
2146 if (1 != $support) {
2147 ?>
2148 <td class="DataTD">
2149 <input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" />
2150 </td>
2151 <?
2152 if (!$readonly) {
2153 ?>
2154 <td class="DataTD">
2155 <input type="checkbox" name="check_comment_<?=intval($row['id'])?>" />
2156 </td>
2157 <?
2158 }
2159 }
2160
2161 ?>
2162 </tr>
2163 <?
2164 }
2165
2166 /**
2167 * Show the table header to the server cert table
2168 * @param int $support - if support = 1 some columns ar not visible
2169 * @param bool $readonly - whether elements to modify data should be hidden, default is `true`
2170 */
2171 function output_server_certs_header($support=0, $readonly=true){
2172 //should be entered in account/12.php
2173 ?>
2174 <tr>
2175 <?
2176 if (!$readonly) {
2177 ?>
2178 <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
2179 <?
2180 }
2181 ?>
2182 <td class="DataTD"><?=_("Status")?></td>
2183 <td class="DataTD"><?=_("CommonName")?></td>
2184 <td class="DataTD"><?=_("SerialNumber")?></td>
2185 <td class="DataTD"><?=_("Revoked")?></td>
2186 <td class="DataTD"><?=_("Expires")?></td>
2187 <?
2188 if (1 != $support) {
2189 ?>
2190 <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
2191 <?
2192 }
2193 ?>
2194 </tr>
2195 <?
2196 }
2197
2198 /**
2199 * Show the server cert data
2200 * @param array $row - associative array containing the column data
2201 * @param int $support - if support = 1 some columns are not visible
2202 * @param bool $readonly - whether elements to modify data should be hidden, default is `true`
2203 */
2204 function output_server_certs($row, $support=0, $readonly=true){
2205 //should be entered in account/12.php
2206 $verified="";
2207 if ($row['timeleft'] > 0) {
2208 $verified = _("Valid");
2209 } else {
2210 $verified = _("Expired");
2211 }
2212
2213 if ($row['expired'] == 0) {
2214 $verified = _("Pending");
2215 }
2216
2217 if ($row['revoked'] == 0) {
2218 $row['revoke'] = _("Not Revoked");
2219 } else {
2220 $verified = _("Revoked");
2221 }
2222
2223 ?>
2224 <tr>
2225 <?
2226 if (!$readonly) {
2227 if ($verified === _("Pending")) {
2228 ?>
2229 <td class="DataTD">
2230 <input type="checkbox" name="delid[]" value="<?=intval($row['id'])?>"/>
2231 </td>
2232 <?
2233 } elseif($verified === _("Revoked")) {
2234 ?>
2235 <td class="DataTD">&nbsp;</td>
2236 <?
2237 } else {
2238 ?>
2239 <td class="DataTD">
2240 <input type="checkbox" name="revokeid[]" value="<?=intval($row['id'])?>"/>
2241 </td>
2242 <?
2243 }
2244 }
2245
2246 ?>
2247 <td class="DataTD"><?=$verified?></td>
2248 <?
2249
2250 if ($verified === _("Pending")) {
2251 ?>
2252 <td class="DataTD"><?=htmlspecialchars($row['CN'])?></td>
2253 <?
2254 } else {
2255 ?>
2256 <td class="DataTD">
2257 <a href="account.php?id=15&amp;cert=<?=intval($row['id'])?>">
2258 <?=htmlspecialchars($row['CN'])?>
2259 </a>
2260 </td>
2261 <?
2262 }
2263
2264 ?>
2265 <td class="DataTD"><?=$row['serial']?></td>
2266 <td class="DataTD"><?=$row['revoke']?></td>
2267 <td class="DataTD"><?=$row['expire']?></td>
2268 <?
2269
2270 if (1 != $support) {
2271 ?>
2272 <td class="DataTD">
2273 <input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" />
2274 </td>
2275 <?
2276 if (!$readonly) {
2277 ?>
2278 <td class="DataTD">
2279 <input type="checkbox" name="check_comment_<?=intval($row['id'])?>" />
2280 </td>
2281 <?
2282 }
2283 }
2284
2285 ?>
2286 </tr>
2287 <?
2288 }
2289
2290 /**
2291 * Show the table header to the gpg cert table
2292 * @param int $support - if support = 1 some columns ar not visible
2293 * @param bool $readonly - whether elements to modify data should be hidden, default is `true`
2294 */
2295 function output_gpg_certs_header($support=0, $readonly=true){
2296 // $readonly is currently ignored but kept for consistency
2297 ?>
2298 <tr>
2299 <td class="DataTD"><?=_("Status")?></td>
2300 <td class="DataTD"><?=_("Email Address")?></td>
2301 <td class="DataTD"><?=_("Expires")?></td>
2302 <td class="DataTD"><?=_("Key ID")?></td>
2303 <?
2304 if (1 != $support) {
2305 ?>
2306 <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
2307 <?
2308 }
2309 ?>
2310 </tr>
2311 <?
2312 }
2313
2314 /**
2315 * Show the gpg cert data
2316 * @param array $row - associative array containing the column data
2317 * @param int $support - if support = 1 some columns are not visible
2318 * @param bool $readonly - whether elements to modify data should be hidden, default is `true`
2319 */
2320 function output_gpg_certs($row, $support=0, $readonly=true){
2321 //should be entered in account/55.php
2322 $verified="";
2323 if ($row['timeleft'] > 0) {
2324 $verified = _("Valid");
2325 } else {
2326 $verified = _("Expired");
2327 }
2328
2329 if ($row['expired'] == 0) {
2330 $verified = _("Pending");
2331 }
2332
2333 ?>
2334 <tr>
2335 <td class="DataTD"><?=$verified?></td>
2336 <?
2337
2338 if($verified == _("Pending")) {
2339 ?>
2340 <td class="DataTD"><?=htmlspecialchars($row['email'])?></td>
2341 <?
2342 } else {
2343 ?>
2344 <td class="DataTD">
2345 <a href="gpg.php?id=3&amp;cert=<?=intval($row['id'])?>">
2346 <?=htmlspecialchars($row['email'])?>
2347 </a>
2348 </td>
2349 <?
2350 }
2351
2352 ?>
2353 <td class="DataTD"><?=$row['expire']?></td>
2354 <?
2355
2356 if($verified == _("Pending")) {
2357 ?>
2358 <td class="DataTD"><?=htmlspecialchars($row['keyid'])?></td>
2359 <?
2360 } else {
2361 ?>
2362 <td class="DataTD">
2363 <a href="gpg.php?id=3&amp;cert=<?=intval($row['id'])?>">
2364 <?=htmlspecialchars($row['keyid'])?>
2365 </a>
2366 </td>
2367 <?
2368 }
2369
2370 if (1 != $support) {
2371 ?>
2372 <td class="DataTD">
2373 <input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" />
2374 </td>
2375 <?
2376 if (!$readonly) {
2377 ?>
2378 <td class="DataTD">
2379 <input type="checkbox" name="check_comment_<?=intval($row['id'])?>" />
2380 </td>
2381 <?
2382 }
2383 }
2384
2385 ?>
2386 </tr>
2387 <?
2388 }
2389
2390 /**
2391 * revoke_assurance()
2392 * revokes an assurance and adjusts the old point calculation
2393 * @param mixed $assuranceid - id of the assurance
2394 * @param mixed $toid - id of the assuree
2395 * @return
2396 */
2397 function revoke_assurance($assuranceid, $toid){
2398 $assuranceid = intval($assuranceid);
2399 $toid = intval($toid);
2400 $points = 0;
2401
2402 $query = "update `notary` set `deleted` = NOW() where `id` = '$assuranceid' LIMIT 1";
2403 mysql_query($query);
2404 recalculate_old_assurance_points($toid);
2405 fix_assurer_flag($toid);
2406 }
2407
2408 /**
2409 * recalculates the old points of an assuree
2410 * @param int $toid - id of the assuree
2411 */
2412 function recalculate_old_assurance_points($toid){
2413 $query = "select * from `notary` where `to` = '$toid' and `method` != 'Administrative Increase' and `deleted` = 0 order by `when`";
2414 $res = mysql_query($query);
2415 while($row = mysql_fetch_assoc($res)){
2416 $maxToAward = max(100 - $points, 0);
2417 $newpoints = min($row['awarded'], $maxToAward);
2418
2419 $points += $row['awarded'];
2420
2421 $query = "update `notary` set `points` = '". (int)$newpoints ."' where `id`='" . (int)$row['id'] . "' LIMIT 1";
2422 mysql_query($query);
2423 }
2424
2425 }