7d8a3f0f37250ad4d520783956ff473a35de935a
[cacert-devel.git] / includes / notary.inc.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2011 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */
18
19 function query_init ($query)
20 {
21 return mysql_query($query);
22 }
23
24 function query_getnextrow ($res)
25 {
26 $row1 = mysql_fetch_assoc($res);
27 return $row1;
28 }
29
30 function query_get_number_of_rows ($resultset)
31 {
32 return intval(mysql_num_rows($resultset));
33 }
34
35 function get_number_of_assurances ($userid)
36 {
37 $res = query_init ("SELECT count(*) AS `list` FROM `notary`
38 WHERE `method` = 'Face to Face Meeting' AND `from`='".intval($userid)."' and `deleted` = 0");
39 $row = query_getnextrow($res);
40
41 return intval($row['list']);
42 }
43
44 function get_number_of_ttpassurances ($userid)
45 {
46 $res = query_init ("SELECT count(*) AS `list` FROM `notary`
47 WHERE (`method`='Trusted Third Parties' or `method`='TTP-Assisted') AND `to`='".intval($userid)."' and `deleted` = 0");
48 $row = query_getnextrow($res);
49
50 return intval($row['list']);
51 }
52
53 function get_number_of_assurees ($userid)
54 {
55 $res = query_init ("SELECT count(*) AS `list` FROM `notary`
56 WHERE `method` = 'Face to Face Meeting' AND `to`='".intval($userid)."' and `deleted` = 0");
57 $row = query_getnextrow($res);
58
59 return intval($row['list']);
60 }
61
62 function get_top_assurer_position ($no_of_assurances)
63 {
64 $res = query_init ("SELECT count(*) AS `list` FROM `notary`
65 WHERE `method` = 'Face to Face Meeting' and `deleted` = 0
66 GROUP BY `from` HAVING count(*) > '".intval($no_of_assurances)."'");
67 return intval(query_get_number_of_rows($res)+1);
68 }
69
70 function get_top_assuree_position ($no_of_assurees)
71 {
72 $res = query_init ("SELECT count(*) AS `list` FROM `notary`
73 WHERE `method` = 'Face to Face Meeting' and `deleted` = 0
74 GROUP BY `to` HAVING count(*) > '".intval($no_of_assurees)."'");
75 return intval(query_get_number_of_rows($res)+1);
76 }
77
78 function get_given_assurances ($userid)
79 {
80 $res = query_init ("select * from `notary` where `from`='".intval($userid)."' and `from` != `to` and `deleted` = 0 order by `id` asc");
81 return $res;
82 }
83
84 function get_received_assurances ($userid)
85 {
86 $res = query_init ("select * from `notary` where `to`='".intval($userid)."' and `from` != `to` and `deleted` = 0 order by `id` asc ");
87 return $res;
88 }
89
90 function get_given_assurances_summary ($userid)
91 {
92 $res = query_init ("select count(*) as number,points,awarded,method from notary where `from`='".intval($userid)."' and `deleted` = 0 group by points,awarded,method");
93 return $res;
94 }
95
96 function get_received_assurances_summary ($userid)
97 {
98 $res = query_init ("select count(*) as number,points,awarded,method from notary where `to`='".intval($userid)."' and `deleted` = 0 group by points,awarded,method");
99 return $res;
100 }
101
102 function get_user ($userid)
103 {
104 $res = query_init ("select * from `users` where `id`='".intval($userid)."'");
105 return mysql_fetch_assoc($res);
106 }
107
108 function get_cats_state ($userid)
109 {
110
111 $res = query_init ("select * from `cats_passed` inner join `cats_variant` on `cats_passed`.`variant_id` = `cats_variant`.`id` and `cats_variant`.`type_id` = 1
112 WHERE `cats_passed`.`user_id` = '".intval($userid)."'");
113 return mysql_num_rows($res);
114 }
115
116 function calc_experience ($row,&$points,&$experience,&$sum_experience,&$revoked)
117 {
118 $apoints = max($row['points'], $row['awarded']);
119 $points += $apoints;
120 $experience = "&nbsp;";
121 $revoked = false; # to be coded later (after DB-upgrade)
122 if ($row['method'] == "Face to Face Meeting")
123 {
124 $sum_experience = $sum_experience +2;
125 $experience = "2";
126 }
127 return $apoints;
128 }
129
130 function calc_assurances ($row,&$points,&$experience,&$sumexperience,&$awarded,&$revoked)
131 {
132 $awarded = calc_points($row);
133 $revoked = false;
134
135 if ($awarded > 100)
136 {
137 $experience = $awarded - 100; // needs to be fixed in the future (limit 50 pts and/or no experience if pts > 100)
138 $awarded = 100;
139 }
140 else
141 $experience = 0;
142
143 switch ($row['method'])
144 {
145 case 'Thawte Points Transfer':
146 case 'CT Magazine - Germany':
147 case 'Temporary Increase': // Current usage of 'Temporary Increase' may break audit aspects, needs to be reimplemented
148 $awarded=sprintf("<strong style='color: red'>%s</strong>",_("Revoked"));
149 $experience=0;
150 $revoked=true;
151 break;
152 default:
153 $points += $awarded;
154 }
155 $sumexperience = $sumexperience + $experience;
156 }
157
158
159 function show_user_link ($name,$userid)
160 {
161 $name = trim($name);
162 if($name == "")
163 {
164 if ($userid == 0)
165 $name = _("System");
166 else
167 $name = _("Deleted account");
168 }
169 else
170 $name = "<a href='wot.php?id=9&amp;userid=".intval($userid)."'>".sanitizeHTML($name)."</a>";
171 return $name;
172 }
173
174 function show_email_link ($email,$userid)
175 {
176 $email = trim($email);
177 if($email != "")
178 $email = "<a href='account.php?id=43&amp;userid=".intval($userid)."'>".sanitizeHTML($email)."</a>";
179 return $email;
180 }
181
182 function get_assurer_ranking($userid,&$num_of_assurances,&$rank_of_assurer)
183 {
184 $num_of_assurances = get_number_of_assurances (intval($userid));
185 $rank_of_assurer = get_top_assurer_position($num_of_assurances);
186 }
187
188 function get_assuree_ranking($userid,&$num_of_assurees,&$rank_of_assuree)
189 {
190 $num_of_assurees = get_number_of_assurees (intval($userid));
191 $rank_of_assuree = get_top_assuree_position($num_of_assurees);
192 }
193
194
195 // ************* html table definitions ******************
196
197 function output_ranking($userid)
198 {
199 get_assurer_ranking($userid,$num_of_assurances,$rank_of_assurer);
200 get_assuree_ranking($userid,$num_of_assurees,$rank_of_assuree);
201
202 ?>
203 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
204 <tr>
205 <td class="title"><?=_("Assurer Ranking")?></td>
206 </tr>
207 <tr>
208 <td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($num_of_assurances), intval($rank_of_assurer) )?></td>
209 </tr>
210 <tr>
211 <td class="DataTD"><?=sprintf(_("You have received %s assurances which ranks you as the #%s top assuree."), intval($num_of_assurees), intval($rank_of_assuree) )?></td>
212 </tr>
213 </table>
214 <br/>
215 <?
216 }
217
218 function output_assurances_header($title,$support)
219 {
220 ?>
221 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
222 <tr>
223 <?
224 if ($support == "1")
225 {
226 ?>
227 <td colspan="10" class="title"><?=$title?></td>
228 <?
229 } else {
230 ?>
231 <td colspan="7" class="title"><?=$title?></td>
232 <?
233 }
234 ?>
235 </tr>
236 <tr>
237 <td class="DataTD"><strong><?=_("ID")?></strong></td>
238 <td class="DataTD"><strong><?=_("Date")?></strong></td>
239 <?
240 if ($support == "1")
241 {
242 ?>
243 <td class="DataTD"><strong><?=_("When")?></strong></td>
244 <td class="DataTD"><strong><?=_("Email")?></strong></td>
245 <?
246 }
247 ?>
248 <td class="DataTD"><strong><?=_("Who")?></strong></td>
249 <td class="DataTD"><strong><?=_("Points")?></strong></td>
250 <td class="DataTD"><strong><?=_("Location")?></strong></td>
251 <td class="DataTD"><strong><?=_("Method")?></strong></td>
252 <td class="DataTD"><strong><?=_("Experience Points")?></strong></td>
253 <?
254 if ($support == "1")
255 {
256 ?>
257 <td class="DataTD"><strong><?=_("Revoke")?></strong></td>
258 <?
259 }
260 ?>
261 </tr>
262 <?
263 }
264
265 function output_assurances_footer($points_txt,$points,$experience_txt,$sumexperience,$support)
266 {
267 ?>
268 <tr>
269 <td<?=($support == "1")?' colspan="5"':' colspan="3"'?> class="DataTD"><strong><?=$points_txt?>:</strong></td>
270 <td class="DataTD"><?=$points?></td>
271 <td class="DataTD">&nbsp;</td>
272 <td class="DataTD"><strong><?=$experience_txt?>:</strong></td>
273 <td class="DataTD"><?=$sumexperience?></td>
274 <?
275 if ($support == "1")
276 {
277 ?>
278 <td class="DataTD">&nbsp;</td>
279 <?
280 }
281 ?>
282
283 </tr>
284 </table>
285 <br/>
286 <?
287 }
288
289 function output_assurances_row($assuranceid,$date,$when,$email,$name,$awarded,$points,$location,$method,$experience,$userid,$support,$revoked)
290 {
291
292 $tdstyle="";
293 $emopen="";
294 $emclose="";
295
296 if ($awarded == $points)
297 {
298 if ($awarded == "0")
299 {
300 if ($when < "2006-09-01")
301 {
302 $tdstyle="style='background-color: #ffff80'";
303 $emopen="<em>";
304 $emclose="</em>";
305 }
306 }
307 }
308 ?>
309 <tr>
310 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$assuranceid?><?=$emclose?></td>
311 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$date?><?=$emclose?></td>
312 <?
313 if ($support == "1")
314 {
315 ?>
316 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$when?><?=$emclose?></td>
317 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$email?><?=$emclose?></td>
318 <?
319 }
320 ?>
321 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td>
322 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$awarded?><?=$emclose?></td>
323 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$location?><?=$emclose?></td>
324 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td>
325 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?><?=$emclose?></td>
326 <?
327 if ($support == "1")
328 {
329 if ($revoked == true)
330 {
331 ?>
332 <td class="DataTD" <?=$tdstyle?>>&nbsp;</td>
333 <?
334 } else {
335 ?>
336 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&amp;userid=<?=intval($userid)?>&amp;assurance=<?=intval($assuranceid)?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$assuranceid)?>');"><?=_("Revoke")?></a><?=$emclose?></td>
337 <?
338 }
339 }
340 ?>
341 </tr>
342 <?
343 }
344
345 function output_summary_header()
346 {
347 ?>
348 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
349 <tr>
350 <td colspan="4" class="title"><?=_("Summary of your Points")?></td>
351 </tr>
352 <tr>
353 <td class="DataTD"><strong><?=_("Description")?></strong></td>
354 <td class="DataTD"><strong><?=_("Points")?></strong></td>
355 <td class="DataTD"><strong><?=_("Countable Points")?></strong></td>
356 <td class="DataTD"><strong><?=_("Remark")?></strong></td>
357 </tr>
358 <?
359 }
360
361 function output_summary_footer()
362 {
363 ?>
364 </table>
365 <br/>
366 <?
367 }
368
369 function output_summary_row($title,$points,$points_countable,$remark)
370 {
371 ?>
372 <tr>
373 <td class="DataTD"><strong><?=$title?></strong></td>
374 <td class="DataTD"><?=$points?></td>
375 <td class="DataTD"><?=$points_countable?></td>
376 <td class="DataTD"><?=$remark?></td>
377 </tr>
378 <?
379 }
380
381
382 // ************* output given assurances ******************
383
384 function output_given_assurances_content($userid,&$points,&$sum_experience,$support)
385 {
386 $points = 0;
387 $sumexperience = 0;
388 $res = get_given_assurances(intval($userid));
389 while($row = mysql_fetch_assoc($res))
390 {
391 $assuree = get_user (intval($row['to']));
392 $apoints = calc_experience ($row,$points,$experience,$sum_experience,$revoked);
393 $name = show_user_link ($assuree['fname']." ".$assuree['lname'],intval($row['to']));
394 $email = show_email_link ($assuree['email'],intval($row['to']));
395 output_assurances_row (intval($row['id']),$row['date'],$row['when'],$email,$name,$apoints,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience,$userid,$support,$revoked);
396 }
397 }
398
399 // ************* output received assurances ******************
400
401 function output_received_assurances_content($userid,&$points,&$sum_experience,$support)
402 {
403 $points = 0;
404 $sumexperience = 0;
405 $res = get_received_assurances(intval($userid));
406 while($row = mysql_fetch_assoc($res))
407 {
408 $fromuser = get_user (intval($row['from']));
409 calc_assurances ($row,$points,$experience,$sum_experience,$awarded,$revoked);
410 $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['from']));
411 $email = show_email_link ($fromuser['email'],intval($row['from']));
412 output_assurances_row (intval($row['id']),$row['date'],$row['when'],$email,$name,$awarded,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience,$userid,$support,$revoked);
413 }
414 }
415
416 // ************* output summary table ******************
417
418 function check_date_limit ($userid,$age)
419 {
420 $dob = date("Y-m-d", mktime(0,0,0,date("m"),date("d"),date("Y")-$age));
421 $res = query_init ("select id from `users` where `id`='".$userid."' and `dob` < '$dob'");
422 return intval(query_get_number_of_rows($res));
423 }
424
425 function calc_points($row)
426 {
427 $awarded = intval($row['awarded']);
428 if (intval($row['points']) < $awarded)
429 $points = $awarded; // if 'sum of added points' > 100, awarded shows correct value
430 else
431 $points = intval($row['points']); // on very old assurances, awarded is '0' instead of correct value
432 switch ($row['method'])
433 {
434 case 'Thawte Points Transfer': // revoke all Thawte-points (as per arbitration)
435 case 'CT Magazine - Germany': // revoke c't (only one test-entry)
436 case 'Temporary Increase': // revoke 'temporary increase' (Current usage breaks audit aspects, needs to be reimplemented)
437 $points = 0;
438 break;
439 case 'Administrative Increase': // ignore AI with 2 points or less (historical for experiance points, now other calculation)
440 if ($points <= 2) // maybe limit to 35/50 pts in the future?
441 $points = 0;
442 break;
443 case 'Unknown': // to be revoked in the future? limit to max 50 pts?
444 case 'Trusted Third Parties': // to be revoked in the future? limit to max 35 pts?
445 case 'TTP-Assisted': // TTP assurances, limit to 35
446 case 'TOPUP': // TOPUP to be delevoped in the future, limit to 30
447 case '': // to be revoked in the future? limit to max 50 pts?
448 case 'Face to Face Meeting': // normal assurances, limit to 35/50 pts in the future?
449 break;
450 default: // should never happen ... ;-)
451 $points = 0;
452 }
453 if ($points < 0) // ignore negative points (bug needs to be fixed)
454 $points = 0;
455 return $points;
456 }
457
458 function max_points($userid)
459 {
460 return output_summary_content ($userid,0);
461 }
462
463 function output_summary_content($userid,$display_output)
464 {
465 $sum_points = 0;
466 $sum_experience = 0;
467 $sum_experience_other = 0;
468 $max_points = 100;
469 $max_experience = 50;
470
471 $experience_limit_reached_txt = _("Limit reached");
472
473 if (check_date_limit($userid,18) != 1)
474 {
475 $max_experience = 10;
476 $experience_limit_reached_txt = _("Limit given by PoJAM reached");
477 }
478 if (check_date_limit($userid,14) != 1)
479 {
480 $max_experience = 0;
481 $experience_limit_reached_txt = _("Limit given by PoJAM reached");
482 }
483
484 $res = get_received_assurances_summary($userid);
485 while($row = mysql_fetch_assoc($res))
486 {
487 $points = calc_points ($row);
488
489 if ($points > $max_points) // limit to 100 points, above is experience (needs to be fixed)
490 {
491 $sum_experience_other = $sum_experience_other+($points-$max_points)*intval($row['number']);
492 $points = $max_points;
493 }
494 $sum_points += $points*intval($row['number']);
495 }
496
497 $res = get_given_assurances_summary($userid);
498 while($row = mysql_fetch_assoc($res))
499 {
500 switch ($row['method'])
501 {
502 case 'Face to Face Meeting': // count Face to Face only
503 $sum_experience += 2*intval($row['number']);
504 break;
505 }
506
507 }
508
509 if ($sum_points > $max_points)
510 {
511 $sum_points_countable = $max_points;
512 $remark_points = _("Limit reached");
513 }
514 else
515 {
516 $sum_points_countable = $sum_points;
517 $remark_points = "&nbsp;";
518 }
519 if ($sum_experience > $max_experience)
520 {
521 $sum_experience_countable = $max_experience;
522 $remark_experience = $experience_limit_reached_txt;
523 }
524 else
525 {
526 $sum_experience_countable = $sum_experience;
527 $remark_experience = "&nbsp;";
528 }
529
530 if ($sum_experience_countable + $sum_experience_other > $max_experience)
531 {
532 $sum_experience_other_countable = $max_experience-$sum_experience_countable;
533 $remark_experience_other = $experience_limit_reached_txt;
534 }
535 else
536 {
537 $sum_experience_other_countable = $sum_experience_other;
538 $remark_experience_other = "&nbsp;";
539 }
540
541 if ($sum_points_countable < $max_points)
542 {
543 if ($sum_experience_countable != 0)
544 $remark_experience = _("Points on hold due to less assurance points");
545 $sum_experience_countable = 0;
546 if ($sum_experience_other_countable != 0)
547 $remark_experience_other = _("Points on hold due to less assurance points");
548 $sum_experience_other_countable = 0;
549 }
550
551 $issue_points = 0;
552 $cats_test_passed = get_cats_state ($userid);
553 if ($cats_test_passed == 0)
554 {
555 $issue_points_txt = "<strong style='color: red'>"._("You have to pass the CAcert Assurer Challenge (CATS-Test) to be an Assurer")."</strong>";
556 if ($sum_points_countable < $max_points)
557 {
558 $issue_points_txt = "<strong style='color: red'>";
559 $issue_points_txt .= sprintf(_("You need %s assurance points and the passed CATS-Test to be an Assurer"), intval($max_points));
560 $issue_points_txt .= "</strong>";
561 }
562 }
563 else
564 {
565 $experience_total = $sum_experience_countable+$sum_experience_other_countable;
566 $issue_points_txt = "";
567 if ($sum_points_countable == $max_points)
568 $issue_points = 10;
569 if ($experience_total >= 10)
570 $issue_points = 15;
571 if ($experience_total >= 20)
572 $issue_points = 20;
573 if ($experience_total >= 30)
574 $issue_points = 25;
575 if ($experience_total >= 40)
576 $issue_points = 30;
577 if ($experience_total >= 50)
578 $issue_points = 35;
579 if ($issue_points != 0)
580 $issue_points_txt = sprintf(_("You may issue up to %s points"),$issue_points);
581 }
582 if ($display_output)
583 {
584 output_summary_row (_("Assurance Points you received"),$sum_points,$sum_points_countable,$remark_points);
585 output_summary_row (_("Total Experience Points by Assurance"),$sum_experience,$sum_experience_countable,$remark_experience);
586 output_summary_row (_("Total Experience Points (other ways)"),$sum_experience_other,$sum_experience_other_countable,$remark_experience_other);
587 output_summary_row (_("Total Points"),"&nbsp;",$sum_points_countable + $sum_experience_countable + $sum_experience_other_countable,$issue_points_txt);
588 }
589 return $issue_points;
590 }
591
592 function output_given_assurances($userid,$support=0)
593 {
594 output_assurances_header(_("Assurance Points You Issued"),$support);
595 output_given_assurances_content($userid,$points,$sum_experience,$support);
596 output_assurances_footer(_("Total Points Issued"),$points,_("Total Experience Points"),$sum_experience,$support);
597 }
598
599 function output_received_assurances($userid,$support=0)
600 {
601 output_assurances_header(_("Your Assurance Points"),$support);
602 output_received_assurances_content($userid,$points,$sum_experience,$support);
603 output_assurances_footer(_("Total Assurance Points"),$points,_("Total Experience Points"),$sum_experience,$support);
604 }
605
606 function output_summary($userid)
607 {
608 output_summary_header();
609 output_summary_content($userid,1);
610 output_summary_footer();
611 }
612
613 function output_end_of_page()
614 {
615 ?>
616 <p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p>
617 <?
618 }
619
620 //functions to do with recording user agreements
621 /**
622 * write_user_agreement()
623 * writes a new record to the table user_agreement
624 *
625 * @param mixed $memid
626 * @param mixed $document
627 * @param mixed $method
628 * @param mixed $comment
629 * @param integer $active
630 * @param integer $secmemid
631 * @return
632 */
633 function write_user_agreement($memid, $document, $method, $comment, $active=1, $secmemid=0){
634 // write a new record to the table user_agreement
635 $query="insert into `user_agreements` set `memid`=".intval($memid).", `secmemid`=".intval($secmemid).
636 ",`document`='".mysql_real_escape_string($document)."',`date`=NOW(), `active`=".intval($active).",`method`='".mysql_real_escape_string($method)."',`comment`='".mysql_real_escape_string($comment)."'" ;
637 $res = mysql_query($query);
638 }
639
640 /**
641 * get_user_agreement_status()
642 * returns 1 if the user has an entry for the given type in user_agreement, 0 if no entry is recorded
643 * @param mixed $memid
644 * @param string $type
645 * @return
646 */
647 function get_user_agreement_status($memid, $type="CCA"){
648 $query="SELECT u.`document` FROM `user_agreements` u
649 WHERE u.`document` = '" . mysql_real_escape_string($type) . "' AND u.`memid`=" . intval($memid) ;
650 $res = mysql_query($query);
651 if(mysql_num_rows($res) <=0){
652 return 0;
653 }else{
654 return 1;
655 }
656 }
657
658 /**
659 * get_first_user_agreement()
660 * returns the first user_agreement entry of the requested type depending on thes status of active of a given user
661 * @param mixed $memid
662 * @param integer $active, 0 - passive, 1 -active
663 * @param string $type
664 * @return
665 */
666 function get_first_user_agreement($memid, $active=1, $type="CCA"){
667 //returns an array (`document`,`date`,`method`, `comment`,`active`)
668 $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM `user_agreements` AS u
669 WHERE u.`document` = '" . mysql_real_escape_string($type) . "' AND u.`memid`=" . intval($memid) . " AND u.`active`=" . intval($active) .
670 " ORDER BY u.`date` Limit 1;";
671 $res = mysql_query($query);
672 if(mysql_num_rows($res) >0){
673 $rec = mysql_fetch_assoc($res);
674 }else{
675 $rec=array();
676 }
677 return $rec;
678 }
679
680 /**
681 * get_last_user_agreement()
682 * returns the last user_agreement entry of a given type and of a given user
683 * @param mixed $memid
684 * @param string $type
685 * @return
686 */
687 function get_last_user_agreement($memid, $type="CCA"){
688 //returns an array (`document`,`date`,`method`, `comment`,`active`)
689 $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM user_agreements u WHERE u.`document` = '" . mysql_real_escape_string($type) . "' AND (u.`memid`=" . intval($memid) . " ) order by `date` desc limit 1 " ;
690 $res = mysql_query($query);
691 if(mysql_num_rows($res) >0){
692 $rec = mysql_fetch_assoc($res);
693 }else{
694 $rec=array();
695 }
696 return $rec;
697 }
698
699 /**
700 * delete_user_agreement()
701 * deletes all entries for a given type from user_agreement of a given user, if type is not given all
702 * @param mixed $memid
703 * @param string $type
704 * @return
705 */
706 function delete_user_agreement($memid, $type=false){
707 //deletes all entries to an user for the given type of user agreements
708 if ($type === false) {
709 $filter = '';
710 } else {
711 $filter = " and `document` = '" . mysql_real_escape_string($type) . "'";
712 }
713 mysql_query("delete from `user_agreements` where `memid`=" . intval($memid) . $filter );
714 }
715
716 // functions for 6.php (assure somebody)
717
718 function AssureHead($confirmation,$checkname)
719 {
720 ?>
721 <form method="post" action="wot.php">
722 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="600">
723 <tr>
724 <td colspan="2" class="title"><?=$confirmation?></td>
725 </tr>
726 <tr>
727 <td class="DataTD" colspan="2" align="left"><?=$checkname?></td>
728 </tr>
729 <?
730 }
731
732 function AssureTextLine($field1,$field2)
733 {
734 ?>
735 <tr>
736 <td class="DataTD"><?=$field1.(empty($field1)?'':':')?></td>
737 <td class="DataTD"><?=$field2?></td>
738 </tr>
739 <?
740 }
741
742 function AssureBoxLine($type,$text,$checked)
743 {
744 ?>
745 <tr>
746 <td class="DataTD"><input type="checkbox" name="<?=$type?>" value="1" <?=$checked?"checked":""?>></td>
747 <td class="DataTD"><?=$text?></td>
748 </tr>
749 <?
750 }
751
752 function AssureMethodLine($text,$methods,$remark)
753 {
754 if (count($methods) != 1) {
755 ?>
756 <tr>
757 <td class="DataTD"><?=$text.(empty($text)?'':':')?></td>
758 <td class="DataTD">
759 <select name="method">
760 <?
761 foreach($methods as $val) {
762 ?>
763 <option value="<?=$val?>"><?=$val?></option>
764 <?
765 }
766 ?>
767 </select>
768 <br />
769 <?=$remark?>
770 </td>
771 </tr>
772 <?
773 } else {
774 ?>
775 <input type="hidden" name="<?=$val?>" value="<?=$methods[0]?>" />
776 <?
777 }
778 }
779
780 function AssureInboxLine($type,$field,$value,$description)
781 {
782 ?>
783 <tr>
784 <td class="DataTD"><?=$field.(empty($field)?'':':')?></td>
785 <td class="DataTD"><input type="text" name="<?=$type?>" value="<?=$value?>"><?=$description?></td>
786 </tr>
787 <?
788 }
789
790 function AssureFoot($oldid,$confirm)
791 {
792 ?>
793 <tr>
794 <td class="DataTD" colspan="2">
795 <input type="submit" name="process" value="<?=$confirm?>" />
796 <input type="submit" name="cancel" value="<?=_("Cancel")?>" />
797 </td>
798 </tr>
799 </table>
800 <input type="hidden" name="pagehash" value="<?=$_SESSION['_config']['wothash']?>" />
801 <input type="hidden" name="oldid" value="<?=$oldid?>" />
802 </form>
803 <?
804 }
805
806 function account_email_delete($mailid){
807 //deletes an email entry from an acount
808 //revolkes all certifcates for that email address
809 //called from www/account.php if($process != "" && $oldid == 2)
810 //called from www/diputes.php if($type == "reallyemail") / if($action == "accept")
811 //called from account_delete
812 $mailid = intval($mailid);
813 revoke_all_client_cert($mailid);
814 $query = "update `email` set `deleted`=NOW() where `id`='$mailid'";
815 mysql_query($query);
816 }
817
818 function account_domain_delete($domainid){
819 //deletes an domain entry from an acount
820 //revolkes all certifcates for that domain address
821 //called from www/account.php if($process != "" && $oldid == 9)
822 //called from www/diputes.php if($type == "reallydomain") / if($action == "accept")
823 //called from account_delete
824 $domainid = intval($domainid);
825 revoke_all_server_cert($domainid);
826 mysql_query(
827 "update `domains`
828 set `deleted`=NOW()
829 where `id` = '$domainid'");
830 }
831
832 function account_delete($id, $arbno, $adminid){
833 //deletes an account following the deleted account routnie V3
834 // called from www/account.php if($oldid == 50 && $process != "")
835 //change password
836 $id = intval($id);
837 $arbno = mysql_real_escape_string($arbno);
838 $adminid = intval($adminid);
839 $pool = 'abcdefghijklmnopqrstuvwxyz';
840 $pool .= '0123456789!()ยง';
841 $pool .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
842 srand ((double)microtime()*1000000);
843 $password="";
844 for($index = 0; $index < 30; $index++)
845 {
846 $password .= substr($pool,(rand()%(strlen ($pool))), 1);
847 }
848 mysql_query("update `users` set `password`=sha1('".$password."') where `id`='".$id."'");
849
850 //create new mail for arbitration number
851 $query = "insert into `email` set `email`='".$arbno."@cacert.org',`memid`='".$id."',`created`=NOW(),`modified`=NOW(), `attempts`=-1";
852 mysql_query($query);
853 $emailid = mysql_insert_id();
854
855 //set new mail as default
856 $query = "update `users` set `email`='".$arbno."@cacert.org' where `id`='".$id."'";
857 mysql_query($query);
858
859 //delete all other email address
860 $query = "select `id` from `email` where `memid`='".$id."' and `id`!='".$emailid."'" ;
861 $res=mysql_query($query);
862 while($row = mysql_fetch_assoc($res)){
863 account_email_delete($row['id']);
864 }
865
866 //delete all domains
867 $query = "select `id` from `domains` where `memid`='".$id."'";
868 $res=mysql_query($query);
869 while($row = mysql_fetch_assoc($res)){
870 account_domain_delete($row['id']);
871 }
872
873 //clear alert settings
874 mysql_query(
875 "update `alerts` set
876 `general`='0',
877 `country`='0',
878 `regional`='0',
879 `radius`='0'
880 where `memid`='$id'");
881
882 //set default location
883 $query = "update `users` set `locid`='2256755', `regid`='243', `ccid`='12' where `id`='".$id."'";
884 mysql_query($query);
885
886 //clear listings
887 $query = "update `users` set `listme`=' ',`contactinfo`=' ' where `id`='".$id."'";
888 mysql_query($query);
889
890 //set lanuage to default
891 //set default language
892 mysql_query("update `users` set `language`='en_AU' where `id`='".$id."'");
893 //delete secondary langugaes
894 mysql_query("delete from `addlang` where `userid`='".$id."'");
895
896 //change secret questions
897 for($i=1;$i<=5;$i++){
898 $q="";
899 $a="";
900 for($index = 0; $index < 30; $index++)
901 {
902 $q .= substr($pool,(rand()%(strlen ($pool))), 1);
903 $a .= substr($pool,(rand()%(strlen ($pool))), 1);
904 }
905 $query = "update `users` set `Q$i`='$q', `A$i`='$a' where `id`='".$id."'";
906 mysql_query($query);
907 }
908
909 //change personal information to arbitration number and DOB=1900-01-01
910 $query = "select `fname`,`mname`,`lname`,`suffix`,`dob` from `users` where `id`='$userid'";
911 $details = mysql_fetch_assoc(mysql_query($query));
912 $query = "insert into `adminlog` set `when`=NOW(),`old-lname`='${details['lname']}',`old-dob`='${details['dob']}',
913 `new-lname`='$arbno',`new-dob`='1900-01-01',`uid`='$id',`adminid`='".$adminid."'";
914 mysql_query($query);
915 $query = "update `users` set `fname`='".$arbno."',
916 `mname`='".$arbno."',
917 `lname`='".$arbno."',
918 `suffix`='".$arbno."',
919 `dob`='1900-01-01'
920 where `id`='".$id."'";
921 mysql_query($query);
922
923 //clear all admin and board flags
924 mysql_query(
925 "update `users` set
926 `assurer`='0',
927 `assurer_blocked`='0',
928 `codesign`='0',
929 `orgadmin`='0',
930 `ttpadmin`='0',
931 `locadmin`='0',
932 `admin`='0',
933 `adadmin`='0',
934 `tverify`='0',
935 `board`='0'
936 where `id`='$id'");
937
938 //block account
939 mysql_query("update `users` set `locked`='1' where `id`='$id'"); //, `deleted`=Now()
940 }
941
942
943 function check_email_exists($email){
944 // called from includes/account.php if($process != "" && $oldid == 1)
945 // called from includes/account.php if($oldid == 50 && $process != "")
946 $email = mysql_real_escape_string($email);
947 $query = "select 1 from `email` where `email`='$email' and `deleted`=0";
948 $res = mysql_query($query);
949 return mysql_num_rows($res) > 0;
950 }
951
952 function check_gpg_cert_running($uid,$cca=0){
953 //if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed
954 // called from includes/account.php if($oldid == 50 && $process != "")
955 $uid = intval($uid);
956 if (0==$cca) {
957 $query = "select 1 from `gpg` where `memid`='$uid' and `expire`>NOW()";
958 }else{
959 $query = "select 1 from `gpg` where `memid`='$uid' and `expire`>(NOW()-90*86400)";
960 }
961 $res = mysql_query($query);
962 return mysql_num_rows($res) > 0;
963 }
964
965 function check_client_cert_running($uid,$cca=0){
966 //if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed
967 // called from includes/account.php if($oldid == 50 && $process != "")
968 $uid = intval($uid);
969 if (0==$cca) {
970 $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>NOW() and `revoked`<`created`";
971 $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>NOW()";
972 }else{
973 $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>(NOW()-90*86400) and `revoked`<`created`";
974 $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>(NOW()-90*86400)";
975 }
976 $res = mysql_query($query1);
977 $r1 = mysql_num_rows($res)>0;
978 $res = mysql_query($query2);
979 $r2 = mysql_num_rows($res)>0;
980 return !!($r1 || $r2);
981 }
982
983 function check_server_cert_running($uid,$cca=0){
984 //if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed
985 // called from includes/account.php if($oldid == 50 && $process != "")
986 $uid = intval($uid);
987 if (0==$cca) {
988 $query1 = "
989 select 1 from `domaincerts` join `domains`
990 on `domaincerts`.`domid` = `domains`.`id`
991 where `domains`.`memid` = '$uid'
992 and `domaincerts`.`expire` > NOW()
993 and `domaincerts`.`revoked` < `domaincerts`.`created`";
994 $query2 = "
995 select 1 from `domaincerts` join `domains`
996 on `domaincerts`.`domid` = `domains`.`id`
997 where `domains`.`memid` = '$uid'
998 and `revoked`>NOW()";
999 }else{
1000 $query1 = "
1001 select 1 from `domaincerts` join `domains`
1002 on `domaincerts`.`domid` = `domains`.`id`
1003 where `domains`.`memid` = '$uid'
1004 and `expire`>(NOW()-90*86400)
1005 and `revoked`<`created`";
1006 $query2 = "
1007 select 1 from `domaincerts` join `domains`
1008 on `domaincerts`.`domid` = `domains`.`id`
1009 where `domains`.`memid` = '$uid'
1010 and `revoked`>(NOW()-90*86400)";
1011 }
1012 $res = mysql_query($query1);
1013 $r1 = mysql_num_rows($res)>0;
1014 $res = mysql_query($query2);
1015 $r2 = mysql_num_rows($res)>0;
1016 return !!($r1 || $r2);
1017 }
1018
1019 function check_is_orgadmin($uid){
1020 // called from includes/account.php if($oldid == 50 && $process != "")
1021 $uid = intval($uid);
1022 $query = "select 1 from `org` where `memid`='$uid' and `deleted`=0";
1023 $res = mysql_query($query);
1024 return mysql_num_rows($res) > 0;
1025 }
1026
1027
1028 // revokation of certificates
1029 function revoke_all_client_cert($mailid){
1030 //revokes all client certificates for an email address
1031 $mailid = intval($mailid);
1032 $query = "select `emailcerts`.`id`
1033 from `emaillink`,`emailcerts` where
1034 `emaillink`.`emailid`='$mailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and `emailcerts`.`revoked`=0
1035 group by `emailcerts`.`id`";
1036 $dres = mysql_query($query);
1037 while($drow = mysql_fetch_assoc($dres)){
1038 mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01', `disablelogin`=1 where `id`='".$drow['id']."'");
1039 }
1040 }
1041
1042 function revoke_all_server_cert($domainid){
1043 //revokes all server certs for an domain
1044 $domainid = intval($domainid);
1045 $query =
1046 "select `domaincerts`.`id`
1047 from `domaincerts`
1048 where `domaincerts`.`domid` = '$domainid'
1049 union distinct
1050 select `domaincerts`.`id`
1051 from `domaincerts`, `domlink`
1052 where `domaincerts`.`id` = `domlink`.`certid`
1053 and `domlink`.`domid` = '$domainid'";
1054 $dres = mysql_query($query);
1055 while($drow = mysql_fetch_assoc($dres))
1056 {
1057 mysql_query(
1058 "update `domaincerts`
1059 set `revoked`='1970-01-01 10:00:01'
1060 where `id` = '".$drow['id']."'
1061 and `revoked` = 0");
1062 }
1063 }
1064
1065 function revoke_all_private_cert($uid){
1066 //revokes all certificates linked to a personal accounts
1067 //gpg revokation needs to be added to a later point
1068 $uid=intval($uid);
1069 $query = "select `id` from `email` where `memid`='".$uid."'";
1070 $res=mysql_query($query);
1071 while($row = mysql_fetch_assoc($res)){
1072 revoke_all_client_cert($row['id']);
1073 }
1074
1075
1076 $query = "select `id` from `domains` where `memid`='".$uid."'";
1077 $res=mysql_query($query);
1078 while($row = mysql_fetch_assoc($res)){
1079 revoke_all_server_cert($row['id']);
1080 }
1081 }
1082
1083 /**
1084 * check_date_format()
1085 * checks if the date is entered in the right date format YYYY-MM-DD and
1086 * if the date is after the 1st January of the given year
1087 *
1088 * @param mixed $date
1089 * @param integer $year
1090 * @return
1091 */
1092 function check_date_format($date, $year=2000){
1093 if (!strpos($date,'-')) {
1094 return FALSE;
1095 }
1096 $arr=explode('-',$date);
1097
1098 if ((count($arr)!=3)) {
1099 return FALSE;
1100 }
1101 if (intval($arr[0])<=$year) {
1102 return FALSE;
1103 }
1104 if (intval($arr[1])>12 or intval($arr[1])<=0) {
1105 return FALSE;
1106 }
1107 if (intval($arr[2])>31 or intval($arr[2])<=0) {
1108 return FALSE;
1109 }
1110
1111 return checkdate( intval($arr[1]), intval($arr[2]), intval($arr[0]));
1112
1113 }
1114
1115 /**
1116 * check_date_difference()
1117 * returns false if the date is larger then today + time diffrence
1118 *
1119 * @param mixed $date
1120 * @param integer $diff
1121 * @return
1122 */
1123 function check_date_difference($date, $diff=1){
1124 return (strtotime($date)<=time()+$diff*86400);
1125 }