Merge branch 'bug-649' into testserver-stable
[cacert-devel.git] / includes / notary.inc.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2011 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */
18
19 define('NULL_DATETIME', '0000-00-00 00:00:00');
20 define('THAWTE_REVOCATION_DATETIME', '2010-11-16 00:00:00');
21
22 function query_init ($query)
23 {
24 return mysql_query($query);
25 }
26
27 function query_getnextrow ($res)
28 {
29 $row1 = mysql_fetch_assoc($res);
30 return $row1;
31 }
32
33 function query_get_number_of_rows ($resultset)
34 {
35 return intval(mysql_num_rows($resultset));
36 }
37
38 function get_number_of_assurances ($userid)
39 {
40 $res = query_init ("SELECT count(*) AS `list` FROM `notary`
41 WHERE `method` = 'Face to Face Meeting' AND `from`='".intval($userid)."' and `deleted` = 0");
42 $row = query_getnextrow($res);
43
44 return intval($row['list']);
45 }
46
47 function get_number_of_ttpassurances ($userid)
48 {
49 $res = query_init ("SELECT count(*) AS `list` FROM `notary`
50 WHERE (`method`='Trusted Third Parties' or `method`='TTP-Assisted') AND `to`='".intval($userid)."' and `deleted` = 0");
51 $row = query_getnextrow($res);
52
53 return intval($row['list']);
54 }
55
56 function get_number_of_assurees ($userid)
57 {
58 $res = query_init ("SELECT count(*) AS `list` FROM `notary`
59 WHERE `method` = 'Face to Face Meeting' AND `to`='".intval($userid)."' and `deleted` = 0");
60 $row = query_getnextrow($res);
61
62 return intval($row['list']);
63 }
64
65 function get_top_assurer_position ($no_of_assurances)
66 {
67 $res = query_init ("SELECT count(*) AS `list` FROM `notary`
68 WHERE `method` = 'Face to Face Meeting' and `deleted` = 0
69 GROUP BY `from` HAVING count(*) > '".intval($no_of_assurances)."'");
70 return intval(query_get_number_of_rows($res)+1);
71 }
72
73 function get_top_assuree_position ($no_of_assurees)
74 {
75 $res = query_init ("SELECT count(*) AS `list` FROM `notary`
76 WHERE `method` = 'Face to Face Meeting' and `deleted` = 0
77 GROUP BY `to` HAVING count(*) > '".intval($no_of_assurees)."'");
78 return intval(query_get_number_of_rows($res)+1);
79 }
80
81 /**
82 * Get the list of assurances given by the user
83 * @param int $userid - id of the assurer
84 * @param int $log - if set to 1 also includes deleted assurances
85 * @return resource - a MySQL result set
86 */
87 function get_given_assurances($userid, $log=0)
88 {
89 $deleted='';
90 if ($log == 0) {
91 $deleted = ' and `deleted` = 0 ';
92 }
93 $res = query_init("select * from `notary` where `from`='".intval($userid)."' and `from` != `to` $deleted order by `id` asc");
94 return $res;
95 }
96
97 /**
98 * Get the list of assurances received by the user
99 * @param int $userid - id of the assuree
100 * @param int $log - if set to 1 also includes deleted assurances
101 * @return resource - a MySQL result set
102 */
103 function get_received_assurances($userid, $log=0)
104 {
105 $deleted='';
106 if ($log == 0) {
107 $deleted = ' and `deleted` = 0 ';
108 }
109 $res = query_init("select * from `notary` where `to`='".intval($userid)."' and `from` != `to` $deleted order by `id` asc ");
110 return $res;
111 }
112
113 function get_given_assurances_summary ($userid)
114 {
115 $res = query_init ("select count(*) as number,points,awarded,method from notary where `from`='".intval($userid)."' and `deleted` = 0 group by points,awarded,method");
116 return $res;
117 }
118
119 function get_received_assurances_summary ($userid)
120 {
121 $res = query_init ("select count(*) as number,points,awarded,method from notary where `to`='".intval($userid)."' and `deleted` = 0 group by points,awarded,method");
122 return $res;
123 }
124
125 function get_user ($userid)
126 {
127 $res = query_init ("select * from `users` where `id`='".intval($userid)."'");
128 return mysql_fetch_assoc($res);
129 }
130
131 function get_cats_state ($userid)
132 {
133
134 $res = query_init ("select * from `cats_passed` inner join `cats_variant` on `cats_passed`.`variant_id` = `cats_variant`.`id` and `cats_variant`.`type_id` = 1
135 WHERE `cats_passed`.`user_id` = '".intval($userid)."'");
136 return mysql_num_rows($res);
137 }
138
139
140 /**
141 * Calculate awarded points (corrects some issues like out of range points
142 * or points that were issued by means that have been deprecated)
143 *
144 * @param array $row - associative array containing the data from the
145 * `notary` table
146 * @return int - the awarded points for this assurance
147 */
148 function calc_awarded($row)
149 {
150 // Back in the old days there was no `awarded` column => is now zero,
151 // there the `points` column contained that data
152 $points = max(intval($row['awarded']), intval($row['points']));
153
154 // Set negative points to zero, yes there are such things in the database
155 $points = max($points, 0);
156
157 switch ($row['method'])
158 {
159 // These programmes have been revoked
160 case 'Thawte Points Transfer': // revoke all Thawte-points (as per arbitration)
161 case 'CT Magazine - Germany': // revoke c't (only one test-entry)
162 case 'Temporary Increase': // revoke 'temporary increase' (Current usage breaks audit aspects, needs to be reimplemented)
163 $points = 0;
164 break;
165
166 case 'Administrative Increase': // ignore AI with 2 points or less (historical for experiance points, now other calculation)
167 if ($points <= 2) // maybe limit to 35/50 pts in the future?
168 $points = 0;
169 break;
170
171 // TTP assurances, limit to 35
172 case 'TTP-Assisted':
173 $points = min($points, 35);
174 break;
175
176 // TTP TOPUP, limit to 30
177 case 'TOPUP':
178 $points = min($points, 30);
179
180 // All these should be preserved for the time being
181 case 'Unknown': // to be revoked in the future? limit to max 50 pts?
182 case 'Trusted Third Parties': // to be revoked in the future? limit to max 35 pts?
183 case '': // to be revoked in the future? limit to max 50 pts?
184 case 'Face to Face Meeting': // normal assurances (and superassurances?), limit to 35/50 pts in the future?
185 break;
186
187 default: // should never happen ... ;-)
188 $points = 0;
189 }
190
191 return $points;
192 }
193
194
195 /**
196 * Calculate the experience points from a given Assurance
197 *
198 * @param array $row - [inout] associative array containing the data from
199 * the `notary` table, the keys 'experience' and 'calc_awarded' will be
200 * added
201 * @param int $sum_points - [inout] the sum of already counted assurance
202 * points the assurer issued
203 * @param int $sum_experience - [inout] the sum of already counted
204 * experience points that were awarded to the assurer
205 */
206 function calc_experience(&$row, &$sum_points, &$sum_experience)
207 {
208 $row['calc_awarded'] = calc_awarded($row);
209
210 // Don't count revoked assurances even if we are displaying them
211 if ($row['deleted'] !== NULL_DATETIME) {
212 $row['experience'] = 0;
213 return;
214 }
215
216 $experience = 0;
217 if ($row['method'] == "Face to Face Meeting")
218 {
219 $experience = 2;
220 }
221 $sum_experience += $experience;
222 $row['experience'] = $experience;
223
224 $sum_points += $row['calc_awarded'];
225 }
226
227 /**
228 * Calculate the points received from a received Assurance
229 * @param array $row - [inout] associative array containing the data from
230 * the `notary` table, the keys 'experience' and 'calc_awarded' will be
231 * added
232 * @param int $sum_points - [inout] the sum of already counted assurance
233 * points the assuree received
234 * @param int $sum_experience - [inout] the sum of already counted
235 * experience points that were awarded to the assurer
236 */
237 function calc_assurances(&$row, &$sum_points, &$sum_experience)
238 {
239 $row['calc_awarded'] = calc_awarded($row);
240 $experience = 0;
241
242 // High point values mean that some of them are experience points
243 if ($row['calc_awarded'] > 100)
244 {
245 $experience = $row['calc_awarded'] - 100; // needs to be fixed in the future (limit 50 pts and/or no experience if pts > 100)
246 $row['calc_awarded'] = 100;
247 }
248
249 switch ($row['method'])
250 {
251 case 'Thawte Points Transfer':
252 case 'CT Magazine - Germany':
253 case 'Temporary Increase': // Current usage of 'Temporary Increase' may break audit aspects, needs to be reimplemented
254 $experience = 0;
255 $row['deleted'] = THAWTE_REVOCATION_DATETIME;
256 break;
257 }
258 // Don't count revoked assurances even if we are displaying them
259 if ($row['deleted'] !== NULL_DATETIME) {
260 $row['experience'] = 0;
261 return;
262 }
263
264 $sum_experience += $experience;
265 $row['experience'] = $experience;
266 $sum_points += $row['calc_awarded'];
267 }
268
269 /**
270 * Generate a link to the support engineer page for the user with the name
271 * of the user as link text
272 * @param array $user - associative array containing the data from the
273 * `user` table
274 * @return string
275 */
276 function show_user_link($user)
277 {
278 $name = trim($user['fname'].' '.$user['lname']);
279 $userid = intval($user['id']);
280
281 if($name == "")
282 {
283 if ($userid == 0) {
284 $name = _("System");
285 } else {
286 $name = _("Deleted account");
287 }
288 }
289 else
290 {
291 $name = "<a href='wot.php?id=9&amp;userid=".$userid."'>".sanitizeHTML($name)."</a>";
292 }
293
294 return $name;
295 }
296
297 /**
298 * Generate a link to the support engineer page for the user with the email
299 * address as link text
300 * @param array $user - associative array containing the data from the
301 * `user` table
302 * @return string
303 */
304 function show_email_link($user)
305 {
306 $email = trim($user['email']);
307 if($email != "") {
308 $email = "<a href='account.php?id=43&amp;userid=".intval($user['id'])."'>".sanitizeHTML($email)."</a>";
309 }
310 return $email;
311 }
312
313 function get_assurer_ranking($userid,&$num_of_assurances,&$rank_of_assurer)
314 {
315 $num_of_assurances = get_number_of_assurances (intval($userid));
316 $rank_of_assurer = get_top_assurer_position($num_of_assurances);
317 }
318
319 function get_assuree_ranking($userid,&$num_of_assurees,&$rank_of_assuree)
320 {
321 $num_of_assurees = get_number_of_assurees (intval($userid));
322 $rank_of_assuree = get_top_assuree_position($num_of_assurees);
323 }
324
325 /**
326 * Helper function to sum all assurance points received by the user
327 * @param int $userid
328 */
329 function get_received_assurance_points($userid)
330 {
331 $sum_points = 0;
332 $sum_experience = 0;
333 $res = get_received_assurances(intval($userid));
334 while($row = mysql_fetch_assoc($res))
335 {
336 calc_assurances($row, $sum_points, $sum_experience);
337 }
338 return $sum_points;
339 }
340
341 /**
342 * Helper function to sum all assurance points received by the user
343 * @param int $userid
344 */
345 function get_received_experience_points($userid)
346 {
347 $sum_points = 0;
348 $sum_experience = 0;
349 $res = get_received_assurances(intval($userid));
350
351 // this loop sums experience points from recieved assurances
352 // this happens when the member has assurances with more than 150 points (super assurances)
353 // such points/assurances should be removed from the database. Afterwards, this logic can be removed.
354 while($row = mysql_fetch_assoc($res))
355 {
356 calc_assurances($row, $sum_points, $sum_experience);
357 }
358
359 $res = get_given_assurances(intval($userid));
360 while($row = mysql_fetch_assoc($res))
361 {
362 calc_experience($row, $sum_points, $sum_experience);
363 }
364 return $sum_experience;
365 }
366
367 /**
368 * Helper function to sum all points received by the user
369 * @param int $userid
370 */
371 function get_received_total_points($userid)
372 {
373 $res = min(100, get_received_assurance_points($userid)) + min(50, get_received_experience_points($userid));
374 return $res;
375 }
376
377 /**
378 * Updates the assurance points in $_SESSION['profile']
379 */
380 function update_points_in_profile(){
381 $_SESSION['profile']['points'] = get_received_total_points($_SESSION['profile']['id']);
382 }
383
384 // ************* html table definitions ******************
385
386 function output_ranking($userid)
387 {
388 get_assurer_ranking($userid,$num_of_assurances,$rank_of_assurer);
389 get_assuree_ranking($userid,$num_of_assurees,$rank_of_assuree);
390
391 ?>
392 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
393 <tr>
394 <td class="title"><?=_("Assurer Ranking")?></td>
395 </tr>
396 <tr>
397 <td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($num_of_assurances), intval($rank_of_assurer) )?></td>
398 </tr>
399 <tr>
400 <td class="DataTD"><?=sprintf(_("You have received %s assurances which ranks you as the #%s top assuree."), intval($num_of_assurees), intval($rank_of_assuree) )?></td>
401 </tr>
402 </table>
403 <br/>
404 <?
405 }
406
407 /**
408 * Render header for the assurance table (same for given/received)
409 * @param string $title - The title for the table
410 * @param int $support - set to 1 if the output is for the support interface
411 * @param int $log - if set to 1 also includes deleted assurances
412 */
413 function output_assurances_header($title, $support, $log)
414 {
415 if ($support == 1) {
416 $log = 1;
417 }
418
419 $colspan = 7;
420 if ($support == 1) {
421 $colspan += 2;
422 }
423 if ($log == 1) {
424 $colspan += 1;
425 }
426 ?>
427 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
428 <tr>
429 <td colspan="<?=$colspan?>" class="title"><?=$title?></td>
430 </tr>
431 <tr>
432 <td class="DataTD"><strong><?=_("ID")?></strong></td>
433 <td class="DataTD"><strong><?=_("Date")?></strong></td>
434 <?
435 if ($support == 1)
436 {
437 ?>
438 <td class="DataTD"><strong><?=_("When")?></strong></td>
439 <td class="DataTD"><strong><?=_("Email")?></strong></td>
440 <?
441 }
442 ?>
443 <td class="DataTD"><strong><?=_("Who")?></strong></td>
444 <td class="DataTD"><strong><?=_("Points")?></strong></td>
445 <td class="DataTD"><strong><?=_("Location")?></strong></td>
446 <td class="DataTD"><strong><?=_("Method")?></strong></td>
447 <td class="DataTD"><strong><?=_("Experience Points")?></strong></td>
448 <?
449 if ($log == 1)
450 {
451 ?>
452 <td class="DataTD"><strong><?=_("Revoked")?></strong></td>
453 <?
454 }
455 ?>
456 </tr>
457 <?
458 }
459
460 /**
461 * Render footer for the assurance table (same for given/received)
462 * @param string $points_txt - Description for sum of assurance points
463 * @param int $sumpoints - sum of assurance points
464 * @param string $experience_txt - Description for sum of experience points
465 * @param int $sumexperience - sum of experience points
466 * @param int $support - set to 1 if the output is for the support interface
467 * @param int $log - if set to 1 also includes deleted assurances
468 */
469 function output_assurances_footer(
470 $points_txt,
471 $sumpoints,
472 $experience_txt,
473 $sumexperience,
474 $support,
475 $log)
476 {
477 ?>
478 <tr>
479 <td colspan="<?=($support == 1) ? 5 : 3 ?>" class="DataTD"><strong><?=$points_txt?>:</strong></td>
480 <td class="DataTD"><?=intval($sumpoints)?></td>
481 <td class="DataTD">&nbsp;</td>
482 <td class="DataTD"><strong><?=$experience_txt?>:</strong></td>
483 <td class="DataTD"><?=intval($sumexperience)?></td>
484 <?
485 if ($log == 1)
486 {
487 ?>
488 <td class="DataTD">&nbsp;</td>
489 <?
490 }
491 ?>
492 </tr>
493 </table>
494 <br/>
495 <?
496 }
497
498 /**
499 * Render an assurance for a view
500 * @param array $assurance - associative array containing the data from the `notary` table
501 * @param int $userid - Id of the user whichs given/received assurances are displayed
502 * @param array $other_user - associative array containing the other users data from the `users` table
503 * @param int $support - set to 1 if the output is for the support interface
504 * @param string $ticketno - ticket number currently set in the support interface
505 * @param int $log - if set to 1 also includes deleted assurances
506 */
507 function output_assurances_row(
508 $assurance,
509 $userid,
510 $other_user,
511 $support,
512 $ticketno,
513 $log)
514 {
515 $assuranceid = intval($assurance['id']);
516 $date = $assurance['date'];
517 $when = $assurance['when'];
518 $awarded = intval($assurance['calc_awarded']);
519 $points = intval($assurance['points']);
520 $location = $assurance['location'];
521 $method = $assurance['method'] ? _($assurance['method']) : '';
522 $experience = intval($assurance['experience']);
523 $revoked = $assurance['deleted'] !== NULL_DATETIME;
524
525 $email = show_email_link($other_user);
526 $name = show_user_link($other_user);
527
528 if ($support == 1) {
529 $log = 1;
530 }
531
532 $tdstyle="";
533 $emopen="";
534 $emclose="";
535
536 if ($awarded == $points)
537 {
538 if ($awarded == 0)
539 {
540 if ($when < "2006-09-01")
541 {
542 $tdstyle="style='background-color: #ffff80'";
543 $emopen="<em>";
544 $emclose="</em>";
545 }
546 }
547 }
548 ?>
549 <tr>
550 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$assuranceid?><?=$emclose?></td>
551 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$date?><?=$emclose?></td>
552 <?
553 if ($support == 1)
554 {
555 ?>
556 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$when?><?=$emclose?></td>
557 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$email?><?=$emclose?></td>
558 <?
559 }
560 ?>
561 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td>
562 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$revoked ? sprintf("<strong style='color: red'>%s</strong>",_("Revoked")) : $awarded?><?=$emclose?></td>
563 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=sanitizeHTML($location)?><?=$emclose?></td>
564 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td>
565 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?$experience:'&nbsp;'?><?=$emclose?></td>
566 <?
567 if ($log == 1)
568 {
569 if ($revoked == true)
570 {
571 ?>
572 <td class="DataTD" <?=$tdstyle?>><?=$assurance['deleted']?></td>
573 <?
574 } elseif ($support == 1) {
575 ?>
576 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&amp;userid=<?=intval($userid)?>&amp;assurance=<?=intval($assuranceid)?>&amp;csrf=<?=make_csrf('admdelassurance')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$assuranceid)?>');"><?=_("Revoke")?></a><?=$emclose?></td>
577 <?
578 } else {
579 ?>
580 <td class="DataTD" <?=$tdstyle?>>&nbsp;</td>
581 <?
582 }
583 }
584 ?>
585 </tr>
586 <?
587 }
588
589 function output_summary_header()
590 {
591 ?>
592 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
593 <tr>
594 <td colspan="4" class="title"><?=_("Summary of your Points")?></td>
595 </tr>
596 <tr>
597 <td class="DataTD"><strong><?=_("Description")?></strong></td>
598 <td class="DataTD"><strong><?=_("Points")?></strong></td>
599 <td class="DataTD"><strong><?=_("Countable Points")?></strong></td>
600 <td class="DataTD"><strong><?=_("Remark")?></strong></td>
601 </tr>
602 <?
603 }
604
605 function output_summary_footer()
606 {
607 ?>
608 </table>
609 <br/>
610 <?
611 }
612
613 function output_summary_row($title,$points,$points_countable,$remark)
614 {
615 ?>
616 <tr>
617 <td class="DataTD"><strong><?=$title?></strong></td>
618 <td class="DataTD"><?=$points?></td>
619 <td class="DataTD"><?=$points_countable?></td>
620 <td class="DataTD"><?=$remark?></td>
621 </tr>
622 <?
623 }
624
625
626 // ************* output given assurances ******************
627
628 /**
629 * Helper function to render assurances given by the user
630 * @param int $userid
631 * @param int& $sum_points - [out] sum of given points
632 * @param int& $sum_experience - [out] sum of experience points gained
633 * @param int $support - set to 1 if the output is for the support interface
634 * @param string $ticketno - the ticket number set in the support interface
635 * @param int $log - if set to 1 also includes deleted assurances
636 */
637 function output_given_assurances_content(
638 $userid,
639 &$sum_points,
640 &$sum_experience,
641 $support,
642 $ticketno,
643 $log)
644 {
645 $sum_points = 0;
646 $sum_experience = 0;
647 $res = get_given_assurances(intval($userid), $log);
648 while($row = mysql_fetch_assoc($res))
649 {
650 $assuree = get_user(intval($row['to']));
651 calc_experience($row, $sum_points, $sum_experience);
652 output_assurances_row($row, $userid, $assuree, $support, $ticketno, $log);
653 }
654 }
655
656 // ************* output received assurances ******************
657
658 /**
659 * Helper function to render assurances received by the user
660 * @param int $userid
661 * @param int& $sum_points - [out] sum of received points
662 * @param int& $sum_experience - [out] sum of experience points the assurers gained
663 * @param int $support - set to 1 if the output is for the support interface
664 * @param string $ticketno - the ticket number set in the support interface
665 * @param int $log - if set to 1 also includes deleted assurances
666 */
667 function output_received_assurances_content(
668 $userid,
669 &$sum_points,
670 &$sum_experience,
671 $support,
672 $ticketno,
673 $log)
674 {
675 $sum_points = 0;
676 $sum_experience = 0;
677 $res = get_received_assurances(intval($userid), $log);
678 while($row = mysql_fetch_assoc($res))
679 {
680 $fromuser = get_user(intval($row['from']));
681 calc_assurances($row, $sum_points, $sum_experience);
682 output_assurances_row($row, $userid, $fromuser, $support, $ticketno, $log);
683 }
684 }
685
686 // ************* output summary table ******************
687
688 function check_date_limit ($userid,$age)
689 {
690 $dob = date("Y-m-d", mktime(0,0,0,date("m"),date("d"),date("Y")-$age));
691 $res = query_init ("select id from `users` where `id`='".$userid."' and `dob` < '$dob'");
692 return intval(query_get_number_of_rows($res));
693 }
694
695 function max_points($userid)
696 {
697 return output_summary_content ($userid,0);
698 }
699
700 function output_summary_content($userid,$display_output)
701 {
702 $sum_points = 0;
703 $sum_experience = 0;
704 $sum_experience_other = 0;
705 $max_points = 100;
706 $max_experience = 50;
707
708 $experience_limit_reached_txt = _("Limit reached");
709
710 if (check_date_limit($userid,18) != 1)
711 {
712 $max_experience = 10;
713 $experience_limit_reached_txt = _("Limit given by PoJAM reached");
714 }
715 if (check_date_limit($userid,14) != 1)
716 {
717 $max_experience = 0;
718 $experience_limit_reached_txt = _("Limit given by PoJAM reached");
719 }
720
721 $res = get_received_assurances_summary($userid);
722 while($row = mysql_fetch_assoc($res))
723 {
724 $points = calc_awarded($row);
725
726 if ($points > $max_points) // limit to 100 points, above is experience (needs to be fixed)
727 {
728 $sum_experience_other = $sum_experience_other+($points-$max_points)*intval($row['number']);
729 $points = $max_points;
730 }
731 $sum_points += $points*intval($row['number']);
732 }
733
734 $res = get_given_assurances_summary($userid);
735 while($row = mysql_fetch_assoc($res))
736 {
737 switch ($row['method'])
738 {
739 case 'Face to Face Meeting': // count Face to Face only
740 $sum_experience += 2*intval($row['number']);
741 break;
742 }
743
744 }
745
746 if ($sum_points > $max_points)
747 {
748 $sum_points_countable = $max_points;
749 $remark_points = _("Limit reached");
750 }
751 else
752 {
753 $sum_points_countable = $sum_points;
754 $remark_points = "&nbsp;";
755 }
756 if ($sum_experience > $max_experience)
757 {
758 $sum_experience_countable = $max_experience;
759 $remark_experience = $experience_limit_reached_txt;
760 }
761 else
762 {
763 $sum_experience_countable = $sum_experience;
764 $remark_experience = "&nbsp;";
765 }
766
767 if ($sum_experience_countable + $sum_experience_other > $max_experience)
768 {
769 $sum_experience_other_countable = $max_experience-$sum_experience_countable;
770 $remark_experience_other = $experience_limit_reached_txt;
771 }
772 else
773 {
774 $sum_experience_other_countable = $sum_experience_other;
775 $remark_experience_other = "&nbsp;";
776 }
777
778 if ($sum_points_countable < $max_points)
779 {
780 if ($sum_experience_countable != 0)
781 $remark_experience = _("Points on hold due to less assurance points");
782 $sum_experience_countable = 0;
783 if ($sum_experience_other_countable != 0)
784 $remark_experience_other = _("Points on hold due to less assurance points");
785 $sum_experience_other_countable = 0;
786 }
787
788 $issue_points = 0;
789 $cats_test_passed = get_cats_state ($userid);
790 if ($cats_test_passed == 0)
791 {
792 $issue_points_txt = "<strong style='color: red'>"._("You have to pass the CAcert Assurer Challenge (CATS-Test) to be an Assurer")."</strong>";
793 if ($sum_points_countable < $max_points)
794 {
795 $issue_points_txt = "<strong style='color: red'>";
796 $issue_points_txt .= sprintf(_("You need %s assurance points and the passed CATS-Test to be an Assurer"), intval($max_points));
797 $issue_points_txt .= "</strong>";
798 }
799 }
800 else
801 {
802 $experience_total = $sum_experience_countable+$sum_experience_other_countable;
803 $issue_points_txt = "";
804 if ($sum_points_countable == $max_points)
805 $issue_points = 10;
806 if ($experience_total >= 10)
807 $issue_points = 15;
808 if ($experience_total >= 20)
809 $issue_points = 20;
810 if ($experience_total >= 30)
811 $issue_points = 25;
812 if ($experience_total >= 40)
813 $issue_points = 30;
814 if ($experience_total >= 50)
815 $issue_points = 35;
816 if ($issue_points != 0)
817 $issue_points_txt = sprintf(_("You may issue up to %s points"),$issue_points);
818 }
819 if ($display_output)
820 {
821 output_summary_row (_("Assurance Points you received"),$sum_points,$sum_points_countable,$remark_points);
822 output_summary_row (_("Total Experience Points by Assurance"),$sum_experience,$sum_experience_countable,$remark_experience);
823 output_summary_row (_("Total Experience Points (other ways)"),$sum_experience_other,$sum_experience_other_countable,$remark_experience_other);
824 output_summary_row (_("Total Points"),"&nbsp;",$sum_points_countable + $sum_experience_countable + $sum_experience_other_countable,$issue_points_txt);
825 }
826 return $issue_points;
827 }
828
829 /**
830 * Render assurances given by the user
831 * @param int $userid
832 * @param int $support - set to 1 if the output is for the support interface
833 * @param string $ticketno - the ticket number set in the support interface
834 * @param int $log - if set to 1 also includes deleted assurances
835 */
836 function output_given_assurances($userid, $support=0, $ticketno='', $log=0)
837 {
838 output_assurances_header(
839 _("Assurance Points You Issued"),
840 $support,
841 $log);
842
843 output_given_assurances_content(
844 $userid,
845 $sum_points,
846 $sum_experience,
847 $support,
848 $ticketno,
849 $log);
850
851 output_assurances_footer(
852 _("Total Points Issued"),
853 $sum_points,
854 _("Total Experience Points"),
855 $sum_experience,
856 $support,
857 $log);
858 }
859
860 /**
861 * Render assurances received by the user
862 * @param int $userid
863 * @param int $support - set to 1 if the output is for the support interface
864 * @param string $ticketno - the ticket number set in the support interface
865 * @param int $log - if set to 1 also includes deleted assurances
866 */
867 function output_received_assurances($userid, $support=0, $ticketno='', $log=0)
868 {
869 output_assurances_header(
870 _("Assurance Points You Received"),
871 $support,
872 $log);
873
874 output_received_assurances_content(
875 $userid,
876 $sum_points,
877 $sum_experience,
878 $support,
879 $ticketno,
880 $log);
881
882 output_assurances_footer(
883 _("Total Points Received"),
884 $sum_points,
885 _("Total Experience Points"),
886 $sum_experience,
887 $support,
888 $log);
889 }
890
891 function output_summary($userid)
892 {
893 output_summary_header();
894 output_summary_content($userid,1);
895 output_summary_footer();
896 }
897
898 function output_end_of_page()
899 {
900 ?>
901 <p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p>
902 <?
903 }
904
905 //functions to do with recording user agreements
906 /**
907 * write_user_agreement()
908 * writes a new record to the table user_agreement
909 *
910 * @param mixed $memid
911 * @param mixed $document
912 * @param mixed $method
913 * @param mixed $comment
914 * @param integer $active
915 * @param integer $secmemid
916 * @return
917 */
918 function write_user_agreement($memid, $document, $method, $comment, $active=1, $secmemid=0){
919 // write a new record to the table user_agreement
920 $query="insert into `user_agreements` set `memid`=".intval($memid).", `secmemid`=".intval($secmemid).
921 ",`document`='".mysql_real_escape_string($document)."',`date`=NOW(), `active`=".intval($active).",`method`='".mysql_real_escape_string($method)."',`comment`='".mysql_real_escape_string($comment)."'" ;
922 $res = mysql_query($query);
923 }
924
925 /**
926 * get_user_agreement_status()
927 * returns 1 if the user has an entry for the given type in user_agreement, 0 if no entry is recorded
928 * @param mixed $memid
929 * @param string $type
930 * @return
931 */
932 function get_user_agreement_status($memid, $type="CCA"){
933 $query="SELECT u.`document` FROM `user_agreements` u
934 WHERE u.`document` = '" . mysql_real_escape_string($type) . "' AND u.`memid`=" . intval($memid) ;
935 $res = mysql_query($query);
936 if(mysql_num_rows($res) <=0){
937 return 0;
938 }else{
939 return 1;
940 }
941 }
942
943 /**
944 * Get the first user_agreement entry of the requested type
945 * @param int $memid
946 * @param string $type - the type of user agreement, by default all
947 * agreements are listed
948 * @param int $active - whether to get active or passive agreements:
949 * 0 := passive
950 * 1 := active
951 * null := both
952 * @return array(string=>mixed) - an associative array containing
953 * 'document', 'date', 'method', 'comment', 'active'
954 */
955 function get_first_user_agreement($memid, $type=null, $active=null){
956 $filter = '';
957 if (!is_null($type)) {
958 $filter .= " AND u.`document` = '".mysql_real_escape_string($type)."'";
959 }
960
961 if (!is_null($active)) {
962 $filter .= " AND u.`active` = ".intval($active);
963 }
964
965 $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM `user_agreements` AS u
966 WHERE u.`memid`=".intval($memid)."
967 $filter
968 ORDER BY u.`date` LIMIT 1";
969 $res = mysql_query($query);
970 if(mysql_num_rows($res) >0){
971 $rec = mysql_fetch_assoc($res);
972 }else{
973 $rec=array();
974 }
975 return $rec;
976 }
977
978 /**
979 * Get the last user_agreement entry of the requested type
980 * @param int $memid
981 * @param string $type - the type of user agreement, by default all
982 * agreements are listed
983 * @param int $active - whether to get active or passive agreements:
984 * 0 := passive,
985 * 1 := active,
986 * null := both
987 * @return array(string=>mixed) - an associative array containing
988 * 'document', 'date', 'method', 'comment', 'active'
989 */
990 function get_last_user_agreement($memid, $type=null, $active=null){
991 $filter = '';
992 if (!is_null($type)) {
993 $filter .= " AND u.`document` = '".mysql_real_escape_string($type)."'";
994 }
995
996 if (!is_null($active)) {
997 $filter .= " AND u.`active` = ".intval($active);
998 }
999
1000 $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM `user_agreements` AS u
1001 WHERE u.`memid`=".intval($memid)."
1002 $filter
1003 ORDER BY u.`date` DESC LIMIT 1";
1004 $res = mysql_query($query);
1005 if(mysql_num_rows($res) >0){
1006 $rec = mysql_fetch_assoc($res);
1007 }else{
1008 $rec=array();
1009 }
1010 return $rec;
1011 }
1012
1013 /**
1014 * Get the all user_agreement entries of the requested type
1015 * @param int $memid
1016 * @param string $type - the type of user agreement, by default all
1017 * agreements are listed
1018 * @param int $active - whether to get an active or passive agreements:
1019 * 0 := passive,
1020 * 1 := active,
1021 * null := both
1022 * @return resource - a mysql result set containing all agreements
1023 */
1024 function get_user_agreements($memid, $type=null, $active=null){
1025 $filter = '';
1026 if (!is_null($type)) {
1027 $filter .= " AND u.`document` = '".mysql_real_escape_string($type)."'";
1028 }
1029
1030 if (!is_null($active)) {
1031 $filter .= " AND u.`active` = ".intval($active);
1032 }
1033
1034 $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM `user_agreements` AS u
1035 WHERE u.`memid`=".intval($memid)."
1036 $filter
1037 ORDER BY u.`date`";
1038 return mysql_query($query);
1039 }
1040
1041 /**
1042 * delete_user_agreement()
1043 * deletes all entries for a given type from user_agreement of a given user, if type is not given all
1044 * @param mixed $memid
1045 * @param string $type
1046 * @return
1047 */
1048 function delete_user_agreement($memid, $type=false){
1049 if ($type === false) {
1050 $filter = '';
1051 } else {
1052 $filter = " and `document` = '" . mysql_real_escape_string($type) . "'";
1053 }
1054 mysql_query("delete from `user_agreements` where `memid`=" . intval($memid) . $filter );
1055 }
1056
1057 // functions for 6.php (assure somebody)
1058
1059 function AssureHead($confirmation,$checkname)
1060 {
1061 ?>
1062 <form method="post" action="wot.php">
1063 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="600">
1064 <tr>
1065 <td colspan="2" class="title"><?=$confirmation?></td>
1066 </tr>
1067 <tr>
1068 <td class="DataTD" colspan="2" align="left"><?=$checkname?></td>
1069 </tr>
1070 <?
1071 }
1072
1073 function AssureTextLine($field1,$field2)
1074 {
1075 ?>
1076 <tr>
1077 <td class="DataTD"><?=$field1.(empty($field1)?'':':')?></td>
1078 <td class="DataTD"><?=$field2?></td>
1079 </tr>
1080 <?
1081 }
1082
1083 function AssureBoxLine($type,$text,$checked)
1084 {
1085 ?>
1086 <tr>
1087 <td class="DataTD"><input type="checkbox" name="<?=$type?>" value="1" <?=$checked?"checked":""?>></td>
1088 <td class="DataTD"><?=$text?></td>
1089 </tr>
1090 <?
1091 }
1092
1093 function AssureMethodLine($text,$methods,$remark)
1094 {
1095 if (count($methods) != 1) {
1096 ?>
1097 <tr>
1098 <td class="DataTD"><?=$text.(empty($text)?'':':')?></td>
1099 <td class="DataTD">
1100 <select name="method">
1101 <?
1102 foreach($methods as $val) {
1103 ?>
1104 <option value="<?=$val?>"><?=$val?></option>
1105 <?
1106 }
1107 ?>
1108 </select>
1109 <br />
1110 <?=$remark?>
1111 </td>
1112 </tr>
1113 <?
1114 } else {
1115 ?>
1116 <input type="hidden" name="method" value="<?=$methods[0]?>" />
1117 <?
1118 }
1119 }
1120
1121 function AssureInboxLine($type,$field,$value,$description)
1122 {
1123 ?>
1124 <tr>
1125 <td class="DataTD"><?=$field.(empty($field)?'':':')?></td>
1126 <td class="DataTD"><input type="text" name="<?=$type?>" value="<?=$value?>"><?=$description?></td>
1127 </tr>
1128 <?
1129 }
1130
1131 function AssureFoot($oldid,$confirm)
1132 {
1133 ?>
1134 <tr>
1135 <td class="DataTD" colspan="2">
1136 <input type="submit" name="process" value="<?=$confirm?>" />
1137 <input type="submit" name="cancel" value="<?=_("Cancel")?>" />
1138 </td>
1139 </tr>
1140 </table>
1141 <input type="hidden" name="pagehash" value="<?=$_SESSION['_config']['wothash']?>" />
1142 <input type="hidden" name="oldid" value="<?=$oldid?>" />
1143 </form>
1144 <?
1145 }
1146
1147 function account_email_delete($mailid){
1148 //deletes an email entry from an acount
1149 //revolkes all certifcates for that email address
1150 //called from www/account.php if($process != "" && $oldid == 2)
1151 //called from www/diputes.php if($type == "reallyemail") / if($action == "accept")
1152 //called from account_delete
1153 $mailid = intval($mailid);
1154 revoke_all_client_cert($mailid);
1155 $query = "update `email` set `deleted`=NOW() where `id`='$mailid'";
1156 mysql_query($query);
1157 }
1158
1159 function account_domain_delete($domainid){
1160 //deletes an domain entry from an acount
1161 //revolkes all certifcates for that domain address
1162 //called from www/account.php if($process != "" && $oldid == 9)
1163 //called from www/diputes.php if($type == "reallydomain") / if($action == "accept")
1164 //called from account_delete
1165 $domainid = intval($domainid);
1166 revoke_all_server_cert($domainid);
1167 mysql_query(
1168 "update `domains`
1169 set `deleted`=NOW()
1170 where `id` = '$domainid'");
1171 }
1172
1173 function account_delete($id, $arbno, $adminid){
1174 //deletes an account following the deleted account routnie V3
1175 // called from www/account.php if($oldid == 50 && $process != "")
1176 //change password
1177 $id = intval($id);
1178 $arbno = mysql_real_escape_string($arbno);
1179 $adminid = intval($adminid);
1180 $pool = 'abcdefghijklmnopqrstuvwxyz';
1181 $pool .= '0123456789!()§';
1182 $pool .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
1183 srand ((double)microtime()*1000000);
1184 $password="";
1185 for($index = 0; $index < 30; $index++)
1186 {
1187 $password .= substr($pool,(rand()%(strlen ($pool))), 1);
1188 }
1189 mysql_query("update `users` set `password`=sha1('".$password."') where `id`='".$id."'");
1190
1191 //create new mail for arbitration number
1192 $query = "insert into `email` set `email`='".$arbno."@cacert.org',`memid`='".$id."',`created`=NOW(),`modified`=NOW(), `attempts`=-1";
1193 mysql_query($query);
1194 $emailid = mysql_insert_id();
1195
1196 //set new mail as default
1197 $query = "update `users` set `email`='".$arbno."@cacert.org' where `id`='".$id."'";
1198 mysql_query($query);
1199
1200 //delete all other email address
1201 $query = "select `id` from `email` where `memid`='".$id."' and `id`!='".$emailid."'" ;
1202 $res=mysql_query($query);
1203 while($row = mysql_fetch_assoc($res)){
1204 account_email_delete($row['id']);
1205 }
1206
1207 //delete all domains
1208 $query = "select `id` from `domains` where `memid`='".$id."'";
1209 $res=mysql_query($query);
1210 while($row = mysql_fetch_assoc($res)){
1211 account_domain_delete($row['id']);
1212 }
1213
1214 //clear alert settings
1215 mysql_query(
1216 "update `alerts` set
1217 `general`='0',
1218 `country`='0',
1219 `regional`='0',
1220 `radius`='0'
1221 where `memid`='$id'");
1222
1223 //set default location
1224 $query = "update `users` set `locid`='2256755', `regid`='243', `ccid`='12' where `id`='".$id."'";
1225 mysql_query($query);
1226
1227 //clear listings
1228 $query = "update `users` set `listme`=' ',`contactinfo`=' ' where `id`='".$id."'";
1229 mysql_query($query);
1230
1231 //set lanuage to default
1232 //set default language
1233 mysql_query("update `users` set `language`='en_AU' where `id`='".$id."'");
1234 //delete secondary langugaes
1235 mysql_query("delete from `addlang` where `userid`='".$id."'");
1236
1237 //change secret questions
1238 for($i=1;$i<=5;$i++){
1239 $q="";
1240 $a="";
1241 for($index = 0; $index < 30; $index++)
1242 {
1243 $q .= substr($pool,(rand()%(strlen ($pool))), 1);
1244 $a .= substr($pool,(rand()%(strlen ($pool))), 1);
1245 }
1246 $query = "update `users` set `Q$i`='$q', `A$i`='$a' where `id`='".$id."'";
1247 mysql_query($query);
1248 }
1249
1250 //change personal information to arbitration number and DOB=1900-01-01
1251 $query = "update `users` set `fname`='".$arbno."',
1252 `mname`='".$arbno."',
1253 `lname`='".$arbno."',
1254 `suffix`='".$arbno."',
1255 `dob`='1900-01-01'
1256 where `id`='".$id."'";
1257 mysql_query($query);
1258
1259 //clear all admin and board flags
1260 mysql_query(
1261 "update `users` set
1262 `assurer`='0',
1263 `assurer_blocked`='0',
1264 `codesign`='0',
1265 `orgadmin`='0',
1266 `ttpadmin`='0',
1267 `locadmin`='0',
1268 `admin`='0',
1269 `adadmin`='0',
1270 `tverify`='0',
1271 `board`='0'
1272 where `id`='$id'");
1273
1274 //block account
1275 mysql_query("update `users` set `locked`='1' where `id`='$id'"); //, `deleted`=Now()
1276 }
1277
1278
1279 function check_email_exists($email){
1280 // called from includes/account.php if($process != "" && $oldid == 1)
1281 // called from includes/account.php if($oldid == 50 && $process != "")
1282 $email = mysql_real_escape_string($email);
1283 $query = "select 1 from `email` where `email`='$email' and `deleted`=0";
1284 $res = mysql_query($query);
1285 return mysql_num_rows($res) > 0;
1286 }
1287
1288 function check_gpg_cert_running($uid,$cca=0){
1289 //if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed
1290 // called from includes/account.php if($oldid == 50 && $process != "")
1291 $uid = intval($uid);
1292 if (0==$cca) {
1293 $query = "select 1 from `gpg` where `memid`='$uid' and `expire`>NOW()";
1294 }else{
1295 $query = "select 1 from `gpg` where `memid`='$uid' and `expire`>(NOW()-90*86400)";
1296 }
1297 $res = mysql_query($query);
1298 return mysql_num_rows($res) > 0;
1299 }
1300
1301 function check_client_cert_running($uid,$cca=0){
1302 //if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed
1303 // called from includes/account.php if($oldid == 50 && $process != "")
1304 $uid = intval($uid);
1305 if (0==$cca) {
1306 $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>NOW() and `revoked`<`created`";
1307 $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>NOW()";
1308 }else{
1309 $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>(NOW()-90*86400) and `revoked`<`created`";
1310 $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>(NOW()-90*86400)";
1311 }
1312 $res = mysql_query($query1);
1313 $r1 = mysql_num_rows($res)>0;
1314 $res = mysql_query($query2);
1315 $r2 = mysql_num_rows($res)>0;
1316 return !!($r1 || $r2);
1317 }
1318
1319 function check_server_cert_running($uid,$cca=0){
1320 //if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed
1321 // called from includes/account.php if($oldid == 50 && $process != "")
1322 $uid = intval($uid);
1323 if (0==$cca) {
1324 $query1 = "
1325 select 1 from `domaincerts` join `domains`
1326 on `domaincerts`.`domid` = `domains`.`id`
1327 where `domains`.`memid` = '$uid'
1328 and `domaincerts`.`expire` > NOW()
1329 and `domaincerts`.`revoked` < `domaincerts`.`created`";
1330 $query2 = "
1331 select 1 from `domaincerts` join `domains`
1332 on `domaincerts`.`domid` = `domains`.`id`
1333 where `domains`.`memid` = '$uid'
1334 and `revoked`>NOW()";
1335 }else{
1336 $query1 = "
1337 select 1 from `domaincerts` join `domains`
1338 on `domaincerts`.`domid` = `domains`.`id`
1339 where `domains`.`memid` = '$uid'
1340 and `expire`>(NOW()-90*86400)
1341 and `revoked`<`created`";
1342 $query2 = "
1343 select 1 from `domaincerts` join `domains`
1344 on `domaincerts`.`domid` = `domains`.`id`
1345 where `domains`.`memid` = '$uid'
1346 and `revoked`>(NOW()-90*86400)";
1347 }
1348 $res = mysql_query($query1);
1349 $r1 = mysql_num_rows($res)>0;
1350 $res = mysql_query($query2);
1351 $r2 = mysql_num_rows($res)>0;
1352 return !!($r1 || $r2);
1353 }
1354
1355 function check_is_orgadmin($uid){
1356 // called from includes/account.php if($oldid == 50 && $process != "")
1357 $uid = intval($uid);
1358 $query = "select 1 from `org` where `memid`='$uid' and `deleted`=0";
1359 $res = mysql_query($query);
1360 return mysql_num_rows($res) > 0;
1361 }
1362
1363
1364 // revokation of certificates
1365 function revoke_all_client_cert($mailid){
1366 //revokes all client certificates for an email address
1367 $mailid = intval($mailid);
1368 $query = "select `emailcerts`.`id`
1369 from `emaillink`,`emailcerts` where
1370 `emaillink`.`emailid`='$mailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and `emailcerts`.`revoked`=0
1371 group by `emailcerts`.`id`";
1372 $dres = mysql_query($query);
1373 while($drow = mysql_fetch_assoc($dres)){
1374 mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01', `disablelogin`=1 where `id`='".$drow['id']."'");
1375 }
1376 }
1377
1378 function revoke_all_server_cert($domainid){
1379 //revokes all server certs for an domain
1380 $domainid = intval($domainid);
1381 $query =
1382 "select `domaincerts`.`id`
1383 from `domaincerts`
1384 where `domaincerts`.`domid` = '$domainid'
1385 union distinct
1386 select `domaincerts`.`id`
1387 from `domaincerts`, `domlink`
1388 where `domaincerts`.`id` = `domlink`.`certid`
1389 and `domlink`.`domid` = '$domainid'";
1390 $dres = mysql_query($query);
1391 while($drow = mysql_fetch_assoc($dres))
1392 {
1393 mysql_query(
1394 "update `domaincerts`
1395 set `revoked`='1970-01-01 10:00:01'
1396 where `id` = '".$drow['id']."'
1397 and `revoked` = 0");
1398 }
1399 }
1400
1401 function revoke_all_private_cert($uid){
1402 //revokes all certificates linked to a personal accounts
1403 //gpg revokation needs to be added to a later point
1404 $uid=intval($uid);
1405 $query = "select `id` from `email` where `memid`='".$uid."'";
1406 $res=mysql_query($query);
1407 while($row = mysql_fetch_assoc($res)){
1408 revoke_all_client_cert($row['id']);
1409 }
1410
1411
1412 $query = "select `id` from `domains` where `memid`='".$uid."'";
1413 $res=mysql_query($query);
1414 while($row = mysql_fetch_assoc($res)){
1415 revoke_all_server_cert($row['id']);
1416 }
1417 }
1418
1419 /**
1420 * check_date_format()
1421 * checks if the date is entered in the right date format YYYY-MM-DD and
1422 * if the date is after the 1st January of the given year
1423 *
1424 * @param mixed $date
1425 * @param integer $year
1426 * @return
1427 */
1428 function check_date_format($date, $year=2000){
1429 if (!strpos($date,'-')) {
1430 return FALSE;
1431 }
1432 $arr=explode('-',$date);
1433
1434 if ((count($arr)!=3)) {
1435 return FALSE;
1436 }
1437 if (intval($arr[0])<=$year) {
1438 return FALSE;
1439 }
1440 if (intval($arr[1])>12 or intval($arr[1])<=0) {
1441 return FALSE;
1442 }
1443 if (intval($arr[2])>31 or intval($arr[2])<=0) {
1444 return FALSE;
1445 }
1446
1447 return checkdate( intval($arr[1]), intval($arr[2]), intval($arr[0]));
1448
1449 }
1450
1451 /**
1452 * check_date_difference()
1453 * returns false if the date is larger then today + time diffrence
1454 *
1455 * @param mixed $date
1456 * @param integer $diff
1457 * @return
1458 */
1459 function check_date_difference($date, $diff=1){
1460 return (strtotime($date)<=time()+$diff*86400);
1461 }
1462
1463 // table layout for organisation
1464 /**
1465 * org_edit_org_table()
1466 *
1467 * @param mixed $orgname
1468 * @param mixed $contactmail
1469 * @param mixed $town
1470 * @param mixed $state
1471 * @param mixed $country
1472 * @param mixed $comment
1473 * @param integer $type 0 - new, 1, edit
1474 * @return
1475 */
1476 function org_edit_org_table($orgname, $contactmail, $town, $state, $country, $comment, $type=0){
1477 if ($type > 0) {
1478 $title = _('Edit Organisation');
1479 $action = _('Update');
1480 } else {
1481 $title = _('New Organisation');
1482 $action = _('Next');
1483 }
1484 org_edit_org_table_header($title);
1485 org_edit_org_table_row(_('Organisation Name'), 'O', $orgname, 64);
1486 org_edit_org_table_row(_('Contact Email'), 'contact', $contactmail, 255);
1487 org_edit_org_table_row(_('Town/Suburb'), 'L', $town, 128);
1488 org_edit_org_table_row(_('State/Province'), 'ST', $state, 128);
1489 org_edit_org_table_country(_('Country'), 'C', $country, 2);
1490 org_edit_org_table_comment(_('Comments'), 'comments', $comment);
1491 org_edit_org_table_footer($action);
1492 }
1493
1494 /**
1495 * org_edit_org_table_header()
1496 *
1497 * @param mixed $title
1498 * @return
1499 */
1500 function org_edit_org_table_header($title){
1501 ?>
1502 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
1503 <tr>
1504 <td colspan="3" class="title"><?=$title?></td>
1505 </tr>
1506 <?
1507 }
1508
1509 /**
1510 * org_edit_org_table_row()
1511 *
1512 * @param mixed $label
1513 * @param mixed $name
1514 * @param mixed $value
1515 * @param mixed $length
1516 * @return
1517 */
1518 function org_edit_org_table_row($label, $name, $value, $length){
1519 ?>
1520 <tr>
1521 <td class="DataTD"><?=$label?>:</td>
1522 <td class="DataTD"><input type="text" name="<?=$name?>" value="<?=SanitizeHTML($value)?>" maxlength="<?=intval($length)?>" size="90"></td>
1523 <td class="DataTD"><? printf(_('max %d characters'),$length)?></td>
1524 </tr>
1525 <?
1526 }
1527
1528 /**
1529 * org_edit_org_table_country()
1530 *
1531 * @param mixed $label
1532 * @param mixed $name
1533 * @param mixed $value
1534 * @param mixed $length
1535 * @return
1536 */
1537 function org_edit_org_table_country($label, $name, $value, $length){
1538 ?>
1539 <tr>
1540 <td class="DataTD"><?=$label?>:</td>
1541 <td class="DataTD">
1542 <input type="text" name="<?=$name?>" value="<?=SanitizeHTML($value)?>" maxlength="<?=intval($length)?>" size="<?=intval($length)?>" />
1543 <? printf(_('(2 letter %s ISO code %s )'), '<a href="http://www.iso.org/iso/home/standards/country_codes/iso-3166-1_decoding_table.htm">', '</a>')?>
1544 </td>
1545 <td class="DataTD"><?=sprintf(_('max %d characters'),$length)?></td>
1546 </tr>
1547 <?
1548 }
1549
1550 /**
1551 * org_edit_org_table_comment()
1552 *
1553 * @param mixed $label
1554 * @param mixed $name
1555 * @param mixed $value
1556 * @return
1557 */
1558 function org_edit_org_table_comment($label, $name, $value){
1559 ?>
1560 <tr>
1561 <td class="DataTD"><?=$label?>:</td>
1562 <td class="DataTD"><textarea name="<?=$name?>" cols=60 rows=10><?=SanitizeHTML($value)?></textarea></td>
1563 <td class="DataTD">&nbsp</td>
1564 </tr>
1565 <?
1566 }
1567
1568 /**
1569 * org_edit_org_table_footer()
1570 *
1571 * @param mixed $label
1572 * @return
1573 */
1574 function org_edit_org_table_footer($label){
1575 ?>
1576 <tr>
1577 <td class="DataTD" colspan="3"><input type="submit" name="process" value="<?=$label?>"></td>
1578 </tr>
1579 </table>
1580 <?
1581 }
1582
1583 /**
1584 * get_array_from_ini()
1585 * gets an array from an ini file and trims all entries
1586 * @param mixed $inifile, path and filename of the ini file
1587 * @return
1588 */
1589 function get_array_from_ini($inifile){
1590 $array = parse_ini_file('../config/ttp.ini');
1591 ksort($array);
1592 foreach($array as $key => $value)
1593 {
1594 unset($array[$key]);
1595 $array[trim($key)] = trim($value);
1596 }
1597 return $array;
1598 }
1599
1600 /**
1601 * create_selectbox_HTML()
1602 *
1603 * @param mixed $name, name for the select element
1604 * @param mixed $options, array with the data for the dropdown
1605 * @param string $value, TRUE if the value for the option should be added
1606 * @param string $firstline, if the should be a first line like´Choose country
1607 * @param string $selected, if selection matches option key the
1608 * entry is preselected in the dropdownbox
1609 * @return
1610 */
1611 function create_selectbox_HTML($name, array $options, $firstline = '', $value='', $selected = ''){
1612 $return_str='<select name="' . $name . '">';
1613 if (''!= $firstline) {
1614 $return_str .= '<option>' . $firstline .'</option>';
1615 }
1616 foreach ($options as $key => $avalue) {
1617 $return_str.='<option';
1618 if ($value) {
1619 $return_str.=' value="'.$avalue.'"';
1620 }
1621 if ($key==$selected){
1622 $return_str.=' selected="selected"';
1623 }
1624 $return_str.='>'.$key.'</option>';
1625 }
1626 $return_str.='</select>';
1627 return $return_str;
1628 }
1629
1630 //user function
1631 function get_user_id_from_email($email){
1632 $email = mysql_real_escape_string(trim($email));
1633 $res = query_init ("select `id` from `users` where `email` = '" . $email . "'");
1634 $row = query_getnextrow($res);
1635
1636 return intval($row['id']);
1637 }
1638
1639 function get_number_of_adminlog_entries($uid, $typeid, $hours=1){
1640 $uid = intval($uid);
1641 $typeid = intval($typeid);
1642 $hours = intval($hours);
1643 $res = query_init ("SELECT count(*) AS `no` FROM `adminlog`
1644 WHERE `adminid` = " . $uid . " AND `actiontypeid`=" . $typeid . " and `when` > NOW() - INTERVAL " . $hours . " HOUR " );
1645 $row = query_getnextrow($res);
1646
1647 return intval($row['no']);
1648 }
1649
1650 /**
1651 * write_se_log()
1652 * writes an information to the adminlog
1653 *
1654 * @param int $uid - id of the user account
1655 * @param int $adminid - id of the admin
1656 * @param string $type - the operation that was performed on the user account
1657 * @param string $info - the ticket / arbitration number or other information
1658 * @return bool - true := success, false := error
1659 */
1660 function write_se_log($uid, $adminid, $type, $info, $typeid=1){
1661 //records all support engineer actions changing a user account
1662 $uid = intval($uid);
1663 $adminid = intval($adminid);
1664 $type = mysql_real_escape_string($type);
1665 $info = mysql_real_escape_string($info);
1666 $typeid = intval($typeid);
1667 $query="insert into `adminlog` (`when`, `uid`, `adminid`,`type`,`information`,`actiontypeid`) values
1668 (Now(), $uid, $adminid, '$type', '$info', '$typeid')";
1669 return mysql_query($query);
1670 }
1671
1672 /**
1673 * Check if the entered information is a valid ticket or arbitration number
1674 * @param string $ticketno
1675 * @return bool
1676 */
1677 function valid_ticket_number($ticketno){
1678 //a arbitration case
1679 //d dispute action
1680 //s support case
1681 //m board motion
1682 $pattern='/[adsmADSM]\d{8}\.\d+/';
1683 if (preg_match($pattern, $ticketno)) {
1684 return true;
1685 }
1686 return false;
1687 }
1688
1689 // function for handling account/43.php
1690 /**
1691 * Get all data of an account given by the id from the `users` table
1692 * @param int $userid - account id
1693 * @param int $deleted - states if deleted data should be visible , default = 0 - not visible
1694 * @return resource - a mysql result set
1695 */
1696 function get_user_data($userid, $deleted=0){
1697 $userid = intval($userid);
1698 $filter='';
1699 if (0==$deleted) {
1700 $filter .=' and `users`.`deleted`=0';
1701 }
1702 $query = "select * from `users` where `users`.`id`='$userid' ".$filter;
1703 return mysql_query($query);
1704 }
1705
1706 /**
1707 * Get the alert settings for a user
1708 * @param int $userid for the requested account
1709 * @return array - associative array
1710 */
1711 function get_alerts($userid){
1712 return mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($userid)."'"));
1713 }
1714
1715 /**
1716 * Get all email addresses linked to the account
1717 * @param int $userid
1718 * @param string $exclude - if given the email address will be excluded
1719 * @param int $deleted - states if deleted data should be visible, default = 0 - not visible
1720 * @return resource - a mysql result set
1721 */
1722 function get_email_addresses($userid, $exclude, $deleted=0){
1723 //should be entered in account/2.php
1724 $userid = intval($userid);
1725 $filter='';
1726 if (0==$deleted) {
1727 $filter .= ' and `deleted`=0';
1728 }
1729 if ($exclude) {
1730 $filter .= " and `email`!='".mysql_real_escape_string($exclude)."'";
1731 }
1732 $query = "select * from `email` where `memid`='".$userid."' and `hash`='' ".$filter." order by `created`";
1733 return mysql_query($query);
1734 }
1735
1736 /**
1737 * Get all domains linked to the account
1738 * @param int $userid
1739 * @param int $deleted - states if deleted data should be visible, default = 0 - not visible
1740 * @return resource - a mysql result set
1741 */
1742 function get_domains($userid, $deleted=0){
1743 //should be entered in account/9.php
1744 $userid = intval($userid);
1745 $filter='';
1746 if (0==$deleted) {
1747 $filter .= ' and `deleted`=0';
1748 }
1749 $query = "select * from `domains` where `memid`='".$userid."' and `hash`=''".$filter." order by `created`";
1750 return mysql_query($query);
1751 }
1752
1753 /**
1754 * Get all training results for the account
1755 * @param int $userid
1756 * @return resource - a mysql result set
1757 */
1758 function get_training_results($userid){
1759 //should be entered in account/55.php
1760 $userid = intval($userid);
1761 $query = "SELECT `CP`.`pass_date`, `CT`.`type_text`, `CV`.`test_text` ".
1762 " FROM `cats_passed` AS CP, `cats_variant` AS CV, `cats_type` AS CT ".
1763 " WHERE `CP`.`variant_id`=`CV`.`id` AND `CV`.`type_id`=`CT`.`id` AND `CP`.`user_id` ='".$userid."'".
1764 " ORDER BY `CP`.`pass_date`";
1765 return mysql_query($query);
1766 }
1767
1768 /**
1769 * Get all SE log entries for the account
1770 * @param int $userid
1771 * @return resource - a mysql result set
1772 */
1773 function get_se_log($userid){
1774 $userid = intval($userid);
1775 $query = "SELECT `adminlog`.`when`, `adminlog`.`type`, `adminlog`.`information`, `users`.`fname`, `users`.`lname`
1776 FROM `adminlog`, `users`
1777 WHERE `adminlog`.`adminid` = `users`.`id` and `adminlog`.`uid`=".$userid."
1778 ORDER BY `adminlog`.`when`";
1779 return mysql_query($query);
1780 }
1781
1782 /**
1783 * Get all client certificates linked to the account
1784 * @param int $userid
1785 * @param int $viewall - states if expired certs should be visible, default = 0 - not visible
1786 * @return resource - a mysql result set
1787 */
1788 function get_client_certs($userid, $viewall=0){
1789 //add to account/5.php
1790 $userid = intval($userid);
1791 $query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`,
1792 UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
1793 UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`,
1794 `emailcerts`.`expire`,
1795 `emailcerts`.`revoked` as `revoke`,
1796 UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`,
1797 `emailcerts`.`id`,
1798 `emailcerts`.`CN`,
1799 `emailcerts`.`serial`,
1800 `emailcerts`.`disablelogin`,
1801 `emailcerts`.`description`
1802 from `emailcerts`
1803 where `emailcerts`.`memid`='".$userid."'";
1804 if($viewall == 0)
1805 {
1806 $query .= " AND `emailcerts`.`revoked`=0 AND `emailcerts`.`renewed`=0";
1807 $query .= " HAVING `timeleft` > 0";
1808 }
1809 $query .= " ORDER BY `emailcerts`.`modified` desc";
1810 return mysql_query($query);
1811 }
1812
1813 /**
1814 * Get all server certs linked to the account
1815 * @param int $userid
1816 * @param int $viewall - states if expired certs should be visible, default = 0 - not visible
1817 * @return resource - a mysql result set
1818 */
1819 function get_server_certs($userid, $viewall=0){
1820 //add to account/12.php
1821 $userid = intval($userid);
1822 $query = "select UNIX_TIMESTAMP(`domaincerts`.`created`) as `created`,
1823 UNIX_TIMESTAMP(`domaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
1824 UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired`,
1825 `domaincerts`.`expire`,
1826 `domaincerts`.`revoked` as `revoke`,
1827 UNIX_TIMESTAMP(`revoked`) as `revoked`,
1828 `domaincerts`.`CN`,
1829 `domaincerts`.`serial`,
1830 `domaincerts`.`id`,
1831 `domaincerts`.`description`
1832 from `domaincerts`,`domains`
1833 where `domains`.`memid`='".$userid."' and `domaincerts`.`domid`=`domains`.`id`";
1834 if($viewall == 0)
1835 {
1836 $query .= " AND `domaincerts`.`revoked`=0 AND `domaincerts`.`renewed`=0";
1837 $query .= " HAVING `timeleft` > 0";
1838 }
1839 $query .= " ORDER BY `domaincerts`.`modified` desc";
1840 return mysql_query($query);
1841 }
1842
1843 /**
1844 * Get all gpg certs linked to the account
1845 * @param int $userid
1846 * @param int $viewall - states if expired certs should be visible, default = 0 - not visible
1847 * @return resource - a mysql result set
1848 */
1849 function get_gpg_certs($userid, $viewall=0){
1850 //add to gpg/2.php
1851 $userid = intval($userid);
1852 $query = $query = "select UNIX_TIMESTAMP(`issued`) as `issued`,
1853 UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() as `timeleft`,
1854 UNIX_TIMESTAMP(`expire`) as `expired`,
1855 `expire`, `id`, `level`, `email`, `keyid`, `description`
1856 from `gpg` where `memid`='".$userid."'";
1857 if ($viewall == 0) {
1858 $query .= " HAVING `timeleft` > 0";
1859 }
1860 $query .= " ORDER BY `issued` desc";
1861 return mysql_query($query);
1862 }
1863
1864
1865
1866 /**
1867 * Show the table header to the email table for the admin log
1868 */
1869 function output_log_email_header(){
1870 ?>
1871 <tr>
1872 <td class="DataTD bold"><?= _("Email, primary bold") ?></td>
1873 <td class="DataTD bold"><?= _("Created") ?></td>
1874 <td class="DataTD bold"><?= _("Deleted") ?></td>
1875 </tr>
1876
1877 <?
1878 }
1879 /**
1880 * Show all email data for the admin log
1881 * @param array $row - associative array containing the column data
1882 * @param string $primary - if given the primary address is highlighted
1883 */
1884 function output_log_email($row, $primary){
1885 $style = '';
1886 if ($row['deleted'] !== NULL_DATETIME) {
1887 $style = ' deletedemailaddress';
1888 } elseif ($primary == $row['email']) {
1889 $style = ' primaryemailaddress';
1890 }
1891 ?>
1892 <tr>
1893 <td class="DataTD<?=$style?>"><?=$row['email']?></td>
1894 <td class="DataTD<?=$style?>"><?=$row['created']?></td>
1895 <td class="DataTD<?=$style?>"><?=$row['deleted']?></td>
1896 </tr>
1897 <?
1898 }
1899
1900 /**
1901 * Show the table header to the domains table for the admin log
1902 */
1903 function output_log_domains_header(){
1904 ?>
1905 <tr>
1906 <td class="DataTD bold"><?= _("Domain") ?></td>
1907 <td class="DataTD bold"><?= _("Created") ?></td>
1908 <td class="DataTD bold"><?= _("Deleted") ?></td>
1909 </tr>
1910
1911 <?
1912 }
1913
1914 /**
1915 * Show the domain data for the admin log
1916 * @param array $row - associative array containing the column data
1917 */
1918 function output_log_domains($row){
1919 $italic='';
1920 if ($row['deleted'] !== NULL_DATETIME) {
1921 $italic=' italic';
1922 }
1923 ?>
1924 <tr>
1925 <td class="DataTD<?=$italic?>"><?=$row['domain']?></td>
1926 <td class="DataTD<?=$italic?>"><?=$row['created']?></td>
1927 <td class="DataTD<?=$italic?>"><?=$row['deleted']?></td>
1928 </tr>
1929 <?
1930 }
1931
1932 /**
1933 * Show the table header to the user agreement table for the admin log
1934 */
1935 function output_log_agreement_header(){
1936 ?>
1937 <tr>
1938 <td class="DataTD bold"><?= _("Agreement") ?></td>
1939 <td class="DataTD bold"><?= _("Date") ?></td>
1940 <td class="DataTD bold"><?= _("Method") ?></td>
1941 <td class="DataTD bold"><?= _("Active ") ?></td>
1942 </tr>
1943 <?
1944 }
1945
1946 /**
1947 * Show the agreement data for the admin log
1948 * @param array $row - associative array containing the column data
1949 */
1950 function output_log_agreement($row){
1951 ?>
1952 <tr>
1953 <td class="DataTD" ><?=$row['document']?></td>
1954 <td class="DataTD" ><?=$row['date']?></td>
1955 <td class="DataTD" ><?=$row['method']?></td>
1956 <td class="DataTD"><?= ($row['active']==0)? _('passive'):_('active')?></td>
1957 </tr>
1958 <?
1959 }
1960
1961 /**
1962 * Show the table header to the training table
1963 */
1964 function output_log_training_header(){
1965 //should be entered in account/55.php
1966 ?>
1967 <tr>
1968 <td class="DataTD bold"><?= _("Agreement") ?></td>
1969 <td class="DataTD bold"><?= _("Test") ?></td>
1970 <td class="DataTD bold"><?= _("Variant") ?></td>
1971 </tr>
1972 <?
1973 }
1974
1975 /**
1976 * Show the training data
1977 * @param array $row - associative array containing the column data
1978 */
1979 function output_log_training($row){
1980 //should be entered in account/55.php
1981 ?>
1982 <tr>
1983 <td class="DataTD"><?=$row['pass_date']?></td>
1984 <td class="DataTD"><?=$row['type_text']?></td>
1985 <td class="DataTD"><?=$row['test_text']?></td>
1986 </tr>
1987 <?
1988 }
1989
1990 /**
1991 * Show the table header to the SE log table for the admin log
1992 * @param int $support - if support = 1 more information is visible
1993 */
1994 function output_log_se_header($support=0){
1995 ?>
1996 <tr>
1997 <td class="DataTD bold"><?= _("Date") ?></td>
1998 <td class="DataTD bold"><?= _("Type") ?></td>
1999 <?
2000 if (1 == $support) {
2001 ?>
2002 <td class="DataTD bold"><?= _("Information") ?></td>
2003 <td class="DataTD bold"><?= _("Admin") ?></td>
2004 <?
2005 }
2006 ?>
2007 </tr>
2008 <?
2009 }
2010
2011 /**
2012 * Show the SE log data for the admin log
2013 * @param array $row - associative array containing the column data
2014 * @param int $support - if support = 1 more information is visible
2015 */
2016 function output_log_se($row, $support=0){
2017 //should be entered in account/55.php
2018 ?>
2019 <tr>
2020 <td class="DataTD"><?=$row['when']?></td>
2021 <td class="DataTD"><?=$row['type']?></td>
2022 <?
2023 if (1 == $support) {
2024 ?>
2025 <td class="DataTD"><?=$row['information']?></td>
2026 <td class="DataTD"><?=$row['fname'].' '.$row['lname']?></td>
2027 <?
2028 }
2029 ?>
2030 </tr>
2031 <?
2032 }
2033
2034 /**
2035 * Shows the table header to the client cert table
2036 * @param int $support - if support = 1 some columns ar not visible
2037 * @param bool $readonly - whether elements to modify data should be hidden, default is `true`
2038 */
2039 function output_client_cert_header($support=0, $readonly=true){
2040 //should be added to account/5.php
2041 ?>
2042 <tr>
2043 <?
2044 if (!$readonly) {
2045 ?>
2046 <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
2047 <?
2048 }
2049 ?>
2050 <td class="DataTD"><?=_("Status")?></td>
2051 <td class="DataTD"><?=_("Email Address")?></td>
2052 <td class="DataTD"><?=_("SerialNumber")?></td>
2053 <td class="DataTD"><?=_("Revoked")?></td>
2054 <td class="DataTD"><?=_("Expires")?></td>
2055 <td class="DataTD"><?=_("Login")?></td>
2056 <?
2057 if (1 != $support) {
2058 ?>
2059 <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
2060 <?
2061 }
2062 ?>
2063 </tr>
2064 <?
2065 }
2066
2067 /**
2068 * Show the client cert data
2069 * @param array $row - associative array containing the column data
2070 * @param int $support - if support = 1 some columns are not visible
2071 * @param bool $readonly - whether elements to modify data should be hidden, default is `true`
2072 */
2073 function output_client_cert($row, $support=0, $readonly=true){
2074 //should be entered in account/5.php
2075 $verified="";
2076 if ($row['timeleft'] > 0) {
2077 $verified = _("Valid");
2078 } else {
2079 $verified = _("Expired");
2080 }
2081
2082 if ($row['expired'] == 0) {
2083 $verified = _("Pending");
2084 }
2085
2086 if ($row['revoked'] == 0) {
2087 $row['revoke'] = _("Not Revoked");
2088 } else {
2089 $verified = _("Revoked");
2090 }
2091
2092 ?>
2093 <tr>
2094 <?
2095 if (!$readonly) {
2096 if ($verified === _("Pending")) {
2097 ?>
2098 <td class="DataTD">
2099 <input type="checkbox" name="delid[]" value="<?=intval($row['id'])?>">
2100 </td>
2101 <?
2102
2103 } elseif ($verified === _("Revoked")) {
2104 ?>
2105 <td class="DataTD">&nbsp;</td>
2106 <?
2107
2108 } else {
2109 ?>
2110 <td class="DataTD">
2111 <input type="checkbox" name="revokeid[]" value="<?=intval($row['id'])?>">
2112 </td>
2113 <?
2114 }
2115 }
2116
2117 ?>
2118 <td class="DataTD"><?=$verified?></td>
2119 <?
2120
2121 if ($verified === _("Pending")) {
2122 ?>
2123 <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : htmlspecialchars($row['CN']))?></td>
2124 <?
2125 } else {
2126 ?>
2127 <td class="DataTD">
2128 <a href="account.php?id=6&amp;cert=<?=intval($row['id'])?>">
2129 <?=(trim($row['CN'])=="" ? _("empty") : htmlspecialchars($row['CN']))?>
2130 </a>
2131 </td>
2132 <?
2133 }
2134
2135 ?>
2136 <td class="DataTD"><?=$row['serial']?></td>
2137 <td class="DataTD"><?=$row['revoke']?></td>
2138 <td class="DataTD"><?=$row['expire']?></td>
2139 <td class="DataTD">
2140 <input type="checkbox" name="disablelogin_<?=intval($row['id'])?>" value="1" <?=$row['disablelogin']?"":"checked='checked'"?> <?=$readonly?'disabled="disabled"':''?>/>
2141 <input type="hidden" name="cert_<?=intval($row['id'])?>" value="1" />
2142 </td>
2143 <?
2144
2145 if (1 != $support) {
2146 ?>
2147 <td class="DataTD">
2148 <input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" />
2149 </td>
2150 <?
2151 if (!$readonly) {
2152 ?>
2153 <td class="DataTD">
2154 <input type="checkbox" name="check_comment_<?=intval($row['id'])?>" />
2155 </td>
2156 <?
2157 }
2158 }
2159
2160 ?>
2161 </tr>
2162 <?
2163 }
2164
2165 /**
2166 * Show the table header to the server cert table
2167 * @param int $support - if support = 1 some columns ar not visible
2168 * @param bool $readonly - whether elements to modify data should be hidden, default is `true`
2169 */
2170 function output_server_certs_header($support=0, $readonly=true){
2171 //should be entered in account/12.php
2172 ?>
2173 <tr>
2174 <?
2175 if (!$readonly) {
2176 ?>
2177 <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
2178 <?
2179 }
2180 ?>
2181 <td class="DataTD"><?=_("Status")?></td>
2182 <td class="DataTD"><?=_("CommonName")?></td>
2183 <td class="DataTD"><?=_("SerialNumber")?></td>
2184 <td class="DataTD"><?=_("Revoked")?></td>
2185 <td class="DataTD"><?=_("Expires")?></td>
2186 <?
2187 if (1 != $support) {
2188 ?>
2189 <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
2190 <?
2191 }
2192 ?>
2193 </tr>
2194 <?
2195 }
2196
2197 /**
2198 * Show the server cert data
2199 * @param array $row - associative array containing the column data
2200 * @param int $support - if support = 1 some columns are not visible
2201 * @param bool $readonly - whether elements to modify data should be hidden, default is `true`
2202 */
2203 function output_server_certs($row, $support=0, $readonly=true){
2204 //should be entered in account/12.php
2205 $verified="";
2206 if ($row['timeleft'] > 0) {
2207 $verified = _("Valid");
2208 } else {
2209 $verified = _("Expired");
2210 }
2211
2212 if ($row['expired'] == 0) {
2213 $verified = _("Pending");
2214 }
2215
2216 if ($row['revoked'] == 0) {
2217 $row['revoke'] = _("Not Revoked");
2218 } else {
2219 $verified = _("Revoked");
2220 }
2221
2222 ?>
2223 <tr>
2224 <?
2225 if (!$readonly) {
2226 if ($verified === _("Pending")) {
2227 ?>
2228 <td class="DataTD">
2229 <input type="checkbox" name="delid[]" value="<?=intval($row['id'])?>"/>
2230 </td>
2231 <?
2232 } elseif($verified === _("Revoked")) {
2233 ?>
2234 <td class="DataTD">&nbsp;</td>
2235 <?
2236 } else {
2237 ?>
2238 <td class="DataTD">
2239 <input type="checkbox" name="revokeid[]" value="<?=intval($row['id'])?>"/>
2240 </td>
2241 <?
2242 }
2243 }
2244
2245 ?>
2246 <td class="DataTD"><?=$verified?></td>
2247 <?
2248
2249 if ($verified === _("Pending")) {
2250 ?>
2251 <td class="DataTD"><?=htmlspecialchars($row['CN'])?></td>
2252 <?
2253 } else {
2254 ?>
2255 <td class="DataTD">
2256 <a href="account.php?id=15&amp;cert=<?=intval($row['id'])?>">
2257 <?=htmlspecialchars($row['CN'])?>
2258 </a>
2259 </td>
2260 <?
2261 }
2262
2263 ?>
2264 <td class="DataTD"><?=$row['serial']?></td>
2265 <td class="DataTD"><?=$row['revoke']?></td>
2266 <td class="DataTD"><?=$row['expire']?></td>
2267 <?
2268
2269 if (1 != $support) {
2270 ?>
2271 <td class="DataTD">
2272 <input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" />
2273 </td>
2274 <?
2275 if (!$readonly) {
2276 ?>
2277 <td class="DataTD">
2278 <input type="checkbox" name="check_comment_<?=intval($row['id'])?>" />
2279 </td>
2280 <?
2281 }
2282 }
2283
2284 ?>
2285 </tr>
2286 <?
2287 }
2288
2289 /**
2290 * Show the table header to the gpg cert table
2291 * @param int $support - if support = 1 some columns ar not visible
2292 * @param bool $readonly - whether elements to modify data should be hidden, default is `true`
2293 */
2294 function output_gpg_certs_header($support=0, $readonly=true){
2295 // $readonly is currently ignored but kept for consistency
2296 ?>
2297 <tr>
2298 <td class="DataTD"><?=_("Status")?></td>
2299 <td class="DataTD"><?=_("Email Address")?></td>
2300 <td class="DataTD"><?=_("Expires")?></td>
2301 <td class="DataTD"><?=_("Key ID")?></td>
2302 <?
2303 if (1 != $support) {
2304 ?>
2305 <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
2306 <?
2307 }
2308 ?>
2309 </tr>
2310 <?
2311 }
2312
2313 /**
2314 * Show the gpg cert data
2315 * @param array $row - associative array containing the column data
2316 * @param int $support - if support = 1 some columns are not visible
2317 * @param bool $readonly - whether elements to modify data should be hidden, default is `true`
2318 */
2319 function output_gpg_certs($row, $support=0, $readonly=true){
2320 //should be entered in account/55.php
2321 $verified="";
2322 if ($row['timeleft'] > 0) {
2323 $verified = _("Valid");
2324 } else {
2325 $verified = _("Expired");
2326 }
2327
2328 if ($row['expired'] == 0) {
2329 $verified = _("Pending");
2330 }
2331
2332 ?>
2333 <tr>
2334 <td class="DataTD"><?=$verified?></td>
2335 <?
2336
2337 if($verified == _("Pending")) {
2338 ?>
2339 <td class="DataTD"><?=htmlspecialchars($row['email'])?></td>
2340 <?
2341 } else {
2342 ?>
2343 <td class="DataTD">
2344 <a href="gpg.php?id=3&amp;cert=<?=intval($row['id'])?>">
2345 <?=htmlspecialchars($row['email'])?>
2346 </a>
2347 </td>
2348 <?
2349 }
2350
2351 ?>
2352 <td class="DataTD"><?=$row['expire']?></td>
2353 <?
2354
2355 if($verified == _("Pending")) {
2356 ?>
2357 <td class="DataTD"><?=htmlspecialchars($row['keyid'])?></td>
2358 <?
2359 } else {
2360 ?>
2361 <td class="DataTD">
2362 <a href="gpg.php?id=3&amp;cert=<?=intval($row['id'])?>">
2363 <?=htmlspecialchars($row['keyid'])?>
2364 </a>
2365 </td>
2366 <?
2367 }
2368
2369 if (1 != $support) {
2370 ?>
2371 <td class="DataTD">
2372 <input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" />
2373 </td>
2374 <?
2375 if (!$readonly) {
2376 ?>
2377 <td class="DataTD">
2378 <input type="checkbox" name="check_comment_<?=intval($row['id'])?>" />
2379 </td>
2380 <?
2381 }
2382 }
2383
2384 ?>
2385 </tr>
2386 <?
2387 }
2388
2389 /**
2390 * revoke_assurance()
2391 * revokes an assurance and adjusts the old point calculation
2392 * @param mixed $assuranceid - id of the assurance
2393 * @param mixed $toid - id of the assuree
2394 * @return
2395 */
2396 function revoke_assurance($assuranceid, $toid){
2397 $assuranceid = intval($assuranceid);
2398 $toid = intval($toid);
2399 $points = 0;
2400
2401 $query = "update `notary` set `deleted` = NOW() where `id` = '$assuranceid' LIMIT 1";
2402 mysql_query($query);
2403 recalculate_old_assurance_points($toid);
2404 fix_assurer_flag($toid);
2405 }
2406
2407 /**
2408 * recalculates the old points of an assuree
2409 * @param int $toid - id of the assuree
2410 */
2411 function recalculate_old_assurance_points($toid){
2412 $query = "select * from `notary` where `to` = '$toid' and `method` != 'Administrative Increase' and `deleted` = 0 order by `when`";
2413 $res = mysql_query($query);
2414 while($row = mysql_fetch_assoc($res)){
2415 $maxToAward = max(100 - $points, 0);
2416 $newpoints = min($row['awarded'], $maxToAward);
2417
2418 $points += $row['awarded'];
2419
2420 $query = "update `notary` set `points` = '". (int)$newpoints ."' where `id`='" . (int)$row['id'] . "' LIMIT 1";
2421 mysql_query($query);
2422 }
2423
2424 }