52789b455969739be962db7543392f10a896cced
[cacert-devel.git] / includes / notary.inc.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2011 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */
18
19 function query_init ($query)
20 {
21 return mysql_query($query);
22 }
23
24 function query_getnextrow ($res)
25 {
26 $row1 = mysql_fetch_assoc($res);
27 return $row1;
28 }
29
30 function query_get_number_of_rows ($resultset)
31 {
32 return intval(mysql_num_rows($resultset));
33 }
34
35 function get_number_of_assurances ($userid)
36 {
37 $res = query_init ("SELECT count(*) AS `list` FROM `notary`
38 WHERE `method` = 'Face to Face Meeting' AND `from`='".intval($userid)."' ");
39 $row = query_getnextrow($res);
40
41 return intval($row['list']);
42 }
43
44 function get_number_of_ttpassurances ($userid)
45 {
46 $res = query_init ("SELECT count(*) AS `list` FROM `notary`
47 WHERE (`method`='Trusted Third Parties' or `method`='TTP-Assisted') AND `to`='".intval($userid)."' ");
48 $row = query_getnextrow($res);
49
50 return intval($row['list']);
51 }
52
53 function get_number_of_assurees ($userid)
54 {
55 $res = query_init ("SELECT count(*) AS `list` FROM `notary`
56 WHERE `method` = 'Face to Face Meeting' AND `to`='".intval($userid)."' ");
57 $row = query_getnextrow($res);
58
59 return intval($row['list']);
60 }
61
62 function get_top_assurer_position ($no_of_assurances)
63 {
64 $res = query_init ("SELECT count(*) AS `list` FROM `notary`
65 WHERE `method` = 'Face to Face Meeting'
66 GROUP BY `from` HAVING count(*) > '".intval($no_of_assurances)."'");
67 return intval(query_get_number_of_rows($res)+1);
68 }
69
70 function get_top_assuree_position ($no_of_assurees)
71 {
72 $res = query_init ("SELECT count(*) AS `list` FROM `notary`
73 WHERE `method` = 'Face to Face Meeting'
74 GROUP BY `to` HAVING count(*) > '".intval($no_of_assurees)."'");
75 return intval(query_get_number_of_rows($res)+1);
76 }
77
78 function get_given_assurances ($userid)
79 {
80 $res = query_init ("select * from `notary` where `from`='".intval($userid)."' and `from` != `to` order by `id` asc");
81 return $res;
82 }
83
84 function get_received_assurances ($userid)
85 {
86 $res = query_init ("select * from `notary` where `to`='".intval($userid)."' and `from` != `to` order by `id` asc ");
87 return $res;
88 }
89
90 function get_given_assurances_summary ($userid)
91 {
92 $res = query_init ("select count(*) as number,points,awarded,method from notary where `from`='".intval($userid)."' group by points,awarded,method");
93 return $res;
94 }
95
96 function get_received_assurances_summary ($userid)
97 {
98 $res = query_init ("select count(*) as number,points,awarded,method from notary where `to`='".intval($userid)."' group by points,awarded,method");
99 return $res;
100 }
101
102 function get_user ($userid)
103 {
104 $res = query_init ("select * from `users` where `id`='".intval($userid)."'");
105 return mysql_fetch_assoc($res);
106 }
107
108 function get_cats_state ($userid)
109 {
110
111 $res = query_init ("select * from `cats_passed` inner join `cats_variant` on `cats_passed`.`variant_id` = `cats_variant`.`id` and `cats_variant`.`type_id` = 1
112 WHERE `cats_passed`.`user_id` = '".intval($userid)."'");
113 return mysql_num_rows($res);
114 }
115
116 function calc_experience ($row,&$points,&$experience,&$sum_experience,&$revoked)
117 {
118 $apoints = max($row['points'], $row['awarded']);
119 $points += $apoints;
120 $experience = "&nbsp;";
121 $revoked = false; # to be coded later (after DB-upgrade)
122 if ($row['method'] == "Face to Face Meeting")
123 {
124 $sum_experience = $sum_experience +2;
125 $experience = "2";
126 }
127 return $apoints;
128 }
129
130 function calc_assurances ($row,&$points,&$experience,&$sumexperience,&$awarded,&$revoked)
131 {
132 $awarded = calc_points($row);
133 $revoked = false;
134
135 if ($awarded > 100)
136 {
137 $experience = $awarded - 100; // needs to be fixed in the future (limit 50 pts and/or no experience if pts > 100)
138 $awarded = 100;
139 }
140 else
141 $experience = 0;
142
143 switch ($row['method'])
144 {
145 case 'Thawte Points Transfer':
146 case 'CT Magazine - Germany':
147 case 'Temporary Increase': // Current usage of 'Temporary Increase' may break audit aspects, needs to be reimplemented
148 $awarded=sprintf("<strong style='color: red'>%s</strong>",_("Revoked"));
149 $experience=0;
150 $revoked=true;
151 break;
152 default:
153 $points += $awarded;
154 }
155 $sumexperience = $sumexperience + $experience;
156 }
157
158
159 function show_user_link ($name,$userid)
160 {
161 $name = trim($name);
162 if($name == "")
163 {
164 if ($userid == 0)
165 $name = _("System");
166 else
167 $name = _("Deleted account");
168 }
169 else
170 $name = "<a href='wot.php?id=9&amp;userid=".intval($userid)."'>".sanitizeHTML($name)."</a>";
171 return $name;
172 }
173
174 function show_email_link ($email,$userid)
175 {
176 $email = trim($email);
177 if($email != "")
178 $email = "<a href='account.php?id=43&amp;userid=".intval($userid)."'>".sanitizeHTML($email)."</a>";
179 return $email;
180 }
181
182 function get_assurer_ranking($userid,&$num_of_assurances,&$rank_of_assurer)
183 {
184 $num_of_assurances = get_number_of_assurances (intval($userid));
185 $rank_of_assurer = get_top_assurer_position($num_of_assurances);
186 }
187
188 function get_assuree_ranking($userid,&$num_of_assurees,&$rank_of_assuree)
189 {
190 $num_of_assurees = get_number_of_assurees (intval($userid));
191 $rank_of_assuree = get_top_assuree_position($num_of_assurees);
192 }
193
194
195 // ************* html table definitions ******************
196
197 function output_ranking($userid)
198 {
199 get_assurer_ranking($userid,$num_of_assurances,$rank_of_assurer);
200 get_assuree_ranking($userid,$num_of_assurees,$rank_of_assuree);
201
202 ?>
203 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
204 <tr>
205 <td class="title"><?=_("Assurer Ranking")?></td>
206 </tr>
207 <tr>
208 <td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($num_of_assurances), intval($rank_of_assurer) )?></td>
209 </tr>
210 <tr>
211 <td class="DataTD"><?=sprintf(_("You have received %s assurances which ranks you as the #%s top assuree."), intval($num_of_assurees), intval($rank_of_assuree) )?></td>
212 </tr>
213 </table>
214 <br/>
215 <?
216 }
217
218 function output_assurances_header($title,$support)
219 {
220 ?>
221 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
222 <tr>
223 <?
224 if ($support == "1")
225 {
226 ?>
227 <td colspan="10" class="title"><?=$title?></td>
228 <?
229 } else {
230 ?>
231 <td colspan="7" class="title"><?=$title?></td>
232 <?
233 }
234 ?>
235 </tr>
236 <tr>
237 <td class="DataTD"><strong><?=_("ID")?></strong></td>
238 <td class="DataTD"><strong><?=_("Date")?></strong></td>
239 <?
240 if ($support == "1")
241 {
242 ?>
243 <td class="DataTD"><strong><?=_("When")?></strong></td>
244 <td class="DataTD"><strong><?=_("Email")?></strong></td>
245 <?
246 }
247 ?>
248 <td class="DataTD"><strong><?=_("Who")?></strong></td>
249 <td class="DataTD"><strong><?=_("Points")?></strong></td>
250 <td class="DataTD"><strong><?=_("Location")?></strong></td>
251 <td class="DataTD"><strong><?=_("Method")?></strong></td>
252 <td class="DataTD"><strong><?=_("Experience Points")?></strong></td>
253 <?
254 if ($support == "1")
255 {
256 ?>
257 <td class="DataTD"><strong><?=_("Revoke")?></strong></td>
258 <?
259 }
260 ?>
261 </tr>
262 <?
263 }
264
265 function output_assurances_footer($points_txt,$points,$experience_txt,$sumexperience,$support)
266 {
267 ?>
268 <tr>
269 <td<?=($support == "1")?' colspan="5"':' colspan="3"'?> class="DataTD"><strong><?=$points_txt?>:</strong></td>
270 <td class="DataTD"><?=$points?></td>
271 <td class="DataTD">&nbsp;</td>
272 <td class="DataTD"><strong><?=$experience_txt?>:</strong></td>
273 <td class="DataTD"><?=$sumexperience?></td>
274 <?
275 if ($support == "1")
276 {
277 ?>
278 <td class="DataTD">&nbsp;</td>
279 <?
280 }
281 ?>
282
283 </tr>
284 </table>
285 <br/>
286 <?
287 }
288
289 function output_assurances_row($assuranceid,$date,$when,$email,$name,$awarded,$points,$location,$method,$experience,$userid,$support,$revoked, $ticketno)
290 {
291
292 $tdstyle="";
293 $emopen="";
294 $emclose="";
295
296 if ($awarded == $points)
297 {
298 if ($awarded == "0")
299 {
300 if ($when < "2006-09-01")
301 {
302 $tdstyle="style='background-color: #ffff80'";
303 $emopen="<em>";
304 $emclose="</em>";
305 }
306 }
307 }
308 ?>
309 <tr>
310 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$assuranceid?><?=$emclose?></td>
311 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$date?><?=$emclose?></td>
312 <?
313 if ($support == "1")
314 {
315 ?>
316 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$when?><?=$emclose?></td>
317 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$email?><?=$emclose?></td>
318 <?
319 }
320 ?>
321 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td>
322 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$awarded?><?=$emclose?></td>
323 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$location?><?=$emclose?></td>
324 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td>
325 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?><?=$emclose?></td>
326 <?
327 if ($support == "1")
328 {
329 if ($revoked == true)
330 {
331 ?>
332 <td class="DataTD" <?=$tdstyle?>>&nbsp;</td>
333 <?
334 } else {
335 ?>
336 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&amp;userid=<?=intval($userid)?>&amp;assurance=<?=intval($assuranceid)?>&amp;csrf=<?=make_csrf('admdelassurance')?>&amp;ticketno=<?=$ticketno?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$assuranceid)?>');"><?=_("Revoke")?></a><?=$emclose?></td>
337 <?
338 }
339 }
340 ?>
341 </tr>
342 <?
343 }
344
345 function output_summary_header()
346 {
347 ?>
348 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
349 <tr>
350 <td colspan="4" class="title"><?=_("Summary of your Points")?></td>
351 </tr>
352 <tr>
353 <td class="DataTD"><strong><?=_("Description")?></strong></td>
354 <td class="DataTD"><strong><?=_("Points")?></strong></td>
355 <td class="DataTD"><strong><?=_("Countable Points")?></strong></td>
356 <td class="DataTD"><strong><?=_("Remark")?></strong></td>
357 </tr>
358 <?
359 }
360
361 function output_summary_footer()
362 {
363 ?>
364 </table>
365 <br/>
366 <?
367 }
368
369 function output_summary_row($title,$points,$points_countable,$remark)
370 {
371 ?>
372 <tr>
373 <td class="DataTD"><strong><?=$title?></strong></td>
374 <td class="DataTD"><?=$points?></td>
375 <td class="DataTD"><?=$points_countable?></td>
376 <td class="DataTD"><?=$remark?></td>
377 </tr>
378 <?
379 }
380
381
382 // ************* output given assurances ******************
383
384 function output_given_assurances_content($userid,&$points,&$sum_experience,$support, $ticketno)
385 {
386 $points = 0;
387 $sumexperience = 0;
388 $res = get_given_assurances(intval($userid));
389 while($row = mysql_fetch_assoc($res))
390 {
391 $fromuser = get_user (intval($row['to']));
392 $apoints = calc_experience ($row,$points,$experience,$sum_experience,$revoked);
393 $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['to']));
394 $email = show_email_link ($fromuser['email'],intval($row['to']));
395 output_assurances_row (intval($row['id']),$row['date'],$row['when'],$email,$name,$apoints,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience,$userid,$support,$revoked, $ticketno);
396 }
397 }
398
399 // ************* output received assurances ******************
400
401 function output_received_assurances_content($userid,&$points,&$sum_experience,$support, $ticketno)
402 {
403 $points = 0;
404 $sumexperience = 0;
405 $res = get_received_assurances(intval($userid));
406 while($row = mysql_fetch_assoc($res))
407 {
408 $fromuser = get_user (intval($row['from']));
409 calc_assurances ($row,$points,$experience,$sum_experience,$awarded,$revoked);
410 $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['from']));
411 $email = show_email_link ($fromuser['email'],intval($row['from']));
412 output_assurances_row (intval($row['id']),$row['date'],$row['when'],$email,$name,$awarded,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience,$userid,$support,$revoked, $ticketno);
413 }
414 }
415
416 // ************* output summary table ******************
417
418 function check_date_limit ($userid,$age)
419 {
420 $dob = date("Y-m-d", mktime(0,0,0,date("m"),date("d"),date("Y")-$age));
421 $res = query_init ("select id from `users` where `id`='".$userid."' and `dob` < '$dob'");
422 return intval(query_get_number_of_rows($res));
423 }
424
425 function calc_points($row)
426 {
427 $awarded = intval($row['awarded']);
428 if ($awarded == "")
429 $awarded = 0;
430 if (intval($row['points']) < $awarded)
431 $points = $awarded; // if 'sum of added points' > 100, awarded shows correct value
432 else
433 $points = intval($row['points']); // on very old assurances, awarded is '0' instead of correct value
434 switch ($row['method'])
435 {
436 case 'Thawte Points Transfer': // revoke all Thawte-points (as per arbitration)
437 case 'CT Magazine - Germany': // revoke c't (only one test-entry)
438 case 'Temporary Increase': // revoke 'temporary increase' (Current usage breaks audit aspects, needs to be reimplemented)
439 $points = 0;
440 break;
441 case 'Administrative Increase': // ignore AI with 2 points or less (historical for experiance points, now other calculation)
442 if ($points <= 2) // maybe limit to 35/50 pts in the future?
443 $points = 0;
444 break;
445 case 'Unknown': // to be revoked in the future? limit to max 50 pts?
446 case 'Trusted Third Parties': // to be revoked in the future? limit to max 35 pts?
447 case 'TTP-Assisted': // TTP assurances, limit to 35
448 case 'TOPUP': // TOPUP to be delevoped in the future, limit to 30
449 case '': // to be revoked in the future? limit to max 50 pts?
450 case 'Face to Face Meeting': // normal assurances, limit to 35/50 pts in the future?
451 break;
452 default: // should never happen ... ;-)
453 $points = 0;
454 }
455 if ($points < 0) // ignore negative points (bug needs to be fixed)
456 $points = 0;
457 return $points;
458 }
459
460 function max_points($userid)
461 {
462 return output_summary_content ($userid,0);
463 }
464
465 function output_summary_content($userid,$display_output)
466 {
467 $sum_points = 0;
468 $sum_experience = 0;
469 $sum_experience_other = 0;
470 $max_points = 100;
471 $max_experience = 50;
472
473 $experience_limit_reached_txt = _("Limit reached");
474
475 if (check_date_limit($userid,18) != 1)
476 {
477 $max_experience = 10;
478 $experience_limit_reached_txt = _("Limit given by PoJAM reached");
479 }
480 if (check_date_limit($userid,14) != 1)
481 {
482 $max_experience = 0;
483 $experience_limit_reached_txt = _("Limit given by PoJAM reached");
484 }
485
486 $res = get_received_assurances_summary($userid);
487 while($row = mysql_fetch_assoc($res))
488 {
489 $points = calc_points ($row);
490
491 if ($points > $max_points) // limit to 100 points, above is experience (needs to be fixed)
492 {
493 $sum_experience_other = $sum_experience_other+($points-$max_points)*intval($row['number']);
494 $points = $max_points;
495 }
496 $sum_points += $points*intval($row['number']);
497 }
498
499 $res = get_given_assurances_summary($userid);
500 while($row = mysql_fetch_assoc($res))
501 {
502 switch ($row['method'])
503 {
504 case 'Face to Face Meeting': // count Face to Face only
505 $sum_experience += 2*intval($row['number']);
506 break;
507 }
508
509 }
510
511 if ($sum_points > $max_points)
512 {
513 $sum_points_countable = $max_points;
514 $remark_points = _("Limit reached");
515 }
516 else
517 {
518 $sum_points_countable = $sum_points;
519 $remark_points = "&nbsp;";
520 }
521 if ($sum_experience > $max_experience)
522 {
523 $sum_experience_countable = $max_experience;
524 $remark_experience = $experience_limit_reached_txt;
525 }
526 else
527 {
528 $sum_experience_countable = $sum_experience;
529 $remark_experience = "&nbsp;";
530 }
531
532 if ($sum_experience_countable + $sum_experience_other > $max_experience)
533 {
534 $sum_experience_other_countable = $max_experience-$sum_experience_countable;
535 $remark_experience_other = $experience_limit_reached_txt;
536 }
537 else
538 {
539 $sum_experience_other_countable = $sum_experience_other;
540 $remark_experience_other = "&nbsp;";
541 }
542
543 if ($sum_points_countable < $max_points)
544 {
545 if ($sum_experience_countable != 0)
546 $remark_experience = _("Points on hold due to less assurance points");
547 $sum_experience_countable = 0;
548 if ($sum_experience_other_countable != 0)
549 $remark_experience_other = _("Points on hold due to less assurance points");
550 $sum_experience_other_countable = 0;
551 }
552
553 $issue_points = 0;
554 $cats_test_passed = get_cats_state ($userid);
555 if ($cats_test_passed == 0)
556 {
557 $issue_points_txt = "<strong style='color: red'>"._("You have to pass the CAcert Assurer Challenge (CATS-Test) to be an Assurer")."</strong>";
558 if ($sum_points_countable < $max_points)
559 {
560 $issue_points_txt = "<strong style='color: red'>";
561 $issue_points_txt .= sprintf(_("You need %s assurance points and the passed CATS-Test to be an Assurer"), intval($max_points));
562 $issue_points_txt .= "</strong>";
563 }
564 }
565 else
566 {
567 $experience_total = $sum_experience_countable+$sum_experience_other_countable;
568 $issue_points_txt = "";
569 if ($sum_points_countable == $max_points)
570 $issue_points = 10;
571 if ($experience_total >= 10)
572 $issue_points = 15;
573 if ($experience_total >= 20)
574 $issue_points = 20;
575 if ($experience_total >= 30)
576 $issue_points = 25;
577 if ($experience_total >= 40)
578 $issue_points = 30;
579 if ($experience_total >= 50)
580 $issue_points = 35;
581 if ($issue_points != 0)
582 $issue_points_txt = sprintf(_("You may issue up to %s points"),$issue_points);
583 }
584 if ($display_output)
585 {
586 output_summary_row (_("Assurance Points you received"),$sum_points,$sum_points_countable,$remark_points);
587 output_summary_row (_("Total Experience Points by Assurance"),$sum_experience,$sum_experience_countable,$remark_experience);
588 output_summary_row (_("Total Experience Points (other ways)"),$sum_experience_other,$sum_experience_other_countable,$remark_experience_other);
589 output_summary_row (_("Total Points"),"&nbsp;",$sum_points_countable + $sum_experience_countable + $sum_experience_other_countable,$issue_points_txt);
590 }
591 return $issue_points;
592 }
593
594 function output_given_assurances($userid,$support=0, $ticketno)
595 {
596 output_assurances_header(_("Assurance Points You Issued"),$support);
597 output_given_assurances_content($userid,$points,$sum_experience,$support, $ticketno);
598 output_assurances_footer(_("Total Points Issued"),$points,_("Total Experience Points"),$sum_experience,$support);
599 }
600
601 function output_received_assurances($userid,$support=0, $ticketno)
602 {
603 output_assurances_header(_("Your Assurance Points"),$support);
604 output_received_assurances_content($userid,$points,$sum_experience,$support, $ticketno);
605 output_assurances_footer(_("Total Assurance Points"),$points,_("Total Experience Points"),$sum_experience,$support);
606 }
607
608 function output_summary($userid)
609 {
610 output_summary_header();
611 output_summary_content($userid,1);
612 output_summary_footer();
613 }
614
615 function output_end_of_page()
616 {
617 ?>
618 <p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p>
619 <?
620 }
621
622 //functions to do with recording user agreements
623 /**
624 * write_user_agreement()
625 * writes a new record to the table user_agreement
626 *
627 * @param mixed $memid
628 * @param mixed $document
629 * @param mixed $method
630 * @param mixed $comment
631 * @param integer $active
632 * @param integer $secmemid
633 * @return
634 */
635 function write_user_agreement($memid, $document, $method, $comment, $active=1, $secmemid=0){
636 // write a new record to the table user_agreement
637 $query="insert into `user_agreements` set `memid`=".intval($memid).", `secmemid`=".intval($secmemid).
638 ",`document`='".mysql_real_escape_string($document)."',`date`=NOW(), `active`=".intval($active).",`method`='".mysql_real_escape_string($method)."',`comment`='".mysql_real_escape_string($comment)."'" ;
639 $res = mysql_query($query);
640 }
641
642 function get_user_agreement_status($memid, $type="CCA"){
643 //returns 0 - no user agreement, 1- at least one entry
644 $query="SELECT u.`document` FROM `user_agreements` u
645 WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." or u.`secmemid`=".$memid.")" ;
646 $res = mysql_query($query);
647 if(mysql_num_rows($res) <=0){
648 return 0;
649 }else{
650 return 1;
651 }
652 }
653
654 function get_first_user_agreement($memid, $active=1, $type="CCA"){
655 //returns an array (`document`,`date`,`method`, `comment`,`active`)
656 if($active==1){
657 $filter="u.`memid`=".$memid;
658 }else{
659 $filter="u.`secmemid`=".$memid;
660 }
661 $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM `user_agreements` u
662 WHERE u.`document` = '".$type."' AND ".$filter."
663 ORDER BY u.`date` Limit 1;";
664 $res = mysql_query($query);
665 if(mysql_num_rows($res) >0){
666 $row = mysql_fetch_assoc($res);
667 $rec['document']= $row['document'];
668 $rec['date']= $row['date'];
669 $rec['method']= $row['method'];
670 $rec['comment']= $row['comment'];
671 $rec['active']= $row['active'];
672 }else{
673 $rec=array();
674 }
675 return $rec;
676 }
677
678 function get_last_user_agreement($memid, $type="CCA"){
679 //returns an array (`document`,`date`,`method`, `comment`,`active`)
680 $query="(SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 1 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." ) order by `date` desc limit 1)
681 union
682 (SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 0 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND ( u.`secmemid`=".$memid.")) order by `date` desc limit 1" ;
683 $res = mysql_query($query);
684 if(mysql_num_rows($res) >0){
685 $row = mysql_fetch_assoc($res);
686 $rec['document']= $row['document'];
687 $rec['date']= $row['date'];
688 $rec['method']= $row['method'];
689 $rec['comment']= $row['comment'];
690 $rec['active']= $row['active'];
691 }else{
692 $rec=array();
693 }
694 return $rec;
695 }
696
697 function get_user_agreement($memid){
698 $query="(SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 1 as `active` FROM user_agreements u WHERE u.`document` = 'CCA' AND (u.`memid`=".$memid." ) order by u.`date` )
699 union
700 (SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 0 as `active` FROM user_agreements u WHERE u.`document` = 'CCA' AND ( u.`secmemid`=".$memid.") order by u.`date`)
701 union
702 (SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 0 as `active` FROM user_agreements u WHERE u.`document` != 'CCA' AND ( u.`memid`=".$memid.") order by u.u.`document`, u.`date`) " ;
703 $res = mysql_query($query);
704
705 return mysql_query($query);
706 }
707
708 function delete_user_agreement($memid, $type="CCA"){
709 //deletes all entries to an user for the given type of user agreements
710 mysql_query("delete from `user_agreements` where `memid`='".$memid."'");
711 mysql_query("delete from `user_agreements` where `secmemid`='".$memid."'");
712 }
713
714 // functions for 6.php (assure somebody)
715
716 function AssureHead($confirmation,$checkname)
717 {
718 ?>
719 <form method="post" action="wot.php">
720 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="600">
721 <tr>
722 <td colspan="2" class="title"><?=$confirmation?></td>
723 </tr>
724 <tr>
725 <td class="DataTD" colspan="2" align="left"><?=$checkname?></td>
726 </tr>
727 <?
728 }
729
730 function AssureTextLine($field1,$field2)
731 {
732 ?>
733 <tr>
734 <td class="DataTD"><?=$field1.(empty($field1)?'':':')?></td>
735 <td class="DataTD"><?=$field2?></td>
736 </tr>
737 <?
738 }
739
740 function AssureBoxLine($type,$text,$checked)
741 {
742 ?>
743 <tr>
744 <td class="DataTD"><input type="checkbox" name="<?=$type?>" value="1" <?=$checked?"checked":""?>></td>
745 <td class="DataTD"><?=$text?></td>
746 </tr>
747 <?
748 }
749
750 function AssureMethodLine($text,$methods,$remark)
751 {
752 if (count($methods) != 1) {
753 ?>
754 <tr>
755 <td class="DataTD"><?=$text.(empty($text)?'':':')?></td>
756 <td class="DataTD">
757 <select name="method">
758 <?
759 foreach($methods as $val) {
760 ?>
761 <option value="<?=$val?>"><?=$val?></option>
762 <?
763 }
764 ?>
765 </select>
766 <br />
767 <?=$remark?>
768 </td>
769 </tr>
770 <?
771 } else {
772 ?>
773 <input type="hidden" name="<?=$val?>" value="<?=$methods[0]?>" />
774 <?
775 }
776 }
777
778 function AssureInboxLine($type,$field,$value,$description)
779 {
780 ?>
781 <tr>
782 <td class="DataTD"><?=$field.(empty($field)?'':':')?></td>
783 <td class="DataTD"><input type="text" name="<?=$type?>" value="<?=$value?>"><?=$description?></td>
784 </tr>
785 <?
786 }
787
788 function AssureFoot($oldid,$confirm)
789 {
790 ?>
791 <tr>
792 <td class="DataTD" colspan="2">
793 <input type="submit" name="process" value="<?=$confirm?>" />
794 <input type="submit" name="cancel" value="<?=_("Cancel")?>" />
795 </td>
796 </tr>
797 </table>
798 <input type="hidden" name="pagehash" value="<?=$_SESSION['_config']['wothash']?>" />
799 <input type="hidden" name="oldid" value="<?=$oldid?>" />
800 </form>
801 <?
802 }
803
804 function account_email_delete($mailid){
805 //deletes an email entry from an acount
806 //revolkes all certifcates for that email address
807 //called from www/account.php if($process != "" && $oldid == 2)
808 //called from www/diputes.php if($type == "reallyemail") / if($action == "accept")
809 //called from account_delete
810 $mailid = intval($mailid);
811 revoke_all_client_cert($mailid);
812 $query = "update `email` set `deleted`=NOW() where `id`='$mailid'";
813 mysql_query($query);
814 }
815
816 function account_domain_delete($domainid){
817 //deletes an domain entry from an acount
818 //revolkes all certifcates for that domain address
819 //called from www/account.php if($process != "" && $oldid == 9)
820 //called from www/diputes.php if($type == "reallydomain") / if($action == "accept")
821 //called from account_delete
822 $domainid = intval($domainid);
823 revoke_all_server_cert($domainid);
824 mysql_query(
825 "update `domains`
826 set `deleted`=NOW()
827 where `id` = '$domainid'");
828 }
829
830 function account_delete($id, $arbno, $adminid){
831 //deletes an account following the deleted account routnie V3
832 // called from www/account.php if($oldid == 50 && $process != "")
833 //change password
834 $id = intval($id);
835 $arbno = mysql_real_escape_string($arbno);
836 $adminid = intval($adminid);
837 $pool = 'abcdefghijklmnopqrstuvwxyz';
838 $pool .= '0123456789!()ยง';
839 $pool .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
840 srand ((double)microtime()*1000000);
841 $password="";
842 for($index = 0; $index < 30; $index++)
843 {
844 $password .= substr($pool,(rand()%(strlen ($pool))), 1);
845 }
846 mysql_query("update `users` set `password`=sha1('".$password."') where `id`='".$id."'");
847
848 //create new mail for arbitration number
849 $query = "insert into `email` set `email`='".$arbno."@cacert.org',`memid`='".$id."',`created`=NOW(),`modified`=NOW(), `attempts`=-1";
850 mysql_query($query);
851 $emailid = mysql_insert_id();
852
853 //set new mail as default
854 $query = "update `users` set `email`='".$arbno."@cacert.org' where `id`='".$id."'";
855 mysql_query($query);
856
857 //delete all other email address
858 $query = "select `id` from `email` where `memid`='".$id."' and `id`!='".$emailid."'" ;
859 $res=mysql_query($query);
860 while($row = mysql_fetch_assoc($res)){
861 account_email_delete($row['id']);
862 }
863
864 //delete all domains
865 $query = "select `id` from `domains` where `memid`='".$id."'";
866 $res=mysql_query($query);
867 while($row = mysql_fetch_assoc($res)){
868 account_domain_delete($row['id']);
869 }
870
871 //clear alert settings
872 mysql_query(
873 "update `alerts` set
874 `general`='0',
875 `country`='0',
876 `regional`='0',
877 `radius`='0'
878 where `memid`='$id'");
879
880 //set default location
881 $query = "update `users` set `locid`='2256755', `regid`='243', `ccid`='12' where `id`='".$id."'";
882 mysql_query($query);
883
884 //clear listings
885 $query = "update `users` set `listme`=' ',`contactinfo`=' ' where `id`='".$id."'";
886 mysql_query($query);
887
888 //set lanuage to default
889 //set default language
890 mysql_query("update `users` set `language`='en_AU' where `id`='".$id."'");
891 //delete secondary langugaes
892 mysql_query("delete from `addlang` where `userid`='".$id."'");
893
894 //change secret questions
895 for($i=1;$i<=5;$i++){
896 $q="";
897 $a="";
898 for($index = 0; $index < 30; $index++)
899 {
900 $q .= substr($pool,(rand()%(strlen ($pool))), 1);
901 $a .= substr($pool,(rand()%(strlen ($pool))), 1);
902 }
903 $query = "update `users` set `Q$i`='$q', `A$i`='$a' where `id`='".$id."'";
904 mysql_query($query);
905 }
906
907 //change personal information to arbitration number and DOB=1900-01-01
908 $query = "select `fname`,`mname`,`lname`,`suffix`,`dob` from `users` where `id`='$userid'";
909 $details = mysql_fetch_assoc(mysql_query($query));
910 $query = "insert into `adminlog` set `when`=NOW(),`old-lname`='${details['lname']}',`old-dob`='${details['dob']}',
911 `new-lname`='$arbno',`new-dob`='1900-01-01',`uid`='$id',`adminid`='".$adminid."'";
912 mysql_query($query);
913 $query = "update `users` set `fname`='".$arbno."',
914 `mname`='".$arbno."',
915 `lname`='".$arbno."',
916 `suffix`='".$arbno."',
917 `dob`='1900-01-01'
918 where `id`='".$id."'";
919 mysql_query($query);
920
921 //clear all admin and board flags
922 mysql_query(
923 "update `users` set
924 `assurer`='0',
925 `assurer_blocked`='0',
926 `codesign`='0',
927 `orgadmin`='0',
928 `ttpadmin`='0',
929 `locadmin`='0',
930 `admin`='0',
931 `adadmin`='0',
932 `tverify`='0',
933 `board`='0'
934 where `id`='$id'");
935
936 //block account
937 mysql_query("update `users` set `locked`='1' where `id`='$id'"); //, `deleted`=Now()
938 }
939
940
941 function check_email_exists($email){
942 // called from includes/account.php if($process != "" && $oldid == 1)
943 // called from includes/account.php if($oldid == 50 && $process != "")
944 $email = mysql_real_escape_string($email);
945 $query = "select 1 from `email` where `email`='$email' and `deleted`=0";
946 $res = mysql_query($query);
947 return mysql_num_rows($res) > 0;
948 }
949
950 function check_gpg_cert_running($uid,$cca=0){
951 //if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed
952 // called from includes/account.php if($oldid == 50 && $process != "")
953 $uid = intval($uid);
954 if (0==$cca) {
955 $query = "select 1 from `gpg` where `memid`='$uid' and `expire`>NOW()";
956 }else{
957 $query = "select 1 from `gpg` where `memid`='$uid' and `expire`>(NOW()-90*86400)";
958 }
959 $res = mysql_query($query);
960 return mysql_num_rows($res) > 0;
961 }
962
963 function check_client_cert_running($uid,$cca=0){
964 //if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed
965 // called from includes/account.php if($oldid == 50 && $process != "")
966 $uid = intval($uid);
967 if (0==$cca) {
968 $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>NOW() and `revoked`<`created`";
969 $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>NOW()";
970 }else{
971 $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>(NOW()-90*86400) and `revoked`<`created`";
972 $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>(NOW()-90*86400)";
973 }
974 $res = mysql_query($query1);
975 $r1 = mysql_num_rows($res)>0;
976 $res = mysql_query($query2);
977 $r2 = mysql_num_rows($res)>0;
978 return !!($r1 || $r2);
979 }
980
981 function check_server_cert_running($uid,$cca=0){
982 //if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed
983 // called from includes/account.php if($oldid == 50 && $process != "")
984 $uid = intval($uid);
985 if (0==$cca) {
986 $query1 = "
987 select 1 from `domaincerts` join `domains`
988 on `domaincerts`.`domid` = `domains`.`id`
989 where `domains`.`memid` = '$uid'
990 and `domaincerts`.`expire` > NOW()
991 and `domaincerts`.`revoked` < `domaincerts`.`created`";
992 $query2 = "
993 select 1 from `domaincerts` join `domains`
994 on `domaincerts`.`domid` = `domains`.`id`
995 where `domains`.`memid` = '$uid'
996 and `revoked`>NOW()";
997 }else{
998 $query1 = "
999 select 1 from `domaincerts` join `domains`
1000 on `domaincerts`.`domid` = `domains`.`id`
1001 where `domains`.`memid` = '$uid'
1002 and `expire`>(NOW()-90*86400)
1003 and `revoked`<`created`";
1004 $query2 = "
1005 select 1 from `domaincerts` join `domains`
1006 on `domaincerts`.`domid` = `domains`.`id`
1007 where `domains`.`memid` = '$uid'
1008 and `revoked`>(NOW()-90*86400)";
1009 }
1010 $res = mysql_query($query1);
1011 $r1 = mysql_num_rows($res)>0;
1012 $res = mysql_query($query2);
1013 $r2 = mysql_num_rows($res)>0;
1014 return !!($r1 || $r2);
1015 }
1016
1017 function check_is_orgadmin($uid){
1018 // called from includes/account.php if($oldid == 50 && $process != "")
1019 $uid = intval($uid);
1020 $query = "select 1 from `org` where `memid`='$uid' and `deleted`=0";
1021 $res = mysql_query($query);
1022 return mysql_num_rows($res) > 0;
1023 }
1024
1025
1026 // revokation of certificates
1027 function revoke_all_client_cert($mailid){
1028 //revokes all client certificates for an email address
1029 $mailid = intval($mailid);
1030 $query = "select `emailcerts`.`id`
1031 from `emaillink`,`emailcerts` where
1032 `emaillink`.`emailid`='$mailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and `emailcerts`.`revoked`=0
1033 group by `emailcerts`.`id`";
1034 $dres = mysql_query($query);
1035 while($drow = mysql_fetch_assoc($dres)){
1036 mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01', `disablelogin`=1 where `id`='".$drow['id']."'");
1037 }
1038 }
1039
1040 function revoke_all_server_cert($domainid){
1041 //revokes all server certs for an domain
1042 $domainid = intval($domainid);
1043 $query =
1044 "select `domaincerts`.`id`
1045 from `domaincerts`
1046 where `domaincerts`.`domid` = '$domainid'
1047 union distinct
1048 select `domaincerts`.`id`
1049 from `domaincerts`, `domlink`
1050 where `domaincerts`.`id` = `domlink`.`certid`
1051 and `domlink`.`domid` = '$domainid'";
1052 $dres = mysql_query($query);
1053 while($drow = mysql_fetch_assoc($dres))
1054 {
1055 mysql_query(
1056 "update `domaincerts`
1057 set `revoked`='1970-01-01 10:00:01'
1058 where `id` = '".$drow['id']."'
1059 and `revoked` = 0");
1060 }
1061 }
1062
1063 function revoke_all_private_cert($uid){
1064 //revokes all certificates linked to a personal accounts
1065 //gpg revokation needs to be added to a later point
1066 $uid=intval($uid);
1067 $query = "select `id` from `email` where `memid`='".$uid."'";
1068 $res=mysql_query($query);
1069 while($row = mysql_fetch_assoc($res)){
1070 revoke_all_client_cert($row['id']);
1071 }
1072
1073
1074 $query = "select `id` from `domains` where `memid`='".$uid."'";
1075 $res=mysql_query($query);
1076 while($row = mysql_fetch_assoc($res)){
1077 revoke_all_server_cert($row['id']);
1078 }
1079 }
1080
1081 /**
1082 * check_date_format()
1083 * checks if the date is entered in the right date format YYYY-MM-DD and
1084 * if the date is after the 1st January of the given year
1085 *
1086 * @param mixed $date
1087 * @param integer $year
1088 * @return
1089 */
1090 function check_date_format($date, $year=2000){
1091 if (!strpos($date,'-')) {
1092 return FALSE;
1093 }
1094 $arr=explode('-',$date);
1095
1096 if ((count($arr)!=3)) {
1097 return FALSE;
1098 }
1099 if (intval($arr[0])<=$year) {
1100 return FALSE;
1101 }
1102 if (intval($arr[1])>12 or intval($arr[1])<=0) {
1103 return FALSE;
1104 }
1105 if (intval($arr[2])>31 or intval($arr[2])<=0) {
1106 return FALSE;
1107 }
1108
1109 return checkdate( intval($arr[1]), intval($arr[2]), intval($arr[0]));
1110
1111 }
1112
1113 /**
1114 * check_date_difference()
1115 * returns false if the date is larger then today + time diffrence
1116 *
1117 * @param mixed $date
1118 * @param integer $diff
1119 * @return
1120 */
1121 function check_date_difference($date, $diff=1){
1122 return (strtotime($date)<=time()+$diff*86400);
1123 }
1124
1125 /**
1126 * write_se_log()
1127 * writes an information to the adminlog
1128 *
1129 * @param mixed $uid - id of the user account
1130 * @param mixed $adminid - id of the admin
1131 * @param mixed $type - what was changed
1132 * @param mixed $info - the ticket / arbitration no or other information
1133 * @return
1134 */
1135 function write_se_log($uid, $adminid, $type, $info){
1136 //records all support engineer actions changing a user account
1137 $uid = intval($uid);
1138 $adminid = intval($adminid);
1139 $type = mysql_real_escape_string($type);
1140 $info = mysql_real_escape_string($info);
1141 $query="insert into `adminlog` (`when`, `uid`, `adminid`,`type`,`information`) values
1142 (Now(), $uid, $adminid, '$type', '$info')";
1143 mysql_query($query);
1144 }
1145
1146 /**
1147 * valid_ticket_number()
1148 * checks if the entered information is a valid ticket or arbitration number
1149 * @param mixed $ticketno
1150 * @return
1151 */
1152 function valid_ticket_number($ticketno){
1153 //return if a given ticket number is valid
1154 //a arbitration case
1155 //d dispute action
1156 //s support case
1157 //m board motion
1158 $pattern='/[adsmADSM]\d{8}\./';
1159 if (preg_match($pattern, $ticketno)) {
1160 return true;
1161 }
1162 return false;
1163 }
1164
1165 // function for handling account/43.php
1166 /**
1167 * get_user_data()
1168 * returns all data of to an account given by the id
1169 * @param mixed $userid - account id
1170 * @param mixed $deleted - states if deleted data should be visible , default = 0 - not visible
1171 * @return
1172 */
1173 function get_user_data($userid, $deleted=0){
1174 $userid = intval($userid);
1175 $filter='';
1176 if (0==$deleted) {
1177 $filter=' and `users`.`deleted`=0';
1178 }
1179 $query = "select * from `users` where `users`.`id`='$userid' ".$filter;
1180 return mysql_query($query);
1181 }
1182
1183 /**
1184 * get_alerts()
1185 * retrns all alert settings for one user
1186 * @param mixed $userid for the requested account
1187 * @return
1188 */
1189 function get_alerts($userid){
1190 return mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($userid)."'"));
1191 }
1192
1193 /**
1194 * get_email_address()
1195 * returns all email address linked to one account
1196 * @param mixed $userid
1197 * @param string $primary if given the primary email address is not retirned
1198 * @param integer $deleted - states if deleted data should be visible , default = 0 - not visible
1199 * @return
1200 */
1201 function get_email_address($userid, $primary,$deleted=0){
1202 //should be entered in account/2.php
1203 $userid = intval($userid);
1204 $filter='';
1205 if (0==$deleted) {
1206 $filter=' and `deleted`=0';
1207 }
1208 if ($primary) {
1209 $filter= $filter." and `email`!='".mysql_real_escape_string($primary)."'";
1210 }
1211 $query = "select * from `email` where `memid`='".$userid."'".$filter." order by `created`";
1212 return mysql_query($query);
1213 }
1214
1215 /**
1216 * get_domains()
1217 * returns all domains to an account
1218 * @param mixed $userid
1219 * @param integer $deleted - states if deleted data should be visible , default = 0 - not visible
1220 * @return
1221 */
1222 function get_domains($userid, $deleted=0){
1223 //should be entered in account/9.php
1224 $userid = intval($userid);
1225 $filter='';
1226 if (0==$deleted) {
1227 $filter=' and `deleted`=0';
1228 }
1229 $query = "select * from `domains` where `memid`='".$userid."' and `hash`=''".$filter." order by `created`";
1230 return mysql_query($query);
1231 }
1232
1233 /**
1234 * get_training_result()
1235 * returns all training results to an account
1236 * @param mixed $userid
1237 * @return
1238 */
1239 function get_training_result($userid){
1240 //should be entered in account/55.php
1241 $userid = intval($userid);
1242 $query = "SELECT `CP`.`pass_date`, `CT`.`type_text`, `CV`.`test_text` ".
1243 " FROM `cats_passed` AS CP, `cats_variant` AS CV, `cats_type` AS CT ".
1244 " WHERE `CP`.`variant_id`=`CV`.`id` AND `CV`.`type_id`=`CT`.`id` AND `CP`.`user_id` ='".$userid."'".
1245 " ORDER BY `CP`.`pass_date`";
1246 return mysql_query($query);
1247 }
1248
1249 /**
1250 * get_se_log()
1251 * returns all SE log entries to an account
1252 * @param mixed $userid
1253 * @return
1254 */
1255 function get_se_log($userid){
1256 $userid = intval($userid);
1257 $query = "SELECT `adminlog`.`when`, `adminlog`.`type`, `adminlog`.`information`, `users`.`fname`, `users`.`lname`
1258 FROM `adminlog`, `users`
1259 WHERE `adminlog`.`adminid` = `users`.`id` and `adminlog`.`uid`=".$userid."
1260 ORDER BY `adminlog`.`when`";
1261 return mysql_query($query);
1262 }
1263
1264 /**
1265 * get_client_certs()
1266 * returns all client certificates to an account
1267 * @param mixed $userid
1268 * @param integer $viewall- states if expired certs should be visible , default = 0 - not visible
1269 * @return
1270 */
1271 //add to account/5.php
1272 function get_client_certs($userid,$viewall=0){
1273 $userid = intval($userid);
1274 $query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`,
1275 UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
1276 UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`,
1277 `emailcerts`.`expire` as `expires`,
1278 `emailcerts`.`revoked` as `revoke`,
1279 UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`,
1280 `emailcerts`.`id`,
1281 `emailcerts`.`CN`,
1282 `emailcerts`.`serial`,
1283 `emailcerts`.`disablelogin` as `disablelogin`,
1284 `emailcerts`.`description`
1285 from `emailcerts`
1286 where `emailcerts`.`memid`='".$userid."'";
1287 if($viewall != 1)
1288 $query .= " AND `revoked`=0 AND `renewed`=0 ";
1289 $query .= " GROUP BY `emailcerts`.`id` ";
1290 if($viewall != 1)
1291 $query .= " HAVING `timeleft` > 0 ";
1292 $query .= " ORDER BY `emailcerts`.`modified` desc";
1293 return mysql_query($query);
1294 }
1295
1296 /**
1297 * get_server_certs()
1298 * returns all server certs to an account
1299 * @param mixed $userid
1300 * @param integer $viewall states if expired certs should be visible , default = 0 - not visible
1301 * @return
1302 */
1303 function get_server_certs($userid,$viewall=0){
1304 //add to account/12.php
1305 $userid = intval($userid);
1306 $query = "select UNIX_TIMESTAMP(`domaincerts`.`created`) as `created`,
1307 UNIX_TIMESTAMP(`domaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
1308 UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired`,
1309 `domaincerts`.`expire` as `expires`, `revoked` as `revoke`,
1310 UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`serial`, `domaincerts`.`id` as `id`,
1311 `domaincerts`.`description`
1312 from `domaincerts`,`domains`
1313 where `memid`='".$userid."' and `domaincerts`.`domid`=`domains`.`id` ";
1314 if($viewall != 1)
1315 {
1316 $query .= "AND `revoked`=0 AND `renewed`=0 ";
1317 $query .= "HAVING `timeleft` > 0 ";
1318 }
1319 $query .= "ORDER BY `domaincerts`.`modified` desc";
1320 return mysql_query($query);
1321 }
1322
1323 /**
1324 * get_gpg_certs()
1325 * retruns all gpg certs to an account
1326 * @param mixed $userid
1327 * @param integer $viewall states if expired certs should be visible , default = 0 - not visible
1328 * @return
1329 */
1330 function get_gpg_certs($userid,$viewall=0){
1331 //add to gpg/2.php
1332 $userid = intval($userid);
1333 $query = $query = "select UNIX_TIMESTAMP(`issued`) as `issued`,
1334 UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() as `timeleft`,
1335 UNIX_TIMESTAMP(`expire`) as `expired`,
1336 `expire` as `expires`, `id`, `level`,
1337 `email`,`keyid`,`description` from `gpg` where `memid`='".$userid."'
1338 ORDER BY `issued` desc";
1339 return mysql_query($query);
1340 }
1341
1342
1343
1344 /**
1345 * output_log_email_header()
1346 * shows the table header to the email table
1347 * @return
1348 */
1349 function output_log_email_header(){
1350 ?>
1351 <tr>
1352 <td class="DataTD bold"><?= _("Email, primary bold") ?></td>
1353 <td class="DataTD bold"><?= _("Created") ?></td>
1354 <td class="DataTD bold"><?= _("Deleted") ?></td>
1355 </tr>
1356
1357 <?
1358 }
1359 /**
1360 * output_log_email()
1361 * shows all email data
1362 * @param mixed $row - sql-query array
1363 * @param mixed $primary - if given the primary address is highlighted
1364 * @return
1365 */
1366 function output_log_email($row,$primary){
1367 $italic='';
1368 $bold='';
1369 if (0==$row['deleted']) {
1370 $italic='italic ';
1371 }
1372 if ($primary==$row['email']) {
1373 $bold= 'bold ';
1374 }
1375 ?>
1376 <tr>
1377 <td class="DataTD <? $bold . $italic ?>"><?=$row['email']?></td>
1378 <td class="DataTD <? $bold . $italic ?>"><?=$row['created']?></td>
1379 <td class="DataTD <? $bold . $italic ?>"><?=$row['deleted']?></td>
1380 </tr>
1381 <?
1382 }
1383
1384 /**
1385 * output_log_domains_header()
1386 * shows the table header to the domains table
1387 * @return
1388 */
1389 function output_log_domains_header(){
1390 ?>
1391 <tr>
1392 <td class="DataTD bold"><?= _("Domain") ?></td>
1393 <td class="DataTD bold"><?= _("Created") ?></td>
1394 <td class="DataTD bold"><?= _("Deleted") ?></td>
1395 </tr>
1396
1397 <?
1398 }
1399
1400 /**
1401 * output_log_domains()
1402 * shows the domain data
1403 * @param mixed $row - sql-query array
1404 * @return
1405 */
1406 function output_log_domains($row){
1407 $italic='';
1408 if (0==$row['deleted']) {
1409 $italic='italic ';
1410 }
1411 ?>
1412 <tr>
1413 <td class="DataTD <? $italic ?>"><?=$row['domain']?></td>
1414 <td class="DataTD <? $italic ?>"><?=$row['created']?></td>
1415 <td class="DataTD <? $italic ?>"><?=$row['deleted']?></td>
1416 </tr>
1417 <?
1418 }
1419
1420 /**
1421 * output_log_agreement_header()
1422 * shows the table header to the user agreement table
1423 * @return
1424 */
1425 function output_log_agreement_header(){
1426 ?>
1427 <tr>
1428 <td class="DataTD bold"><?= _("Agreement") ?></td>
1429 <td class="DataTD bold"><?= _("Date") ?></td>
1430 <td class="DataTD bold"><?= _("Method") ?></td>
1431 <td class="DataTD bold"><?= _("Active ") ?></td>
1432 </tr>
1433 <?
1434 }
1435
1436 /**
1437 * output_log_agreement()
1438 * shows the agreement data
1439 * @param mixed $row - sql-query array
1440 * @return
1441 */
1442 function output_log_agreement($row){
1443 ?>
1444 <tr>
1445 <td class="DataTD" ><?=$row['document']?></td>
1446 <td class="DataTD" ><?=$row['date']?></td>
1447 <td class="DataTD" ><?=$row['method']?></td>
1448 <td class="DataTD"><?= ($row['active']==0)? _('passive'):_('active')?></td>
1449 </tr>
1450 <?
1451 }
1452
1453 /**
1454 * output_log_training_header()
1455 * shows the table header to the training table
1456 * @return
1457 */
1458 function output_log_training_header(){
1459 //should be entered in account/55.php
1460 ?>
1461 <tr>
1462 <td class="DataTD bold"><?= _("Agreement") ?></td>
1463 <td class="DataTD bold"><?= _("Test") ?></td>
1464 <td class="DataTD bold"><?= _("Variant") ?></td>
1465 </tr>
1466 <?
1467 }
1468
1469 /**
1470 * output_log_training()
1471 * shows the training data
1472 * @param mixed $row - sql-query array
1473 * @return
1474 */
1475 function output_log_training($row){
1476 //should be entered in account/55.php
1477 ?>
1478 <tr>
1479 <td class="DataTD"><?=$row['pass_date']?></td>
1480 <td class="DataTD"><?=$row['type_text']?></td>
1481 <td class="DataTD"><?=$row['test_text']?></td>
1482 </tr>
1483 <?
1484 }
1485
1486 /**
1487 * output_log_se_header()
1488 * shows the table header to the SE log table
1489 * @param integer $support - if support = 1 some columns ar not visible
1490 * @return
1491 */
1492 function output_log_se_header($support=0){
1493 ?>
1494 <tr>
1495 <td class="DataTD bold"><?= _("Date") ?></td>
1496 <td class="DataTD bold"><?= _("Type") ?></td>
1497 <?if (1==$support) {
1498 ?>
1499 <td class="DataTD bold"><?= _("Information") ?></td>
1500 <td class="DataTD bold"><?= _("Admin") ?></td>
1501 <?
1502 }?>
1503 </tr>
1504 <?
1505 }
1506
1507 /**
1508 * output_log_se()
1509 * show the SE log data
1510 * @param mixed $row - sql-query array
1511 * @param integer $support - if support = 1 some columns are added
1512 * @return
1513 */
1514 function output_log_se($row, $support=0){
1515 //should be entered in account/55.php
1516 ?>
1517 <tr>
1518 <td class="DataTD"><?=$row['when']?></td>
1519 <td class="DataTD"><?=$row['type']?></td>
1520 <?if (1==$support) {
1521 ?>
1522 <td class="DataTD"><?=$row['information']?></td>
1523 <td class="DataTD"><?=$row['fname'].' '.$row['lname']?></td>
1524 <?
1525 }?>
1526 </tr>
1527 <?
1528 }
1529
1530 /**
1531 * output_client_cert_header()
1532 * shows the table header to the cleint cert table
1533 * @param integer $support - if support = 1 some columns ar not visible
1534 * @return
1535 */
1536 function output_client_cert_header($support=0){
1537 //should be added to account/5.php
1538 ?>
1539 <tr>
1540 <?if ($support !=1) { ?>
1541 <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
1542 <? } ?>
1543 <td class="DataTD"><?=_("Status")?></td>
1544 <td class="DataTD"><?=_("Email Address")?></td>
1545 <td class="DataTD"><?=_("SerialNumber")?></td>
1546 <td class="DataTD"><?=_("Revoked")?></td>
1547 <td class="DataTD"><?=_("Expires")?></td>
1548 <td class="DataTD"><?=_("Login")?></td>
1549 <?if ($support !=1) { ?>
1550 <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
1551 <? } ?>
1552 </tr>
1553 <?
1554 }
1555
1556 /**
1557 * output_client_cert()
1558 * show the client cert data
1559 * @param mixed $row - sql-query array
1560 * @param integer $support - if support = 1 some columns are not visible
1561 * @return
1562 */
1563 function output_client_cert($row, $support=0){
1564 //should be entered in account/5.php
1565 $verified="";
1566 if($row['timeleft'] > 0)
1567 $verified = _("Valid");
1568 if($row['timeleft'] < 0)
1569 $verified = _("Expired");
1570 if($row['expired'] == 0)
1571 $verified = _("Pending");
1572 if($row['revoked'] > 0)
1573 $verified = _("Revoked");
1574 if($row['revoked'] == 0)
1575 $row['revoke'] = _("Not Revoked");
1576 ?>
1577 <tr>
1578 <?
1579 if($verified != _("Pending") && $verified != _("Revoked")) {
1580 if ($support !=1) { ?>
1581 <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"></td>
1582 <? } ?>
1583 <td class="DataTD"><?=$verified?></td>
1584 <? if ($support !=1) { ?>
1585 <td class="DataTD"><a href="account.php?id=6&amp;cert=<?=$row['id']?>"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></a></td>
1586 <? } ELSE {?>
1587 <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td>
1588 <? } ?>
1589 <? } else if($verified != _("Revoked")) {
1590 if ($support !=1) { ?>
1591 <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td>
1592 <? } ?>
1593 <td class="DataTD"><?=$verified?></td>
1594 <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td>
1595 <? } else {
1596 if ($support !=1) { ?>
1597 <td class="DataTD">&nbsp;</td>
1598 <? } ?>
1599 <td class="DataTD"><?=$verified?></td>
1600 <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td>
1601 <? } ?>
1602
1603 <td class="DataTD"><?=$row['serial']?></td>
1604 <td class="DataTD"><?=$row['revoke']?></td>
1605 <td class="DataTD"><?=$row['expires']?></td>
1606
1607 <? if ($support !=1) { ?>
1608 <td class="DataTD">
1609 <input type="checkbox" name="disablelogin_<?=$row['id']?>" value="1" <?=$row['disablelogin']?"":"checked='checked'"?>/>
1610 <input type="hidden" name="cert_<?=$row['id']?>" value="1" />
1611 </td>
1612 <? } ELSE { ?>
1613 <td class="DataTD">
1614 <input type="checkbox" name="disablelogin_<?=$row['id']?>" value="1" <?=$row['disablelogin']?"":"checked='checked'"?> DISABLED/>
1615 </td>
1616 <? }
1617 if ($support !=1) { ?>
1618 <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
1619 <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
1620 <? }?>
1621 </tr>
1622
1623 <?
1624 }
1625
1626 /**
1627 * output_log_server_certs_header()
1628 * shows the table header to the server cert table
1629 * @param integer $support - if support = 1 some columns ar not visible
1630 * @return
1631 */
1632 function output_log_server_certs_header($support=0){
1633 //should be entered in account/12.php
1634 ?>
1635 <tr>
1636 <?if ($support !=1) { ?>
1637 <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
1638 <? } ?>
1639 <td class="DataTD"><?=_("Status")?></td>
1640 <td class="DataTD"><?=_("CommonName")?></td>
1641 <td class="DataTD"><?=_("SerialNumber")?></td>
1642 <td class="DataTD"><?=_("Revoked")?></td>
1643 <td class="DataTD"><?=_("Expires")?></td>
1644 <?if ($support !=1) { ?>
1645 <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
1646 <? } ?>
1647 </tr>
1648 <?
1649 }
1650
1651 /**
1652 * output_log_server_certs()
1653 * show the server cert data
1654 * @param mixed $row - sql-query array
1655 * @param integer $support - if support = 1 some columns are not visible
1656 * @return
1657 */
1658 function output_log_server_certs($row, $support=0){
1659 //should be entered in account/12.php
1660 if($row['timeleft'] > 0)
1661 $verified = _("Valid");
1662 if($row['timeleft'] < 0)
1663 $verified = _("Expired");
1664 if($row['expired'] == 0)
1665 $verified = _("Pending");
1666 if($row['revoked'] > 0)
1667 $verified = _("Revoked");
1668 if($row['revoked'] == 0)
1669 $row['revoke'] = _("Not Revoked");
1670 ?>
1671 <tr>
1672 <? if ($support !=1) {
1673 if($verified != _("Pending") && $verified != _("Revoked")) { ?>
1674 <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"/></td>
1675 <? } else if($verified != _("Revoked")) { ?>
1676 <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"/></td>
1677 <? } else { ?>
1678 <td class="DataTD">&nbsp;</td>
1679 <? }
1680 }?>
1681 <td class="DataTD"><?=$verified?></td>
1682 <?if ($support !=1) { ?>
1683 <td class="DataTD"><a href="account.php?id=15&amp;cert=<?=$row['id']?>"><?=$row['CN']?></a></td>
1684 <? }ELSE{ ?>
1685 <td class="DataTD"><?=$row['CN']?></td>
1686 <?}?>
1687 <td class="DataTD"><?=$row['serial']?></td>
1688 <td class="DataTD"><?=$row['revoke']?></td>
1689 <td class="DataTD"><?=$row['expires']?></td>
1690 <?if ($support !=1) { ?>
1691 <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
1692 <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
1693 <?}?>
1694 </tr> <?
1695 }
1696
1697 /**
1698 * output_gpg_certs_header()
1699 * shows the table header to the gpg cert table
1700 * @param integer $support - if support = 1 some columns ar not visible
1701 * @return
1702 */
1703 function output_gpg_certs_header($support=0){
1704 ?>
1705 <tr>
1706 <td class="DataTD"><?=_("Status")?></td>
1707 <td class="DataTD"><?=_("Email Address")?></td>
1708 <td class="DataTD"><?=_("Expires")?></td>
1709 <td class="DataTD"><?=_("Key ID")?></td>
1710 <?if ($support !=1) { ?>
1711 <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
1712 <? }?>
1713 </tr>
1714 <?
1715 }
1716
1717 /**
1718 * output_gpg_certs()
1719 * show the gpg cert data
1720 * @param mixed $row - sql-query array
1721 * @param integer $support - if support = 1 some columns are not visible
1722 * @return
1723 */
1724 function output_gpg_certs($row, $support=0){
1725 //should be entered in account/55.php
1726 if($row['timeleft'] > 0)
1727 $verified = _("Valid");
1728 if($row['timeleft'] < 0)
1729 $verified = _("Expired");
1730 if($row['expired'] == 0)
1731 $verified = _("Pending");
1732 ?>
1733 <tr>
1734 <? if($verified == _("Valid")) { ?>
1735 <td class="DataTD"><?=$verified?></td>
1736 <?if ($support !=1) { ?>
1737 <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['email']?></a></td>
1738 <? } else { ?>
1739 <td class="DataTD"><?=$row['email']?></td>
1740 <? } ?>
1741 <? } else if($verified == _("Pending")) { ?>
1742 <td class="DataTD"><?=$verified?></td>
1743 <td class="DataTD"><?=$row['email']?></td>
1744 <? } else { ?>
1745 <td class="DataTD"><?=$verified?></td>
1746 <?if ($support !=1) { ?>
1747 <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['email']?></a></td>
1748 <? } else { ?>
1749 <td class="DataTD"><?=$row['email']?></td>
1750 <? } ?>
1751 <? } ?>
1752 <td class="DataTD"><?=$row['expires']?></td>
1753 <?if ($support != 1) { ?>
1754 <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['keyid']?></a></td>
1755 <? } else { ?>
1756 <td class="DataTD"><?=$row['keyid']?></td>
1757 <? } ?>
1758 <?if ($support !=1) { ?>
1759 <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
1760 <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
1761 <? } ?>
1762 </tr>
1763 <?
1764 }