07845db6a2dabe997dd35c0428dd7d1ef5a4500d
[cacert-devel.git] / www / wot.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */ ?>
18 <?
19 require_once("../includes/loggedin.php");
20 require_once("../includes/lib/l10n.php");
21
22
23 function show_page($target,$message,$error)
24 {
25 showheader(_("My CAcert.org Account!"));
26 if ($error != "")
27 $message=_("ERROR").": ".$error;
28 if ($message != "")
29 echo "<p><font color='orange' size='+1'>".$message."</font></p>";
30
31 switch ($target)
32 {
33 case '0':
34 case 'InfoPage': includeit(0, "wot");
35 break;
36 case '1':
37 case 'ListByCity': includeit(1, "wot");
38 break;
39 case '2':
40 case 'BecomeAssurer': includeit(2, "wot");
41 break;
42 case '3':
43 case 'TrustRules': includeit(3, "wot");
44 break;
45 case '4':
46 case 'ShowTTPInfo': includeit(4, "wot");
47 break;
48 case '5';
49 case 'EnterEmail': includeit(5, "wot");
50 break;
51 case '6':
52 case 'VerifyData': includeit(6, "wot");
53 break;
54 // case '7':
55 // case '???': includeit(7, "wot");
56 // break;
57 case '8':
58 case 'EnterMyInfo': includeit(8, "wot");
59 break;
60 case '9':
61 case 'ContactAssurer': includeit(9, "wot");
62 break;
63 case '10':
64 case 'MyPointsOld': includeit(10, "wot");
65 break;
66 // case '11':
67 // case 'OAInfo': includeit(11, "wot");
68 // break;
69 case '12':
70 case 'SearchAssurer': includeit(12, "wot");
71 break;
72 case '13':
73 case 'EnterMyCity': includeit(13, "wot");
74 break;
75 // case '14':
76 // case 'EnterEmail': includeit(14, "wot");
77 // break;
78 case '15':
79 case 'MyPointsNew': includeit(15, "wot");
80 break;
81 }
82
83 showfooter();
84 }
85
86 function send_reminder()
87 {
88 $body = "";
89 $my_translation = L10n::get_translation();
90
91 $_SESSION['_config']['reminder-lang'] = $_POST['reminder-lang'];
92
93 $reminder_translations[] = $_POST['reminder-lang'];
94 if ( !in_array("en", $reminder_translations, $strict=true) ) {
95 $reminder_translations[] = "en";
96 }
97
98 foreach ($reminder_translations as $translation) {
99 L10n::set_translation($translation);
100
101 $body .= L10n::$translations[$translation].":\n\n";
102 $body .= sprintf(_("This is a short reminder that you filled out forms to become trusted with CAcert.org, and %s has attempted to issue you points. Please create your account at %s as soon as possible and then notify %s so that the points can be issued."), $_SESSION['profile']['fname']." (".$_SESSION['profile']['email'].")", "http://www.cacert.org", $_SESSION['profile']['fname'])."\n\n";
103 $body .= _("Best regards")."\n";
104 $body .= _("CAcert Support Team")."\n\n";
105 }
106
107 L10n::set_translation($reminder_translations[0]); // for the subject
108 sendmail($_POST['email'], "[CAcert.org] "._("Reminder Notice"), $body, $_SESSION['profile']['email'], "", "", $_SESSION['profile']['fname']);
109
110 L10n::set_translation($my_translation);
111
112 $_SESSION['_config']['remindersent'] = 1;
113 $_SESSION['_config']['error'] = _("A reminder notice has been sent.");
114 }
115
116
117
118
119 loadem("account");
120 if(array_key_exists('date',$_POST) && $_POST['date'] != "")
121 $_SESSION['_config']['date'] = $_POST['date'];
122
123 if(array_key_exists('location',$_POST) && $_POST['location'] != "")
124 $_SESSION['_config']['location'] = $_POST['location'];
125
126 $oldid=array_key_exists('oldid',$_REQUEST)?intval($_REQUEST['oldid']):0;
127
128 if($oldid == 12)
129 $id = $oldid;
130
131 if($oldid == 4)
132 {
133 $my_translation = L10n::get_translation();
134 L10n::set_translation($_SESSION['_config']['notarise']['language']);
135 if ($_POST['ttp']!='') {
136 //This mail does not need to be translated
137 $body = "Hi TTP adminstrators,\n\n";
138 $body .= "User ".$_SESSION['profile']['fname']." ". $_SESSION['profile']['lname']." with email address: ".$_SESSION['profile']['email']." is requesting a TTP assurances for ".mysql_escape_string(stripslashes($_POST['country'])).".\n\n"";
139 if ($_POST['ttptopup']=='1') {
140 $body .= "The user is requesting also the TTP TOPUP.\n\n";
141 }else{
142 $body .= "The user is NOT requesting the TTP TOPUP.\n\n";
143 }
144 $body .= "The user received ".(int)$_SESSION['profile']['points']." assurance points up today.\n\n";
145 $body .= "Please start the TTP assurance process.";
146 sendmail("support@cacert.org", "[CAcert.org] "._("TTP request."), $body, "support@cacert.org", "", "", "CAcert Website");
147
148 //This mail needs to be translated
149 L10n::set_translation($my_translation);
150
151 $body =_("You are receiving this email because you asked for TTP assurance.")."\n\n";
152 if ($_POST['ttptopup']=='1') {
153 $body .=_("You are requesting the TTP TOPUP.")."\n\n";
154 }else{
155 $body .=_("You are NOT requesting the TTP TOPUP.")."\n\n";
156 }
157 $body .= _("Best regards")."\n";
158 $body .= _("CAcert Support Team");
159
160 sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("You requested TTP assurances"), $body, "support@cacert.org", "", "", "CAcert Support");
161
162 }
163
164 }
165
166 if(($id == 5 || $oldid == 5 || $id == 6 || $oldid == 6))
167 if (!is_assurer($_SESSION['profile']['id']))
168 {
169 show_page ("Exit","",get_assurer_reason($_SESSION['profile']['id']));
170 exit;
171 }
172
173 if($oldid == 6 && intval($_SESSION['_config']['notarise']['id']) <= 0)
174 {
175 show_page ("EnterEmail","",_("Something went wrong. Please enter the email address again"));
176 exit;
177 }
178 if($oldid == 5 && array_key_exists('reminder',$_POST) && $_POST['reminder'] != "")
179 {
180 send_reminder();
181 show_page ("EnterEmail",_("A reminder notice has been sent."),"");
182 exit;
183 }
184
185 if($oldid == 5)
186 {
187 $query = "select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' and `deleted`=0";
188 $res = mysql_query($query);
189 if(mysql_num_rows($res) != 1)
190 {
191 $_SESSION['_config']['noemailfound'] = 1;
192 show_page("EnterEmail","",_("I'm sorry, there was no email matching what you entered in the system. Please double check your information."));
193 exit;
194 } else
195 {
196 $_SESSION['_config']['noemailfound'] = 0;
197 $_SESSION['_config']['notarise'] = mysql_fetch_assoc($res);
198 if ($_SESSION['_config']['notarise']['verified'] == 0)
199 {
200 show_page("EnterEmail","",_("User is not yet verified. Please try again in 24 hours!"));
201 exit;
202 }
203 }
204 }
205
206 if($oldid == 5 || $oldid == 6)
207 {
208 $id=6;
209 // $oldid=0;
210 if(array_key_exists('cancel',$_REQUEST) && $_REQUEST['cancel'] != "")
211 {
212 show_page("EnterEmail","","");
213 exit;
214 }
215 if($_SESSION['_config']['notarise']['id'] == $_SESSION['profile']['id'])
216 {
217 show_page("EnterEmail","",_("You are never allowed to Assure yourself!"));
218 exit;
219 }
220
221 $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' and
222 `to`='".$_SESSION['_config']['notarise']['id']."'";
223 $res = mysql_query($query);
224 if(mysql_num_rows($res) > 0)
225 {
226 show_page("EnterEmail","",_("You are only allowed to Assure someone once!"));
227 exit;
228 }
229 }
230
231 if($oldid == 6)
232 {
233 $iecho= "c";
234 if(!array_key_exists('assertion',$_POST) || $_POST['assertion'] != 1)
235 {
236 show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
237 exit;
238 }
239
240 /* if(!array_key_exists('rules',$_POST) || $_POST['rules'] != 1)
241 {
242 show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
243 exit;
244 }
245 */
246
247 if((!array_key_exists('certify',$_POST) || $_POST['certify'] != 1 ) && $_SESSION['profile']['ttpadmin'] != 1)
248 {
249 show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
250 exit;
251 }
252
253 if($_SESSION['profile']['ttpadmin'] != 1 && $_POST['location'] == "")
254 {
255 show_page("VerifyData","",_("You failed to enter a location of your meeting."));
256 exit;
257 }
258
259 if($_REQUEST['points'] == "")
260 {
261 show_page("VerifyData","",_("You must enter the number of points you wish to allocate to this person."));
262 exit;
263 }
264
265 $query = "select * from `users` where `id`='".$_SESSION['_config']['notarise']['id']."'";
266 $res = mysql_query($query);
267 $row = mysql_fetch_assoc($res);
268 $name = $row['fname']." ".$row['mname']." ".$row['lname']." ".$row['suffix'];
269 if($_SESSION['_config']['wothash'] != md5($name."-".$row['dob']) || $_SESSION['_config']['wothash'] != $_REQUEST['pagehash'])
270 {
271 show_page("VerifyData","",_("Race condition discovered, user altered details during assurance procedure. PLEASE MAKE SURE THE NEW DETAILS BELOW MATCH THE ID DOCUMENTS."));
272 exit;
273 }
274 }
275
276
277 if($oldid == 6)
278 {
279 $max = maxpoints();
280
281 $awarded = $newpoints = intval($_POST['points']);
282 if($newpoints > $max)
283 $newpoints = $awarded = $max;
284 if($newpoints < 0)
285 $newpoints = $awarded = 0;
286
287 $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`";
288 $res = mysql_query($query);
289 $drow = mysql_fetch_assoc($res);
290
291 $_POST['expire'] = 0;
292
293 if(($drow['total'] + $newpoints) > 100 && $max < 100)
294 $newpoints = 100 - $drow['total'];
295 if(($drow['total'] + $newpoints) > $max && $max >= 100)
296 $newpoints = $max - $drow['total'];
297 if($newpoints < 0)
298 $newpoints = 0;
299
300 if(mysql_escape_string(stripslashes($_POST['date'])) == "")
301 $_POST['date'] = date("Y-m-d H:i:s");
302
303 $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' AND
304 `to`='".$_SESSION['_config']['notarise']['id']."' AND
305 `awarded`='$awarded' AND
306 `location`='".mysql_escape_string(stripslashes($_POST['location']))."' AND
307 `date`='".mysql_escape_string(stripslashes($_POST['date']))."'";
308 $res = mysql_query($query);
309 if(mysql_num_rows($res) > 0)
310 {
311 show_page("VerifyEmail","",_("Identical Assurance attempted, will not continue."));
312 exit;
313 }
314 }
315
316 if($oldid == 6)
317 {
318 $query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
319 `to`='".$_SESSION['_config']['notarise']['id']."',
320 `points`='$newpoints', `awarded`='$awarded',
321 `location`='".mysql_escape_string(stripslashes($_POST['location']))."',
322 `date`='".mysql_escape_string(stripslashes($_POST['date']))."',
323 `when`=NOW()";
324 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
325 {
326 $query .= ",\n`method`='Temporary Increase'";
327 $query .= ",\n`expire`=DATE_ADD(NOW(), INTERVAL '".intval($_POST['expire'])."' DAY)";
328 $query .= ",\n`sponsor`='".intval($_POST['sponsor'])."'";
329 } else if($_SESSION['profile']['board'] == 1) {
330 $query .= ",\n`method`='".mysql_escape_string(stripslashes($_POST['method']))."'";
331 } else if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) {
332 $query .= ",\n`method`='Trusted Third Parties'";
333 }
334 mysql_query($query);
335 fix_assurer_flag($_SESSION['_config']['notarise']['id']);
336
337 if($_SESSION['profile']['points'] < 150)
338 {
339 $addpoints = 0;
340 if($_SESSION['profile']['points'] < 149 && $_SESSION['profile']['points'] >= 100)
341 $addpoints = 2;
342 else if($_SESSION['profile']['points'] == 149 && $_SESSION['profile']['points'] >= 100)
343 $addpoints = 1;
344 $query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
345 `to`='".$_SESSION['profile']['id']."',
346 `points`='$addpoints', `awarded`='$addpoints',
347 `location`='".mysql_escape_string(stripslashes($_POST['location']))."',
348 `date`='".mysql_escape_string(stripslashes($_POST['date']))."',
349 `method`='Administrative Increase',
350 `when`=NOW()";
351 mysql_query($query);
352 // No need to fix_assurer_flag here, this should only happen for assurers...
353 $_SESSION['profile']['points'] += $addpoints;
354 }
355
356 $my_translation = L10n::get_translation();
357 L10n::set_translation($_SESSION['_config']['notarise']['language']);
358
359 $body = sprintf(_("You are receiving this email because you have been assured by %s %s (%s)."), $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'])."\n\n";
360 if($_POST['points'] != $newpoints)
361 $body .= sprintf(_("You were issued %s points however the system has rounded this down to %s and you now have %s points in total."), $_POST['points'], $newpoints, ($newpoints + $drow['total']))."\n\n";
362 else
363 $body .= sprintf(_("You were issued %s points and you now have %s points in total."), $newpoints, ($newpoints + $drow['total']))."\n\n";
364
365 if(($drow['total'] + $newpoints) < 100 && ($drow['total'] + $newpoints) >= 50)
366 {
367 $body .= _("You now have over 50 points, and can now have your name added to client certificates, and issue server certificates for up to 2 years.")."\n\n";
368 }
369
370 if(($drow['total'] + $newpoints) >= 100 && $newpoints > 0)
371 {
372 // $body .= _("You now have over 100 points and can start assuring others.")."\n\n";
373 $body .= _("You have at least 100 Assurance Points, if you want to become an assurer try the")." ";
374 $body .= _("Assurer Challenge")." ( https://cats.cacert.org )\n\n";
375 $body .= _("To make it easier for others in your area to find you, it's helpful to list yourself as an assurer (this is voluntary), as well as a physical location where you live or work the most. You can flag your account to be listed, and add a comment to the display by going to:")."\n\n";
376 $body .= "https://www.cacert.org/wot.php?id=8\n\n";
377 $body .= _("You can list your location by going to:")."\n\n";
378 $body .= "https://www.cacert.org/wot.php?id=13\n\n";
379 }
380
381 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
382 $body .= sprintf(_("Please Note: this is a temporary increase for %s days only. After that time your points will be reduced to 150 points."), intval($_POST['expire']))."\n\n";
383
384 $body .= _("Best regards")."\n";
385 $body .= _("CAcert Support Team");
386
387 sendmail($_SESSION['_config']['notarise']['email'], "[CAcert.org] "._("You've been Assured."), $body, "support@cacert.org", "", "", "CAcert Website");
388
389 L10n::set_translation($my_translation);
390
391 $body = sprintf(_("You are receiving this email because you have assured %s %s (%s)."), $_SESSION['_config']['notarise']['fname'], $_SESSION['_config']['notarise']['lname'], $_SESSION['_config']['notarise']['email'])."\n\n";
392 if($_POST['points'] != $newpoints)
393 $body .= sprintf(_("You issued %s points however the system has rounded this down to %s and they now have %s points in total."), $_POST['points'], $newpoints, ($newpoints + $drow['total']))."\n\n";
394 else
395 $body .= sprintf(_("You issued %s points and they now have %s points in total."), $newpoints, ($newpoints + $drow['total']))."\n\n";
396
397 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
398 $body .= sprintf(_("Please Note: this is a temporary increase for %s days only. After that time their points will be reduced to 150 points."), intval($_POST['expire']))."\n\n";
399 $body .= _("Best regards")."\n";
400 $body .= _("CAcert Support Team");
401
402 sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("You've Assured Another Member."), $body, "support@cacert.org", "", "", "CAcert Support");
403
404 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
405 {
406 $body = sprintf("%s %s (%s) has issued a temporary increase to 200 points for %s %s (%s) for %s days. This action was sponsored by %s %s (%s).", $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'], $_SESSION['_config']['notarise']['fname'], $_SESSION['_config']['notarise']['lname'], $_SESSION['_config']['notarise']['email'], intval($_POST['expire']), $sponsor['fname'], $sponsor['lname'], $sponsor['email'])."\n\n";
407
408 sendmail("cacert-board@lists.cacert.org", "[CAcert.org] Temporary Increase Issued.", $body, "website@cacert.org", "", "", "CAcert Website");
409 }
410
411 showheader(_("My CAcert.org Account!"));
412 echo "<p>"._("Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this.")."</p>";
413 ?><form method="post" action="wot.php">
414 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
415 <tr>
416 <td colspan="2" class="title"><?=_("Assure Someone")?></td>
417 </tr>
418 <tr>
419 <td class="DataTD"><?=_("Email")?>:</td>
420 <td class="DataTD"><input type="text" name="email" id="email" value=""></td>
421 </tr>
422 <tr>
423 <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
424 </tr>
425 </table>
426 <input type="hidden" name="oldid" value="5">
427 </form>
428 <SCRIPT LANGUAGE="JavaScript">
429 //<![CDATA[
430 function my_init()
431 {
432 document.getElementById("email").focus();
433 }
434
435 window.onload = my_init();
436 //]]>
437 </script>
438 <?
439 showfooter();
440 exit;
441 }
442
443 if($oldid == 8)
444 {
445 csrf_check("chgcontact");
446
447 $info = mysql_escape_string(strip_tags(stripslashes($_POST['contactinfo'])));
448 $listme = intval($_POST['listme']);
449 if($listme < 0 || $listme > 1)
450 $listme = 0;
451
452 $_SESSION['profile']['listme'] = $listme;
453 $_SESSION['profile']['contactinfo'] = $info;
454
455 $query = "update `users` set `listme`='$listme',`contactinfo`='$info' where `id`='".$_SESSION['profile']['id']."'";
456 mysql_query($query);
457
458 showheader(_("My CAcert.org Account!"));
459 echo "<p>"._("Your account information has been updated.")."</p>";
460 showfooter();
461 exit;
462 }
463
464 if($oldid == 9 && $_REQUEST['userid'] > 0 && $_SESSION['profile']['id'] > 0)
465 {
466 if($_SESSION['_config']['pagehash'] != $_REQUEST['pageid'])
467 {
468 $oldid=0;
469 $id = 9;
470 show_page("ContactAssurer","",_("It looks like you were trying to contact multiple people, this isn't allowed due to data security reasons."));
471 exit;
472 } else {
473 $body = $_REQUEST['message'];
474 $subject = $_REQUEST['subject'];
475 $userid = intval($_REQUEST['userid']);
476 $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$userid' and `listme`=1"));
477 $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
478 where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0"));
479 if($points > 0)
480 {
481 $my_translation = L10n::get_translation();
482 L10n::set_translation($user['language']);
483
484 $subject = "[CAcert.org] ".sprintf(_("Message from %s"),
485 $_SESSION['profile']['fname']);
486
487 $body = sprintf(_("Hi %s,"), $user['fname'])."\n\n";
488 $body .= sprintf(_("%s %s has sent you a message via the ".
489 "contact an Assurer form on CAcert.org."),
490 $_SESSION['profile']['fname'],
491 $_SESSION['profile']['lname'])."\n\n";
492 $body .= sprintf(_("Subject: %s"), $_REQUEST['subject'])."\n";
493 $body .= _("Message:")."\n";
494 $body .= $_REQUEST['message']."\n\n";
495 $body .= "------------------------------------------------\n\n";
496 $body .= _("Please note, that this is NOT a message on behalf ".
497 "of CAcert but another CAcert community member. If ".
498 "you suspect that the contact form might have been ".
499 "abused, please write to support@cacert.org")."\n\n";
500 $body .= _("Best regards")."\n";
501 $body .= _("Your CAcert Community");
502
503 sendmail($user['email'], $subject, $body,
504 $_SESSION['profile']['email'], //from
505 "", //replyto
506 "", //toname
507 $_SESSION['profile']['fname']." ".
508 $_SESSION['profile']['lname']); //fromname
509
510 L10n::set_translation($my_translation);
511
512 showheader(_("My CAcert.org Account!"));?>
513 <p>
514 <? printf(_("Your email has been sent to %s."), $user['fname']); ?>
515 </p>
516 <p>[ <a href='javascript:history.go(-2)'><?= _("Go Back") ?></a> ]</p>
517 <?
518 showfooter();
519 exit;
520 } else {
521 show_page(0,"",_("Sorry, I was unable to locate that user."));
522 exit;
523 }
524
525 }
526 }
527 if($oldid == 9)
528 {
529 $oldid=0;
530 $id = 9;
531 show_page("ContactAssurer","",_("There was an error and I couldn't proceed"));
532 exit;
533 }
534
535 // showheader(_("My CAcert.org Account!"));
536 // echo "ID now = ".$id."/".$oldid.">>".$iecho;
537 // includeit($id, "wot");
538 // showfooter();
539 show_page ($id,"","");
540 ?>