bug 1176: Fix some syntax errors
[cacert-devel.git] / includes / wot.inc.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2011 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */
18
19 function query_init ($query)
20 {
21 return mysql_query($query);
22 }
23
24 function query_getnextrow ($res)
25 {
26 $row1 = mysql_fetch_assoc($res);
27 return $row1;
28 }
29
30 function query_get_number_of_rows ($resultset)
31 {
32 return intval(mysql_num_rows($resultset));
33 }
34
35 function get_number_of_assurances ($userid)
36 {
37 $res = query_init ("SELECT count(*) AS `list` FROM `notary`
38 WHERE `method` = 'Face to Face Meeting' AND `from`='".intval($userid)."' ");
39 $row = query_getnextrow($res);
40
41 return intval($row['list']);
42 }
43
44 function get_number_of_ttpassurances ($userid)
45 {
46 $res = query_init ("SELECT count(*) AS `list` FROM `notary`
47 WHERE (`method`='Trusted Third Parties' or `method`='TTP-Assisted') AND `to`='".intval($userid)."' ");
48 $row = query_getnextrow($res);
49
50 return intval($row['list']);
51 }
52
53 function get_number_of_assurees ($userid)
54 {
55 $res = query_init ("SELECT count(*) AS `list` FROM `notary`
56 WHERE `method` = 'Face to Face Meeting' AND `to`='".intval($userid)."' ");
57 $row = query_getnextrow($res);
58
59 return intval($row['list']);
60 }
61
62 function get_top_assurer_position ($no_of_assurances)
63 {
64 $res = query_init ("SELECT count(*) AS `list` FROM `notary`
65 WHERE `method` = 'Face to Face Meeting'
66 GROUP BY `from` HAVING count(*) > '".intval($no_of_assurances)."'");
67 return intval(query_get_number_of_rows($res)+1);
68 }
69
70 function get_top_assuree_position ($no_of_assurees)
71 {
72 $res = query_init ("SELECT count(*) AS `list` FROM `notary`
73 WHERE `method` = 'Face to Face Meeting'
74 GROUP BY `to` HAVING count(*) > '".intval($no_of_assurees)."'");
75 return intval(query_get_number_of_rows($res)+1);
76 }
77
78 function get_given_assurances ($userid)
79 {
80 $res = query_init ("select * from `notary` where `from`='".intval($userid)."' and `from` != `to` order by `id` asc");
81 return $res;
82 }
83
84 function get_received_assurances ($userid)
85 {
86 $res = query_init ("select * from `notary` where `to`='".intval($userid)."' and `from` != `to` order by `id` asc ");
87 return $res;
88 }
89
90 function get_given_assurances_summary ($userid)
91 {
92 $res = query_init ("select count(*) as number,points,awarded,method from notary where `from`='".intval($userid)."' group by points,awarded,method");
93 return $res;
94 }
95
96 function get_received_assurances_summary ($userid)
97 {
98 $res = query_init ("select count(*) as number,points,awarded,method from notary where `to`='".intval($userid)."' group by points,awarded,method");
99 return $res;
100 }
101
102 function get_user ($userid)
103 {
104 $res = query_init ("select * from `users` where `id`='".intval($userid)."'");
105 return mysql_fetch_assoc($res);
106 }
107
108 function get_cats_state ($userid)
109 {
110
111 $res = query_init ("select * from `cats_passed` inner join `cats_variant` on `cats_passed`.`variant_id` = `cats_variant`.`id` and `cats_variant`.`type_id` = 1
112 WHERE `cats_passed`.`user_id` = '".intval($userid)."'");
113 return mysql_num_rows($res);
114 }
115
116 function calc_experience ($row,&$points,&$experience,&$sum_experience)
117 {
118 $apoints = max($row['points'], $row['awarded']);
119
120 $points += $apoints;
121
122 $experience = "&nbsp;";
123 if ($row['method'] == "Face to Face Meeting")
124 {
125 $sum_experience = $sum_experience +2;
126 $experience = "2";
127 }
128 return $apoints;
129 }
130
131 function calc_assurances ($row,&$points,&$experience,&$sumexperience,&$awarded)
132 {
133 $awarded = calc_points($row);
134
135 if ($awarded > 100)
136 {
137 $experience = $awarded - 100; // needs to be fixed in the future (limit 50 pts and/or no experience if pts > 100)
138 $awarded = 100;
139 }
140 else
141 $experience = 0;
142
143 switch ($row['method'])
144 {
145 case 'Thawte Points Transfer':
146 case 'CT Magazine - Germany':
147 case 'Temporary Increase': // Current usage of 'Temporary Increase' may break audit aspects, needs to be reimplemented
148 $awarded=sprintf("<strong style='color: red'>%s</strong>",_("Revoked"));
149 $experience=0;
150 break;
151 default:
152 $points += $awarded;
153 }
154 $sumexperience = $sumexperience + $experience;
155 }
156
157
158 function show_user_link ($name,$userid)
159 {
160 $name = trim($name);
161 if($name == "")
162 {
163 if ($userid == 0)
164 $name = _("System");
165 else
166 $name = _("Deleted account");
167 }
168 else
169 $name = "<a href='wot.php?id=9&amp;userid=".intval($userid)."'>$name</a>";
170 return $name;
171 }
172
173 function get_assurer_ranking($userid,&$num_of_assurances,&$rank_of_assurer)
174 {
175 $num_of_assurances = get_number_of_assurances (intval($userid));
176 $rank_of_assurer = get_top_assurer_position($num_of_assurances);
177 }
178
179 function get_assuree_ranking($userid,&$num_of_assurees,&$rank_of_assuree)
180 {
181 $num_of_assurees = get_number_of_assurees (intval($userid));
182 $rank_of_assuree = get_top_assuree_position($num_of_assurees);
183 }
184
185
186 // ************* html table definitions ******************
187
188 function output_ranking($userid)
189 {
190 get_assurer_ranking($userid,$num_of_assurances,$rank_of_assurer);
191 get_assuree_ranking($userid,$num_of_assurees,$rank_of_assuree);
192
193 ?>
194 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
195 <tr>
196 <td class="title"><?=_("Assurer Ranking")?></td>
197 </tr>
198 <tr>
199 <td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($num_of_assurances), intval($rank_of_assurer) )?></td>
200 </tr>
201 <tr>
202 <td class="DataTD"><?=sprintf(_("You have received %s assurances which ranks you as the #%s top assuree."), intval($num_of_assurees), intval($rank_of_assuree) )?></td>
203 </tr>
204 </table>
205 <br/>
206 <?
207 }
208
209 function output_assurances_header($title)
210 {
211 ?>
212 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
213 <tr>
214 <td colspan="7" class="title"><?=$title?></td>
215 </tr>
216 <tr>
217 <td class="DataTD"><strong><?=_("ID")?></strong></td>
218 <td class="DataTD"><strong><?=_("Date")?></strong></td>
219 <td class="DataTD"><strong><?=_("Who")?></strong></td>
220 <td class="DataTD"><strong><?=_("Points")?></strong></td>
221 <td class="DataTD"><strong><?=_("Location")?></strong></td>
222 <td class="DataTD"><strong><?=_("Method")?></strong></td>
223 <td class="DataTD"><strong><?=_("Experience Points")?></strong></td>
224 </tr>
225 <?
226 }
227
228 function output_assurances_footer($points_txt,$points,$experience_txt,$sumexperience)
229 {
230 ?>
231 <tr>
232 <td class="DataTD" colspan="3"><strong><?=$points_txt?>:</strong></td>
233 <td class="DataTD"><?=$points?></td>
234 <td class="DataTD">&nbsp;</td>
235 <td class="DataTD"><strong><?=$experience_txt?>:</strong></td>
236 <td class="DataTD"><?=$sumexperience?></td>
237 </tr>
238 </table>
239 <br/>
240 <?
241 }
242
243 function output_assurances_row($assuranceid,$date,$when,$name,$awarded,$points,$location,$method,$experience)
244 {
245
246 $tdstyle="";
247 $emopen="";
248 $emclose="";
249
250 if ($awarded == $points)
251 {
252 if ($awarded == "0")
253 {
254 if ($when < "2006-09-01")
255 {
256 $tdstyle="style='background-color: #ffff80'";
257 $emopen="<em>";
258 $emclose="</em>";
259 }
260 }
261 }
262
263 ?>
264 <tr>
265 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$assuranceid?><?=$emclose?></td>
266 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$date?><?=$emclose?></td>
267 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td>
268 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$awarded?><?=$emclose?></td>
269 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$location?><?=$emclose?></td>
270 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td>
271 <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?><?=$emclose?></td>
272 </tr>
273 <?
274 }
275
276 function output_summary_header()
277 {
278 ?>
279 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
280 <tr>
281 <td colspan="4" class="title"><?=_("Summary of your Points")?></td>
282 </tr>
283 <tr>
284 <td class="DataTD"><strong><?=_("Description")?></strong></td>
285 <td class="DataTD"><strong><?=_("Points")?></strong></td>
286 <td class="DataTD"><strong><?=_("Countable Points")?></strong></td>
287 <td class="DataTD"><strong><?=_("Remark")?></strong></td>
288 </tr>
289 <?
290 }
291
292 function output_summary_footer()
293 {
294 ?>
295 </table>
296 <br/>
297 <?
298 }
299
300 function output_summary_row($title,$points,$points_countable,$remark)
301 {
302 ?>
303 <tr>
304 <td class="DataTD"><strong><?=$title?></strong></td>
305 <td class="DataTD"><?=$points?></td>
306 <td class="DataTD"><?=$points_countable?></td>
307 <td class="DataTD"><?=$remark?></td>
308 </tr>
309 <?
310 }
311
312
313 // ************* output given assurances ******************
314
315 function output_given_assurances_content($userid,&$points,&$sum_experience)
316 {
317 $points = 0;
318 $sumexperience = 0;
319 $res = get_given_assurances(intval($userid));
320 while($row = mysql_fetch_assoc($res))
321 {
322 $fromuser = get_user (intval($row['to']));
323 $apoints = calc_experience ($row,$points,$experience,$sum_experience);
324 $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['to']));
325 output_assurances_row (intval($row['id']),$row['date'],$row['when'],$name,$apoints,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience);
326 }
327 }
328
329 // ************* output received assurances ******************
330
331 function output_received_assurances_content($userid,&$points,&$sum_experience)
332 {
333 $points = 0;
334 $sumexperience = 0;
335 $res = get_received_assurances(intval($userid));
336 while($row = mysql_fetch_assoc($res))
337 {
338 $fromuser = get_user (intval($row['from']));
339 calc_assurances ($row,$points,$experience,$sum_experience,$awarded);
340 $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['from']));
341 output_assurances_row (intval($row['id']),$row['date'],$row['when'],$name,$awarded,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience);
342 }
343 }
344
345 // ************* output summary table ******************
346
347 function check_date_limit ($userid,$age)
348 {
349 $dob = date("Y-m-d", mktime(0,0,0,date("m"),date("d"),date("Y")-$age));
350 $res = query_init ("select id from `users` where `id`='".$userid."' and `dob` < '$dob'");
351 return intval(query_get_number_of_rows($res));
352 }
353
354 function calc_points($row)
355 {
356 $awarded = intval($row['awarded']);
357 if ($awarded == "")
358 $awarded = 0;
359 if (intval($row['points']) < $awarded)
360 $points = $awarded; // if 'sum of added points' > 100, awarded shows correct value
361 else
362 $points = intval($row['points']); // on very old assurances, awarded is '0' instead of correct value
363 switch ($row['method'])
364 {
365 case 'Thawte Points Transfer': // revoke all Thawte-points (as per arbitration)
366 case 'CT Magazine - Germany': // revoke c't (only one test-entry)
367 case 'Temporary Increase': // revoke 'temporary increase' (Current usage breaks audit aspects, needs to be reimplemented)
368 $points = 0;
369 break;
370 case 'Administrative Increase': // ignore AI with 2 points or less (historical for experiance points, now other calculation)
371 if ($points <= 2) // maybe limit to 35/50 pts in the future?
372 $points = 0;
373 break;
374 case 'Unknown': // to be revoked in the future? limit to max 50 pts?
375 case 'Trusted Third Parties': // to be revoked in the future? limit to max 35 pts?
376 case 'TTP-Assisted': // TTP assurances, limit to 35
377 case 'TOPUP': // TOPUP to be delevoped in the future, limit to 30
378 case '': // to be revoked in the future? limit to max 50 pts?
379 case 'Face to Face Meeting': // normal assurances, limit to 35/50 pts in the future?
380 break;
381 default: // should never happen ... ;-)
382 $points = 0;
383 }
384 if ($points < 0) // ignore negative points (bug needs to be fixed)
385 $points = 0;
386 return $points;
387 }
388
389 function max_points($userid)
390 {
391 return output_summary_content ($userid,0);
392 }
393
394 function output_summary_content($userid,$display_output)
395 {
396 $sum_points = 0;
397 $sum_experience = 0;
398 $sum_experience_other = 0;
399 $max_points = 100;
400 $max_experience = 50;
401
402 $experience_limit_reached_txt = _("Limit reached");
403
404 if (check_date_limit($userid,18) != 1)
405 {
406 $max_experience = 10;
407 $experience_limit_reached_txt = _("Limit given by PoJAM reached");
408 }
409 if (check_date_limit($userid,14) != 1)
410 {
411 $max_experience = 0;
412 $experience_limit_reached_txt = _("Limit given by PoJAM reached");
413 }
414
415 $res = get_received_assurances_summary($userid);
416 while($row = mysql_fetch_assoc($res))
417 {
418 $points = calc_points ($row);
419
420 if ($points > $max_points) // limit to 100 points, above is experience (needs to be fixed)
421 {
422 $sum_experience_other = $sum_experience_other+($points-$max_points)*intval($row['number']);
423 $points = $max_points;
424 }
425 $sum_points += $points*intval($row['number']);
426 }
427
428 $res = get_given_assurances_summary($userid);
429 while($row = mysql_fetch_assoc($res))
430 {
431 switch ($row['method'])
432 {
433 case 'Face to Face Meeting': // count Face to Face only
434 $sum_experience += 2*intval($row['number']);
435 break;
436 }
437
438 }
439
440 if ($sum_points > $max_points)
441 {
442 $sum_points_countable = $max_points;
443 $remark_points = _("Limit reached");
444 }
445 else
446 {
447 $sum_points_countable = $sum_points;
448 $remark_points = "&nbsp;";
449 }
450 if ($sum_experience > $max_experience)
451 {
452 $sum_experience_countable = $max_experience;
453 $remark_experience = $experience_limit_reached_txt;
454 }
455 else
456 {
457 $sum_experience_countable = $sum_experience;
458 $remark_experience = "&nbsp;";
459 }
460
461 if ($sum_experience_countable + $sum_experience_other > $max_experience)
462 {
463 $sum_experience_other_countable = $max_experience-$sum_experience_countable;
464 $remark_experience_other = $experience_limit_reached_txt;
465 }
466 else
467 {
468 $sum_experience_other_countable = $sum_experience_other;
469 $remark_experience_other = "&nbsp;";
470 }
471
472 if ($sum_points_countable < $max_points)
473 {
474 if ($sum_experience_countable != 0)
475 $remark_experience = _("Points on hold due to less assurance points");
476 $sum_experience_countable = 0;
477 if ($sum_experience_other_countable != 0)
478 $remark_experience_other = _("Points on hold due to less assurance points");
479 $sum_experience_other_countable = 0;
480 }
481
482 $issue_points = 0;
483 $cats_test_passed = get_cats_state ($userid);
484 if ($cats_test_passed == 0)
485 {
486 $issue_points_txt = "<strong style='color: red'>"._("You have to pass the CAcert Assurer Challenge (CATS-Test) to be an Assurer")."</strong>";
487 if ($sum_points_countable < $max_points)
488 {
489 $issue_points_txt = "<strong style='color: red'>";
490 $issue_points_txt .= sprintf(_("You need %s assurance points and the passed CATS-Test to be an Assurer"), intval($max_points));
491 $issue_points_txt .= "</strong>";
492 }
493 }
494 else
495 {
496 $experience_total = $sum_experience_countable+$sum_experience_other_countable;
497 $issue_points_txt = "";
498 if ($sum_points_countable == $max_points)
499 $issue_points = 10;
500 if ($experience_total >= 10)
501 $issue_points = 15;
502 if ($experience_total >= 20)
503 $issue_points = 20;
504 if ($experience_total >= 30)
505 $issue_points = 25;
506 if ($experience_total >= 40)
507 $issue_points = 30;
508 if ($experience_total >= 50)
509 $issue_points = 35;
510 if ($issue_points != 0)
511 $issue_points_txt = sprintf(_("You may issue up to %s points"),$issue_points);
512 }
513 if ($display_output)
514 {
515 output_summary_row (_("Assurance Points you received"),$sum_points,$sum_points_countable,$remark_points);
516 output_summary_row (_("Total Experience Points by Assurance"),$sum_experience,$sum_experience_countable,$remark_experience);
517 output_summary_row (_("Total Experience Points (other ways)"),$sum_experience_other,$sum_experience_other_countable,$remark_experience_other);
518 output_summary_row (_("Total Points"),"&nbsp;",$sum_points_countable + $sum_experience_countable + $sum_experience_other_countable,$issue_points_txt);
519 }
520 return $issue_points;
521 }
522
523 function output_given_assurances($userid)
524 {
525 output_assurances_header(_("Assurance Points You Issued"));
526 output_given_assurances_content($userid,$points,$sum_experience);
527 output_assurances_footer(_("Total Points Issued"),$points,_("Total Experience Points"),$sum_experience);
528 }
529
530 function output_received_assurances($userid)
531 {
532 output_assurances_header(_("Your Assurance Points"));
533 output_received_assurances_content($userid,$points,$sum_experience);
534 output_assurances_footer(_("Total Assurance Points"),$points,_("Total Experience Points"),$sum_experience);
535 }
536
537 function output_summary($userid)
538 {
539 output_summary_header();
540 output_summary_content($userid,1);
541 output_summary_footer();
542 }
543
544 function output_end_of_page()
545 {
546 ?>
547 <p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p>
548 <?
549 }
550
551 // functions for 6.php (assure somebody)
552
553 function AssureHead($confirmation,$checkname)
554 {
555 ?>
556 <form method="post" action="wot.php">
557 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="600">
558 <tr>
559 <td colspan="2" class="title"><?=$confirmation?></td>
560 </tr>
561 <tr>
562 <td class="DataTD" colspan="2" align="left"><?=$checkname?></td>
563 </tr>
564 <?
565 }
566
567 function AssureTextLine($field1,$field2)
568 {
569 ?>
570 <tr>
571 <td class="DataTD"><?=$field1?>:</td>
572 <td class="DataTD"><?=$field2?></td>
573 </tr>
574 <?
575 }
576
577 function AssureCCABoxLine($type,$text)
578 {
579 return;
580 AssureBoxLine($type,$text);
581 }
582
583 function AssureBoxLine($type,$text,$checked)
584 {
585 ?>
586 <tr>
587 <td class="DataTD"><input type="checkbox" name="<?=$type?>" value="1" <?=$checked?"checked":""?>></td>
588 <td class="DataTD"><?=$text?></td>
589 </tr>
590 <?
591 }
592
593 function AssureMethodLine($text,$methods,$remark)
594 {
595 if (count($methods) != 1)
596 {
597 ?>
598 <tr>
599 <td class="DataTD"><?=$text?></td>
600 <td class="DataTD">
601 <select name="method">
602 <?
603 foreach($methods as $val) { ?>
604 <option value="<?=$val?>"> <?=$val?></option>
605
606 <? } ?>
607 </select>
608 </br><?=$remark?>
609 </td>
610 </tr>
611 <?
612 } else {
613 ?>
614 <input type="hidden" name="<?=$val?>" value="<?=$methods[0]?>">
615 <?
616 }
617 }
618
619 function AssureInboxLine($type,$field,$value,$description)
620 {
621 ?>
622 <tr>
623 <td class="DataTD"><?=$field?>:</td>
624 <td class="DataTD"><input type="text" name="<?=$type?>" value="<?=$value?>"><?=$description?></td>
625 </tr>
626 <?
627 }
628
629 function AssureFoot($oldid,$confirm)
630 {?>
631 <tr>
632 <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=$confirm?>"> <input type="submit" name="cancel" value="<?=_("Cancel")?>"></td>
633 </tr>
634 </table>
635 <input type="hidden" name="pagehash" value="<?=$_SESSION['_config']['wothash']?>">
636 <input type="hidden" name="oldid" value="<?=$oldid?>">
637 </form>
638 <?
639 }
640