Merge branch 'bug-1034' into release
[cacert-devel.git] / includes / notary.inc.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2011 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */
18
19 function query_init ($query)
20 {
21 return mysql_query($query);
22 }
23
24 function query_getnextrow ($res)
25 {
26 $row1 = mysql_fetch_assoc($res);
27 return $row1;
28 }
29
30 function query_get_number_of_rows ($resultset)
31 {
32 return intval(mysql_num_rows($resultset));
33 }
34
35 function get_number_of_assurances ($userid)
36 {
37 $res = query_init ("SELECT count(*) AS `list` FROM `notary`
38 WHERE `method` = 'Face to Face Meeting' AND `from`='".intval($userid)."' ");
39 $row = query_getnextrow($res);
40
41 return intval($row['list']);
42 }
43
44 function get_number_of_assurees ($userid)
45 {
46 $res = query_init ("SELECT count(*) AS `list` FROM `notary`
47 WHERE `method` = 'Face to Face Meeting' AND `to`='".intval($userid)."' ");
48 $row = query_getnextrow($res);
49
50 return intval($row['list']);
51 }
52
53 function get_top_assurer_position ($no_of_assurances)
54 {
55 $res = query_init ("SELECT count(*) AS `list` FROM `notary`
56 WHERE `method` = 'Face to Face Meeting'
57 GROUP BY `from` HAVING count(*) > '".intval($no_of_assurances)."'");
58 return intval(query_get_number_of_rows($res)+1);
59 }
60
61 function get_top_assuree_position ($no_of_assurees)
62 {
63 $res = query_init ("SELECT count(*) AS `list` FROM `notary`
64 WHERE `method` = 'Face to Face Meeting'
65 GROUP BY `to` HAVING count(*) > '".intval($no_of_assurees)."'");
66 return intval(query_get_number_of_rows($res)+1);
67 }
68
69 function get_given_assurances ($userid)
70 {
71 $res = query_init ("select * from `notary` where `from`='".intval($userid)."' and `from` != `to` order by `id` asc");
72 return $res;
73 }
74
75 function get_received_assurances ($userid)
76 {
77 $res = query_init ("select * from `notary` where `to`='".intval($userid)."' and `from` != `to` order by `id` asc ");
78 return $res;
79 }
80
81 function get_given_assurances_summary ($userid)
82 {
83 $res = query_init ("select count(*) as number,points,awarded,method from notary where `from`='".intval($userid)."' group by points,awarded,method");
84 return $res;
85 }
86
87 function get_received_assurances_summary ($userid)
88 {
89 $res = query_init ("select count(*) as number,points,awarded,method from notary where `to`='".intval($userid)."' group by points,awarded,method");
90 return $res;
91 }
92
93 function get_user ($userid)
94 {
95 $res = query_init ("select * from `users` where `id`='".intval($userid)."'");
96 return mysql_fetch_assoc($res);
97 }
98
99 function get_cats_state ($userid)
100 {
101
102 $res = query_init ("select * from `cats_passed` inner join `cats_variant` on `cats_passed`.`variant_id` = `cats_variant`.`id` and `cats_variant`.`type_id` = 1
103 WHERE `cats_passed`.`user_id` = '".intval($userid)."'");
104 return mysql_num_rows($res);
105 }
106
107 function calc_experience ($row,&$points,&$experience,&$sum_experience,&$revoked)
108 {
109 $apoints = max($row['points'],$row['awarded']);
110 $points += $apoints;
111 $experience = "&nbsp;";
112 $revoked = false; # to be coded later (after DB-upgrade)
113 if ($row['method'] == "Face to Face Meeting")
114 {
115 $sum_experience = $sum_experience +2;
116 $experience = "2";
117 }
118 return $apoints;
119 }
120
121 function calc_assurances ($row,&$points,&$experience,&$sumexperience,&$awarded,&$revoked)
122 {
123 $awarded = calc_points($row);
124 $revoked = false;
125
126 if ($awarded > 100)
127 {
128 $experience = $awarded - 100; // needs to be fixed in the future (limit 50 pts and/or no experience if pts > 100)
129 $awarded = 100;
130 }
131 else
132 $experience = 0;
133
134 switch ($row['method'])
135 {
136 case 'Thawte Points Transfer':
137 case 'CT Magazine - Germany':
138 case 'Temporary Increase': // Current usage of 'Temporary Increase' may break audit aspects, needs to be reimplemented
139 $awarded=sprintf("<strong style='color: red'>%s</strong>",_("Revoked"));
140 $experience=0;
141 $revoked=true;
142 break;
143 default:
144 $points += $awarded;
145 }
146 $sumexperience = $sumexperience + $experience;
147 }
148
149
150 function show_user_link ($name,$userid)
151 {
152 $name = trim($name);
153 if($name == "")
154 {
155 if ($userid == 0)
156 $name = _("System");
157 else
158 $name = _("Deleted account");
159 }
160 else
161 $name = "<a href='wot.php?id=9&amp;userid=".intval($userid)."'>".sanitizeHTML($name)."</a>";
162 return $name;
163 }
164
165 function show_email_link ($email,$userid)
166 {
167 $email = trim($email);
168 if($email != "")
169 $email = "<a href='account.php?id=43&amp;userid=".intval($userid)."'>".sanitizeHTML($email)."</a>";
170 return $email;
171 }
172
173 function get_assurer_ranking($userid,&$num_of_assurances,&$rank_of_assurer)
174 {
175 $num_of_assurances = get_number_of_assurances (intval($userid));
176 $rank_of_assurer = get_top_assurer_position($num_of_assurances);
177 }
178
179 function get_assuree_ranking($userid,&$num_of_assurees,&$rank_of_assuree)
180 {
181 $num_of_assurees = get_number_of_assurees (intval($userid));
182 $rank_of_assuree = get_top_assuree_position($num_of_assurees);
183 }
184
185
186 // ************* html table definitions ******************
187
188 function output_ranking($userid)
189 {
190 get_assurer_ranking($userid,$num_of_assurances,$rank_of_assurer);
191 get_assuree_ranking($userid,$num_of_assurees,$rank_of_assuree);
192
193 ?>
194 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
195 <tr>
196 <td class="title"><?=_("Assurer Ranking")?></td>
197 </tr>
198 <tr>
199 <td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($num_of_assurances), intval($rank_of_assurer) )?></td>
200 </tr>
201 <tr>
202 <td class="DataTD"><?=sprintf(_("You have received %s assurances which ranks you as the #%s top assuree."), intval($num_of_assurees), intval($rank_of_assuree) )?></td>
203 </tr>
204 </table>
205 <br/>
206 <?
207 }
208
209 function output_assurances_header($title,$support)
210 {
211 ?>
212 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
213 <tr>
214 <?
215 if ($support == "1")
216 {
217 ?>
218 <td colspan="10" class="title"><?=$title?></td>
219 <?
220 } else {
221 ?>
222 <td colspan="7" class="title"><?=$title?></td>
223 <? }
224 ?>
225 </tr>
226 <tr>
227 <td class="DataTD"><strong><?=_("ID")?></strong></td>
228 <td class="DataTD"><strong><?=_("Date")?></strong></td>
229 <?
230 if ($support == "1")
231 {
232 ?>
233 <td class="DataTD"><strong><?=_("When")?></strong></td>
234 <td class="DataTD"><strong><?=_("Email")?></strong></td>
235 <? } ?>
236 <td class="DataTD"><strong><?=_("Who")?></strong></td>
237 <td class="DataTD"><strong><?=_("Points")?></strong></td>
238 <td class="DataTD"><strong><?=_("Location")?></strong></td>
239 <td class="DataTD"><strong><?=_("Method")?></strong></td>
240 <td class="DataTD"><strong><?=_("Experience Points")?></strong></td>
241 <?
242 if ($support == "1")
243 {
244 ?>
245 <td class="DataTD"><strong><?=_("Revoke")?></strong></td>
246 <?
247 }
248 ?>
249 </tr>
250 <?
251 }
252
253 function output_assurances_footer($points_txt,$points,$experience_txt,$sumexperience,$support)
254 {
255 ?>
256 <tr>
257 <td class="DataTD" colspan="5"><strong><?=$points_txt?>:</strong></td>
258 <td class="DataTD"><?=$points?></td>
259 <td class="DataTD">&nbsp;</td>
260 <td class="DataTD"><strong><?=$experience_txt?>:</strong></td>
261 <td class="DataTD"><?=$sumexperience?></td>
262 <?
263 if ($support == "1")
264 {
265 ?>
266 <td class="DataTD">&nbsp;</td>
267 <?
268 }
269 ?>
270
271 </tr>
272 </table>
273 <br/>
274 <?
275 }
276
277 function output_assurances_row($assuranceid,$date,$when,$email,$name,$awarded,$points,$location,$method,$experience,$userid,$support,$revoked)
278 {
279
280 $tdstyle="";
281 $emopen="";
282 $emclose="";
283
284 if ($awarded == $points)
285 {
286 if ($awarded == "0")
287 {
288 if ($when < "2006-09-01")
289 {
290 $tdstyle="style='background-color: #ffff80'";
291 $emopen="<em>";
292 $emclose="</em>";
293 }
294 }
295 }
296 ?>
297 <tr>
298 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$assuranceid?><?=$emclose?></td>
299 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$date?><?=$emclose?></td>
300 <?
301 if ($support == "1")
302 {
303 ?>
304 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$when?><?=$emclose?></td>
305 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$email?><?=$emclose?></td>
306 <? }
307 ?>
308 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td>
309 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$awarded?><?=$emclose?></td>
310 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$location?><?=$emclose?></td>
311 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td>
312 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?><?=$emclose?></td>
313 <?
314 if ($support == "1")
315 {
316 if ($revoked == true)
317 {
318 ?>
319 <td class="DataTD" <?=$tdstyle?>>&nbsp;</td>
320 <? } else {
321 ?>
322 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&amp;userid=<?=intval($userid)?>&amp;assurance=<?=intval($assuranceid)?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a><?=$emclose?></td>
323 <?
324 }
325 }
326 ?>
327 </tr>
328 <?
329 }
330
331 function output_summary_header()
332 {
333 ?>
334 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
335 <tr>
336 <td colspan="4" class="title"><?=_("Summary of your Points")?></td>
337 </tr>
338 <tr>
339 <td class="DataTD"><strong><?=_("Description")?></strong></td>
340 <td class="DataTD"><strong><?=_("Points")?></strong></td>
341 <td class="DataTD"><strong><?=_("Countable Points")?></strong></td>
342 <td class="DataTD"><strong><?=_("Remark")?></strong></td>
343 </tr>
344 <?
345 }
346
347 function output_summary_footer()
348 {
349 ?>
350 </table>
351 <br/>
352 <?
353 }
354
355 function output_summary_row($title,$points,$points_countable,$remark)
356 {
357 ?>
358 <tr>
359 <td class="DataTD"><strong><?=$title?></strong></td>
360 <td class="DataTD"><?=$points?></td>
361 <td class="DataTD"><?=$points_countable?></td>
362 <td class="DataTD"><?=$remark?></td>
363 </tr>
364 <?
365 }
366
367
368 // ************* output given assurances ******************
369
370 function output_given_assurances_content($userid,&$points,&$sum_experience,$support)
371 {
372 $points = 0;
373 $sumexperience = 0;
374 $res = get_given_assurances(intval($userid));
375 while($row = mysql_fetch_assoc($res))
376 {
377 $fromuser = get_user (intval($row['to']));
378 $apoints = calc_experience ($row,$points,$experience,$sum_experience,$revoked);
379 $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['to']));
380 $email = show_email_link ($fromuser['email'],intval($row['to']));
381 output_assurances_row (intval($row['id']),$row['date'],$row['when'],$email,$name,$apoints,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience,$userid,$support,$revoked);
382 }
383 }
384
385 // ************* output received assurances ******************
386
387 function output_received_assurances_content($userid,&$points,&$sum_experience,$support)
388 {
389 $points = 0;
390 $sumexperience = 0;
391 $res = get_received_assurances(intval($userid));
392 while($row = mysql_fetch_assoc($res))
393 {
394 $fromuser = get_user (intval($row['from']));
395 calc_assurances ($row,$points,$experience,$sum_experience,$awarded,$revoked);
396 $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['from']));
397 $email = show_email_link ($fromuser['email'],intval($row['from']));
398 output_assurances_row (intval($row['id']),$row['date'],$row['when'],$email,$name,$awarded,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience,$userid,$support,$revoked);
399 }
400 }
401
402 // ************* output summary table ******************
403
404 function check_date_limit ($userid,$age)
405 {
406 $dob = date("Y-m-d", mktime(0,0,0,date("m"),date("d"),date("Y")-$age));
407 $res = query_init ("select id from `users` where `id`='".$userid."' and `dob` < '$dob'");
408 return intval(query_get_number_of_rows($res));
409 }
410
411 function calc_points($row)
412 {
413 $awarded = intval($row['awarded']);
414 if ($awarded == "")
415 $awarded = 0;
416 if (intval($row['points']) < $awarded)
417 $points = $awarded; // if 'sum of added points' > 100, awarded shows correct value
418 else
419 $points = intval($row['points']); // on very old assurances, awarded is '0' instead of correct value
420 switch ($row['method'])
421 {
422 case 'Thawte Points Transfer': // revoke all Thawte-points (as per arbitration)
423 case 'CT Magazine - Germany': // revoke c't (only one test-entry)
424 case 'Temporary Increase': // revoke 'temporary increase' (Current usage breaks audit aspects, needs to be reimplemented)
425 $points = 0;
426 break;
427 case 'Administrative Increase': // ignore AI with 2 points or less (historical for experiance points, now other calculation)
428 if ($points <= 2) // maybe limit to 35/50 pts in the future?
429 $points = 0;
430 break;
431 case 'Unknown': // to be revoked in the future? limit to max 50 pts?
432 case 'Trusted Third Parties': // to be revoked in the future? limit to max 35 pts?
433 case '': // to be revoked in the future? limit to max 50 pts?
434 case 'Face to Face Meeting': // normal assurances, limit to 35/50 pts in the future?
435 break;
436 default: // should never happen ... ;-)
437 $points = 0;
438 }
439 if ($points < 0) // ignore negative points (bug needs to be fixed)
440 $points = 0;
441 return $points;
442 }
443
444 function max_points($userid)
445 {
446 return output_summary_content ($userid,0);
447 }
448
449 function output_summary_content($userid,$display_output)
450 {
451 $sum_points = 0;
452 $sum_experience = 0;
453 $sum_experience_other = 0;
454 $max_points = 100;
455 $max_experience = 50;
456
457 $experience_limit_reached_txt = _("Limit reached");
458
459 if (check_date_limit($userid,18) != 1)
460 {
461 $max_experience = 10;
462 $experience_limit_reached_txt = _("Limit given by PoJAM reached");
463 }
464 if (check_date_limit($userid,14) != 1)
465 {
466 $max_experience = 0;
467 $experience_limit_reached_txt = _("Limit given by PoJAM reached");
468 }
469
470 $res = get_received_assurances_summary($userid);
471 while($row = mysql_fetch_assoc($res))
472 {
473 $points = calc_points ($row);
474
475 if ($points > $max_points) // limit to 100 points, above is experience (needs to be fixed)
476 {
477 $sum_experience_other = $sum_experience_other+($points-$max_points)*intval($row['number']);
478 $points = $max_points;
479 }
480 $sum_points += $points*intval($row['number']);
481 }
482
483 $res = get_given_assurances_summary($userid);
484 while($row = mysql_fetch_assoc($res))
485 {
486 switch ($row['method'])
487 {
488 case 'Face to Face Meeting': // count Face to Face only
489 $sum_experience += 2*intval($row['number']);
490 break;
491 }
492
493 }
494
495 if ($sum_points > $max_points)
496 {
497 $sum_points_countable = $max_points;
498 $remark_points = _("Limit reached");
499 }
500 else
501 {
502 $sum_points_countable = $sum_points;
503 $remark_points = "&nbsp;";
504 }
505 if ($sum_experience > $max_experience)
506 {
507 $sum_experience_countable = $max_experience;
508 $remark_experience = $experience_limit_reached_txt;
509 }
510 else
511 {
512 $sum_experience_countable = $sum_experience;
513 $remark_experience = "&nbsp;";
514 }
515
516 if ($sum_experience_countable + $sum_experience_other > $max_experience)
517 {
518 $sum_experience_other_countable = $max_experience-$sum_experience_countable;
519 $remark_experience_other = $experience_limit_reached_txt;
520 }
521 else
522 {
523 $sum_experience_other_countable = $sum_experience_other;
524 $remark_experience_other = "&nbsp;";
525 }
526
527 if ($sum_points_countable < $max_points)
528 {
529 if ($sum_experience_countable != 0)
530 $remark_experience = _("Points on hold due to less assurance points");
531 $sum_experience_countable = 0;
532 if ($sum_experience_other_countable != 0)
533 $remark_experience_other = _("Points on hold due to less assurance points");
534 $sum_experience_other_countable = 0;
535 }
536
537 $issue_points = 0;
538 $cats_test_passed = get_cats_state ($userid);
539 if ($cats_test_passed == 0)
540 {
541 $issue_points_txt = "<strong style='color: red'>"._("You have to pass the CAcert Assurer Challenge (CATS-Test) to be an Assurer")."</strong>";
542 if ($sum_points_countable < $max_points)
543 {
544 $issue_points_txt = "<strong style='color: red'>";
545 $issue_points_txt .= sprintf(_("You need %s assurance points and the passed CATS-Test to be an Assurer"), intval($max_points));
546 $issue_points_txt .= "</strong>";
547 }
548 }
549 else
550 {
551 $experience_total = $sum_experience_countable+$sum_experience_other_countable;
552 $issue_points_txt = "";
553 if ($sum_points_countable == $max_points)
554 $issue_points = 10;
555 if ($experience_total >= 10)
556 $issue_points = 15;
557 if ($experience_total >= 20)
558 $issue_points = 20;
559 if ($experience_total >= 30)
560 $issue_points = 25;
561 if ($experience_total >= 40)
562 $issue_points = 30;
563 if ($experience_total >= 50)
564 $issue_points = 35;
565 if ($issue_points != 0)
566 $issue_points_txt = sprintf(_("You may issue up to %s points"),$issue_points);
567 }
568 if ($display_output)
569 {
570 output_summary_row (_("Assurance Points you received"),$sum_points,$sum_points_countable,$remark_points);
571 output_summary_row (_("Total Experience Points by Assurance"),$sum_experience,$sum_experience_countable,$remark_experience);
572 output_summary_row (_("Total Experience Points (other ways)"),$sum_experience_other,$sum_experience_other_countable,$remark_experience_other);
573 output_summary_row (_("Total Points"),"&nbsp;",$sum_points_countable + $sum_experience_countable + $sum_experience_other_countable,$issue_points_txt);
574 }
575 return $issue_points;
576 }
577
578 function output_given_assurances($userid,$support)
579 {
580 output_assurances_header(_("Assurance Points You Issued"),$support);
581 output_given_assurances_content($userid,$points,$sum_experience,$support);
582 output_assurances_footer(_("Total Points Issued"),$points,_("Total Experience Points"),$sum_experience,$support);
583 }
584
585 function output_received_assurances($userid,$support)
586 {
587 output_assurances_header(_("Your Assurance Points"),$support);
588 output_received_assurances_content($userid,$points,$sum_experience,$support);
589 output_assurances_footer(_("Total Assurance Points"),$points,_("Total Experience Points"),$sum_experience,$support);
590 }
591
592 function output_summary($userid)
593 {
594 output_summary_header();
595 output_summary_content($userid,1);
596 output_summary_footer();
597 }
598
599 function output_end_of_page()
600 {
601 ?>
602 <p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p>
603 <?
604 }
605 ?>