147b983bac42ecd8b244122ecb631cb813f78a0f
[cacert-devel.git] / www / wot.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */ ?>
18 <?
19 require_once("../includes/loggedin.php");
20 require_once("../includes/lib/l10n.php");
21
22
23 function show_page($target,$message,$error)
24 {
25 showheader(_("My CAcert.org Account!"));
26 if ($error != "")
27 $message=_("ERROR").": ".$error;
28 if ($message != "")
29 echo "<p><font color='orange' size='+1'>".$message."</font></p>";
30
31 switch ($target)
32 {
33 case '0':
34 case 'InfoPage': includeit(0, "wot");
35 break;
36 case '1':
37 case 'ListByCity': includeit(1, "wot");
38 break;
39 case '2':
40 case 'BecomeAssurer': includeit(2, "wot");
41 break;
42 case '3':
43 case 'TrustRules': includeit(3, "wot");
44 break;
45 case '4':
46 case 'ShowTTPInfo': includeit(4, "wot");
47 break;
48 case '5';
49 case 'EnterEmail': includeit(5, "wot");
50 break;
51 case '6':
52 case 'VerifyData': includeit(6, "wot");
53 break;
54 // case '7':
55 // case '???': includeit(7, "wot");
56 // break;
57 case '8':
58 case 'EnterMyInfo': includeit(8, "wot");
59 break;
60 case '9':
61 case 'ContactAssurer': includeit(9, "wot");
62 break;
63 case '10':
64 case 'MyPointsOld': includeit(10, "wot");
65 break;
66 // case '11':
67 // case 'OAInfo': includeit(11, "wot");
68 // break;
69 case '12':
70 case 'SearchAssurer': includeit(12, "wot");
71 break;
72 case '13':
73 case 'EnterMyCity': includeit(13, "wot");
74 break;
75 // case '14':
76 // case 'EnterEmail': includeit(14, "wot");
77 // break;
78 case '15':
79 case 'MyPointsNew': includeit(15, "wot");
80 break;
81 }
82
83 showfooter();
84 }
85
86 function send_reminder()
87 {
88 $body = "";
89 $my_translation = L10n::get_translation();
90
91 $_SESSION['_config']['reminder-lang'] = $_POST['reminder-lang'];
92
93 $reminder_translations[] = $_POST['reminder-lang'];
94 if ( !in_array("en", $reminder_translations, $strict=true) ) {
95 $reminder_translations[] = "en";
96 }
97
98 foreach ($reminder_translations as $translation) {
99 L10n::set_translation($translation);
100
101 $body .= L10n::$translations[$translation].":\n\n";
102 $body .= sprintf(_("This is a short reminder that you filled out forms to become trusted with CAcert.org, and %s has attempted to issue you points. Please create your account at %s as soon as possible and then notify %s so that the points can be issued."), $_SESSION['profile']['fname']." (".$_SESSION['profile']['email'].")", "http://www.cacert.org", $_SESSION['profile']['fname'])."\n\n";
103 $body .= _("Best regards")."\n";
104 $body .= _("CAcert Support Team")."\n\n";
105 }
106
107 L10n::set_translation($reminder_translations[0]); // for the subject
108 sendmail($_POST['email'], "[CAcert.org] "._("Reminder Notice"), $body, $_SESSION['profile']['email'], "", "", $_SESSION['profile']['fname']);
109
110 L10n::set_translation($my_translation);
111
112 $_SESSION['_config']['remindersent'] = 1;
113 $_SESSION['_config']['error'] = _("A reminder notice has been sent.");
114 }
115
116
117
118
119 loadem("account");
120 if(array_key_exists('date',$_POST) && $_POST['date'] != "")
121 $_SESSION['_config']['date'] = $_POST['date'];
122
123 if(array_key_exists('location',$_POST) && $_POST['location'] != "")
124 $_SESSION['_config']['location'] = $_POST['location'];
125
126 $oldid=array_key_exists('oldid',$_REQUEST)?intval($_REQUEST['oldid']):0;
127
128 if($oldid == 12)
129 $id = $oldid;
130
131 if($oldid == 4)
132 {
133 $my_translation = L10n::get_translation();
134 L10n::set_translation($_SESSION['_config']['notarise']['language']);
135 if ($_POST['ttp']!='') {
136 //This mail does not need to be transalted
137 $body = "Hi TTP adminstrators \n\n ";
138 $body .= $_SESSION['profile']['fname']." ". $_SESSION['profile']['lname'].", ".$_SESSION['profile']['email']." is requesting a TTP assurances for ".mysql_escape_string(stripslashes($_POST['country'])).".";
139 if ($_POST['ttptopup']=='1') {
140 $body .= "The user is requesting also the TTP TOPUP.\n\n";
141 }else{
142 $body .= "The user is NOT requesting the TTP TOPUP.\n\n";
143 }
144 $body .= "The user received ".$_SESSION['profile']['points']." assurance points up today.\n\n";
145 $body .= "Please start the TTP assurance process.";
146 sendmail("support@cacert.org", "[CAcert.org] "._("TTP request."), $body, "support@cacert.org", "", "", "CAcert Website");
147
148 //This mail needs to be translated
149 L10n::set_translation($my_translation);
150
151 $body =_("You are receiving this email because you asked for TTP assurance.")."\n\n";
152 if ($_POST['ttptopup']=='1') {
153 $body .=_("You are requesting the TTP TOPUP.")."\n\n";
154 }else{
155 $body .=_("You are NOT requesting the TTP TOPUP.")."\n\n";
156 }
157 $body .= _("Best regards")."\n";
158 $body .= _("CAcert Support Team");
159
160 sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("You requested TTP assurances"), $body, "support@cacert.org", "", "", "CAcert Support");
161
162 }
163
164 if ($_POST['ttptopup']!='') {
165 //This mail does not need to be transalted
166 $body = "Hi TTP adminstrators \n\n ";
167 $body .= $_SESSION['profile']['fname']." ". $_SESSION['profile']['lname'].", ".$_SESSION['profile']['email']." is requesting a TTP TOPUP assurance.";
168 $body .="The user received ".$_SESSION['profile']['points']." assurance points up today.\n\n";
169 $body .="Please start the TTP TOPUP assurance process.";
170 sendmail("support@cacert.org", "[CAcert.org] "._("TTP TOPUP request."), $body, "support@cacert.org", "", "", "CAcert Website");
171
172 //This mail needs to be translated
173 L10n::set_translation($my_translation);
174
175 $body = _("You are receiving this email because you asked for TTP TOPUP assurance")."\n\n";
176 $body .= _("Best regards")."\n";
177 $body .= _("CAcert Support Team");
178
179 sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("You requested a TTP TOPUP assurance"), $body, "support@cacert.org", "", "", "CAcert Support");
180
181 }
182 }
183
184 if(($id == 5 || $oldid == 5 || $id == 6 || $oldid == 6))
185 if (!is_assurer($_SESSION['profile']['id']))
186 {
187 show_page ("Exit","",get_assurer_reason($_SESSION['profile']['id']));
188 exit;
189 }
190
191 if($oldid == 6 && intval($_SESSION['_config']['notarise']['id']) <= 0)
192 {
193 show_page ("EnterEmail","",_("Something went wrong. Please enter the email address again"));
194 exit;
195 }
196 if($oldid == 5 && array_key_exists('reminder',$_POST) && $_POST['reminder'] != "")
197 {
198 send_reminder();
199 show_page ("EnterEmail",_("A reminder notice has been sent."),"");
200 exit;
201 }
202
203 if($oldid == 5)
204 {
205 $query = "select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' and `deleted`=0";
206 $res = mysql_query($query);
207 if(mysql_num_rows($res) != 1)
208 {
209 $_SESSION['_config']['noemailfound'] = 1;
210 show_page("EnterEmail","",_("I'm sorry, there was no email matching what you entered in the system. Please double check your information."));
211 exit;
212 } else
213 {
214 $_SESSION['_config']['noemailfound'] = 0;
215 $_SESSION['_config']['notarise'] = mysql_fetch_assoc($res);
216 if ($_SESSION['_config']['notarise']['verified'] == 0)
217 {
218 show_page("EnterEmail","",_("User is not yet verified. Please try again in 24 hours!"));
219 exit;
220 }
221 }
222 }
223
224 if($oldid == 5 || $oldid == 6)
225 {
226 $id=6;
227 // $oldid=0;
228 if(array_key_exists('cancel',$_REQUEST) && $_REQUEST['cancel'] != "")
229 {
230 show_page("EnterEmail","","");
231 exit;
232 }
233 if($_SESSION['_config']['notarise']['id'] == $_SESSION['profile']['id'])
234 {
235 show_page("EnterEmail","",_("You are never allowed to Assure yourself!"));
236 exit;
237 }
238
239 $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' and
240 `to`='".$_SESSION['_config']['notarise']['id']."'";
241 $res = mysql_query($query);
242 if(mysql_num_rows($res) > 0)
243 {
244 show_page("EnterEmail","",_("You are only allowed to Assure someone once!"));
245 exit;
246 }
247 }
248
249 if($oldid == 6)
250 {
251 $iecho= "c";
252 if(!array_key_exists('assertion',$_POST) || $_POST['assertion'] != 1)
253 {
254 show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
255 exit;
256 }
257
258 /* if(!array_key_exists('rules',$_POST) || $_POST['rules'] != 1)
259 {
260 show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
261 exit;
262 }
263 */
264
265 if((!array_key_exists('certify',$_POST) || $_POST['certify'] != 1 ) && $_SESSION['profile']['ttpadmin'] != 1)
266 {
267 show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
268 exit;
269 }
270
271 if($_SESSION['profile']['ttpadmin'] != 1 && $_POST['location'] == "")
272 {
273 show_page("VerifyData","",_("You failed to enter a location of your meeting."));
274 exit;
275 }
276
277 if($_REQUEST['points'] == "")
278 {
279 show_page("VerifyData","",_("You must enter the number of points you wish to allocate to this person."));
280 exit;
281 }
282
283 $query = "select * from `users` where `id`='".$_SESSION['_config']['notarise']['id']."'";
284 $res = mysql_query($query);
285 $row = mysql_fetch_assoc($res);
286 $name = $row['fname']." ".$row['mname']." ".$row['lname']." ".$row['suffix'];
287 if($_SESSION['_config']['wothash'] != md5($name."-".$row['dob']) || $_SESSION['_config']['wothash'] != $_REQUEST['pagehash'])
288 {
289 show_page("VerifyData","",_("Race condition discovered, user altered details during assurance procedure. PLEASE MAKE SURE THE NEW DETAILS BELOW MATCH THE ID DOCUMENTS."));
290 exit;
291 }
292 }
293
294
295 if($oldid == 6)
296 {
297 $max = maxpoints();
298
299 $awarded = $newpoints = intval($_POST['points']);
300 if($newpoints > $max)
301 $newpoints = $awarded = $max;
302 if($newpoints < 0)
303 $newpoints = $awarded = 0;
304
305 $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`";
306 $res = mysql_query($query);
307 $drow = mysql_fetch_assoc($res);
308
309 $_POST['expire'] = 0;
310
311 if(($drow['total'] + $newpoints) > 100 && $max < 100)
312 $newpoints = 100 - $drow['total'];
313 if(($drow['total'] + $newpoints) > $max && $max >= 100)
314 $newpoints = $max - $drow['total'];
315 if($newpoints < 0)
316 $newpoints = 0;
317
318 if(mysql_escape_string(stripslashes($_POST['date'])) == "")
319 $_POST['date'] = date("Y-m-d H:i:s");
320
321 $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' AND
322 `to`='".$_SESSION['_config']['notarise']['id']."' AND
323 `awarded`='$awarded' AND
324 `location`='".mysql_escape_string(stripslashes($_POST['location']))."' AND
325 `date`='".mysql_escape_string(stripslashes($_POST['date']))."'";
326 $res = mysql_query($query);
327 if(mysql_num_rows($res) > 0)
328 {
329 show_page("VerifyEmail","",_("Identical Assurance attempted, will not continue."));
330 exit;
331 }
332 }
333
334 if($oldid == 6)
335 {
336 $query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
337 `to`='".$_SESSION['_config']['notarise']['id']."',
338 `points`='$newpoints', `awarded`='$awarded',
339 `location`='".mysql_escape_string(stripslashes($_POST['location']))."',
340 `date`='".mysql_escape_string(stripslashes($_POST['date']))."',
341 `when`=NOW()";
342 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
343 {
344 $query .= ",\n`method`='Temporary Increase'";
345 $query .= ",\n`expire`=DATE_ADD(NOW(), INTERVAL '".intval($_POST['expire'])."' DAY)";
346 $query .= ",\n`sponsor`='".intval($_POST['sponsor'])."'";
347 } else if($_SESSION['profile']['board'] == 1) {
348 $query .= ",\n`method`='".mysql_escape_string(stripslashes($_POST['method']))."'";
349 } else if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) {
350 $query .= ",\n`method`='Trusted Third Parties'";
351 }
352 mysql_query($query);
353 fix_assurer_flag($_SESSION['_config']['notarise']['id']);
354
355 if($_SESSION['profile']['points'] < 150)
356 {
357 $addpoints = 0;
358 if($_SESSION['profile']['points'] < 149 && $_SESSION['profile']['points'] >= 100)
359 $addpoints = 2;
360 else if($_SESSION['profile']['points'] == 149 && $_SESSION['profile']['points'] >= 100)
361 $addpoints = 1;
362 $query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
363 `to`='".$_SESSION['profile']['id']."',
364 `points`='$addpoints', `awarded`='$addpoints',
365 `location`='".mysql_escape_string(stripslashes($_POST['location']))."',
366 `date`='".mysql_escape_string(stripslashes($_POST['date']))."',
367 `method`='Administrative Increase',
368 `when`=NOW()";
369 mysql_query($query);
370 // No need to fix_assurer_flag here, this should only happen for assurers...
371 $_SESSION['profile']['points'] += $addpoints;
372 }
373
374 $my_translation = L10n::get_translation();
375 L10n::set_translation($_SESSION['_config']['notarise']['language']);
376
377 $body = sprintf(_("You are receiving this email because you have been assured by %s %s (%s)."), $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'])."\n\n";
378 if($_POST['points'] != $newpoints)
379 $body .= sprintf(_("You were issued %s points however the system has rounded this down to %s and you now have %s points in total."), $_POST['points'], $newpoints, ($newpoints + $drow['total']))."\n\n";
380 else
381 $body .= sprintf(_("You were issued %s points and you now have %s points in total."), $newpoints, ($newpoints + $drow['total']))."\n\n";
382
383 if(($drow['total'] + $newpoints) < 100 && ($drow['total'] + $newpoints) >= 50)
384 {
385 $body .= _("You now have over 50 points, and can now have your name added to client certificates, and issue server certificates for up to 2 years.")."\n\n";
386 }
387
388 if(($drow['total'] + $newpoints) >= 100 && $newpoints > 0)
389 {
390 // $body .= _("You now have over 100 points and can start assuring others.")."\n\n";
391 $body .= _("You have at least 100 Assurance Points, if you want to become an assurer try the")." ";
392 $body .= _("Assurer Challenge")." ( https://cats.cacert.org )\n\n";
393 $body .= _("To make it easier for others in your area to find you, it's helpful to list yourself as an assurer (this is voluntary), as well as a physical location where you live or work the most. You can flag your account to be listed, and add a comment to the display by going to:")."\n\n";
394 $body .= "https://www.cacert.org/wot.php?id=8\n\n";
395 $body .= _("You can list your location by going to:")."\n\n";
396 $body .= "https://www.cacert.org/wot.php?id=13\n\n";
397 }
398
399 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
400 $body .= sprintf(_("Please Note: this is a temporary increase for %s days only. After that time your points will be reduced to 150 points."), intval($_POST['expire']))."\n\n";
401
402 $body .= _("Best regards")."\n";
403 $body .= _("CAcert Support Team");
404
405 sendmail($_SESSION['_config']['notarise']['email'], "[CAcert.org] "._("You've been Assured."), $body, "support@cacert.org", "", "", "CAcert Website");
406
407 L10n::set_translation($my_translation);
408
409 $body = sprintf(_("You are receiving this email because you have assured %s %s (%s)."), $_SESSION['_config']['notarise']['fname'], $_SESSION['_config']['notarise']['lname'], $_SESSION['_config']['notarise']['email'])."\n\n";
410 if($_POST['points'] != $newpoints)
411 $body .= sprintf(_("You issued %s points however the system has rounded this down to %s and they now have %s points in total."), $_POST['points'], $newpoints, ($newpoints + $drow['total']))."\n\n";
412 else
413 $body .= sprintf(_("You issued %s points and they now have %s points in total."), $newpoints, ($newpoints + $drow['total']))."\n\n";
414
415 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
416 $body .= sprintf(_("Please Note: this is a temporary increase for %s days only. After that time their points will be reduced to 150 points."), intval($_POST['expire']))."\n\n";
417 $body .= _("Best regards")."\n";
418 $body .= _("CAcert Support Team");
419
420 sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("You've Assured Another Member."), $body, "support@cacert.org", "", "", "CAcert Support");
421
422 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
423 {
424 $body = sprintf("%s %s (%s) has issued a temporary increase to 200 points for %s %s (%s) for %s days. This action was sponsored by %s %s (%s).", $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'], $_SESSION['_config']['notarise']['fname'], $_SESSION['_config']['notarise']['lname'], $_SESSION['_config']['notarise']['email'], intval($_POST['expire']), $sponsor['fname'], $sponsor['lname'], $sponsor['email'])."\n\n";
425
426 sendmail("cacert-board@lists.cacert.org", "[CAcert.org] Temporary Increase Issued.", $body, "website@cacert.org", "", "", "CAcert Website");
427 }
428
429 showheader(_("My CAcert.org Account!"));
430 echo "<p>"._("Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this.")."</p>";
431 ?><form method="post" action="wot.php">
432 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
433 <tr>
434 <td colspan="2" class="title"><?=_("Assure Someone")?></td>
435 </tr>
436 <tr>
437 <td class="DataTD"><?=_("Email")?>:</td>
438 <td class="DataTD"><input type="text" name="email" id="email" value=""></td>
439 </tr>
440 <tr>
441 <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
442 </tr>
443 </table>
444 <input type="hidden" name="oldid" value="5">
445 </form>
446 <SCRIPT LANGUAGE="JavaScript">
447 //<![CDATA[
448 function my_init()
449 {
450 document.getElementById("email").focus();
451 }
452
453 window.onload = my_init();
454 //]]>
455 </script>
456 <?
457 showfooter();
458 exit;
459 }
460
461 if($oldid == 8)
462 {
463 csrf_check("chgcontact");
464
465 $info = mysql_escape_string(strip_tags(stripslashes($_POST['contactinfo'])));
466 $listme = intval($_POST['listme']);
467 if($listme < 0 || $listme > 1)
468 $listme = 0;
469
470 $_SESSION['profile']['listme'] = $listme;
471 $_SESSION['profile']['contactinfo'] = $info;
472
473 $query = "update `users` set `listme`='$listme',`contactinfo`='$info' where `id`='".$_SESSION['profile']['id']."'";
474 mysql_query($query);
475
476 showheader(_("My CAcert.org Account!"));
477 echo "<p>"._("Your account information has been updated.")."</p>";
478 showfooter();
479 exit;
480 }
481
482 if($oldid == 9 && $_REQUEST['userid'] > 0 && $_SESSION['profile']['id'] > 0)
483 {
484 if($_SESSION['_config']['pagehash'] != $_REQUEST['pageid'])
485 {
486 $oldid=0;
487 $id = 9;
488 show_page("ContactAssurer","",_("It looks like you were trying to contact multiple people, this isn't allowed due to data security reasons."));
489 exit;
490 } else {
491 $body = $_REQUEST['message'];
492 $subject = $_REQUEST['subject'];
493 $userid = intval($_REQUEST['userid']);
494 $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$userid' and `listme`=1"));
495 $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
496 where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0"));
497 if($points > 0)
498 {
499 $my_translation = L10n::get_translation();
500 L10n::set_translation($user['language']);
501
502 $subject = "[CAcert.org] ".sprintf(_("Message from %s"),
503 $_SESSION['profile']['fname']);
504
505 $body = sprintf(_("Hi %s,"), $user['fname'])."\n\n";
506 $body .= sprintf(_("%s %s has sent you a message via the ".
507 "contact an Assurer form on CAcert.org."),
508 $_SESSION['profile']['fname'],
509 $_SESSION['profile']['lname'])."\n\n";
510 $body .= sprintf(_("Subject: %s"), $_REQUEST['subject'])."\n";
511 $body .= _("Message:")."\n";
512 $body .= $_REQUEST['message']."\n\n";
513 $body .= "------------------------------------------------\n\n";
514 $body .= _("Please note, that this is NOT a message on behalf ".
515 "of CAcert but another CAcert community member. If ".
516 "you suspect that the contact form might have been ".
517 "abused, please write to support@cacert.org")."\n\n";
518 $body .= _("Best regards")."\n";
519 $body .= _("Your CAcert Community");
520
521 sendmail($user['email'], $subject, $body,
522 $_SESSION['profile']['email'], //from
523 "", //replyto
524 "", //toname
525 $_SESSION['profile']['fname']." ".
526 $_SESSION['profile']['lname']); //fromname
527
528 L10n::set_translation($my_translation);
529
530 showheader(_("My CAcert.org Account!"));?>
531 <p>
532 <? printf(_("Your email has been sent to %s."), $user['fname']); ?>
533 </p>
534 <p>[ <a href='javascript:history.go(-2)'><?= _("Go Back") ?></a> ]</p>
535 <?
536 showfooter();
537 exit;
538 } else {
539 show_page(0,"",_("Sorry, I was unable to locate that user."));
540 exit;
541 }
542
543 }
544 }
545 if($oldid == 9)
546 {
547 $oldid=0;
548 $id = 9;
549 show_page("ContactAssurer","",_("There was an error and I couldn't proceed"));
550 exit;
551 }
552
553 // showheader(_("My CAcert.org Account!"));
554 // echo "ID now = ".$id."/".$oldid.">>".$iecho;
555 // includeit($id, "wot");
556 // showfooter();
557 show_page ($id,"","");
558 ?>