bug 1137: Implemented the CCA tick and the recording of the CCA. There seems to be...
[cacert-devel.git] / www / wot.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */ ?>
18 <?
19 require_once("../includes/loggedin.php");
20 require_once("../includes/lib/l10n.php");
21 require_once("../includes/wot.inc.php");
22
23
24 function show_page($target,$message,$error)
25 {
26 showheader(_("My CAcert.org Account!"));
27 if ($error != "")
28 $message=_("ERROR").": ".$error;
29 if ($message != "")
30 echo "<p><font color='orange' size='+1'>".$message."</font></p>";
31
32 switch ($target)
33 {
34 case '0':
35 case 'InfoPage': includeit(0, "wot");
36 break;
37 case '1':
38 case 'ListByCity': includeit(1, "wot");
39 break;
40 case '2':
41 case 'BecomeAssurer': includeit(2, "wot");
42 break;
43 case '3':
44 case 'TrustRules': includeit(3, "wot");
45 break;
46 case '4':
47 case 'ShowTTPInfo': includeit(4, "wot");
48 break;
49 case '5';
50 case 'EnterEmail': includeit(5, "wot");
51 break;
52 case '6':
53 case 'VerifyData': includeit(6, "wot");
54 break;
55 // case '7':
56 // case '???': includeit(7, "wot");
57 // break;
58 case '8':
59 case 'EnterMyInfo': includeit(8, "wot");
60 break;
61 case '9':
62 case 'ContactAssurer': includeit(9, "wot");
63 break;
64 case '10':
65 case 'MyPointsOld': includeit(10, "wot");
66 break;
67 // case '11':
68 // case 'OAInfo': includeit(11, "wot");
69 // break;
70 case '12':
71 case 'SearchAssurer': includeit(12, "wot");
72 break;
73 case '13':
74 case 'EnterMyCity': includeit(13, "wot");
75 break;
76 // case '14':
77 // case 'EnterEmail': includeit(14, "wot");
78 // break;
79 case '15':
80 case 'MyPointsNew': includeit(15, "wot");
81 break;
82 }
83
84 showfooter();
85 }
86
87 function send_reminder()
88 {
89 $body = "";
90 $my_translation = L10n::get_translation();
91
92 $_SESSION['_config']['reminder-lang'] = $_POST['reminder-lang'];
93
94 $reminder_translations[] = $_POST['reminder-lang'];
95 if ( !in_array("en", $reminder_translations, $strict=true) ) {
96 $reminder_translations[] = "en";
97 }
98
99 foreach ($reminder_translations as $translation) {
100 L10n::set_translation($translation);
101
102 $body .= L10n::$translations[$translation].":\n\n";
103 $body .= sprintf(_("This is a short reminder that you filled out forms to become trusted with CAcert.org, and %s has attempted to issue you points. Please create your account at %s as soon as possible and then notify %s so that the points can be issued."), $_SESSION['profile']['fname']." (".$_SESSION['profile']['email'].")", "http://www.cacert.org", $_SESSION['profile']['fname'])."\n\n";
104 $body .= _("Best regards")."\n";
105 $body .= _("CAcert Support Team")."\n\n";
106 }
107
108 L10n::set_translation($reminder_translations[0]); // for the subject
109 sendmail($_POST['email'], "[CAcert.org] "._("Reminder Notice"), $body, $_SESSION['profile']['email'], "", "", $_SESSION['profile']['fname']);
110
111 L10n::set_translation($my_translation);
112
113 $_SESSION['_config']['remindersent'] = 1;
114 $_SESSION['_config']['error'] = _("A reminder notice has been sent.");
115 }
116
117
118
119 loadem("account");
120 if(array_key_exists('date',$_POST) && $_POST['date'] != "")
121 $_SESSION['_config']['date'] = $_POST['date'];
122
123 if(array_key_exists('location',$_POST) && $_POST['location'] != "")
124 $_SESSION['_config']['location'] = $_POST['location'];
125
126 $oldid=array_key_exists('oldid',$_REQUEST)?intval($_REQUEST['oldid']):0;
127
128 if($oldid == 12)
129 $id = $oldid;
130
131 if(($id == 5 || $oldid == 5 || $id == 6 || $oldid == 6))
132 if (!is_assurer($_SESSION['profile']['id']))
133 {
134 show_page ("Exit","",get_assurer_reason($_SESSION['profile']['id']));
135 exit;
136 }
137
138 if($oldid == 6 && intval($_SESSION['_config']['notarise']['id']) <= 0)
139 {
140 show_page ("EnterEmail","",_("Something went wrong. Please enter the email address again"));
141 exit;
142 }
143 if($oldid == 5 && array_key_exists('reminder',$_POST) && $_POST['reminder'] != "")
144 {
145 send_reminder();
146 show_page ("EnterEmail",_("A reminder notice has been sent."),"");
147 exit;
148 }
149
150 if($oldid == 5)
151 {
152 $query = "select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' and `deleted`=0";
153 $res = mysql_query($query);
154 if(mysql_num_rows($res) != 1)
155 {
156 $_SESSION['_config']['noemailfound'] = 1;
157 show_page("EnterEmail","",_("I'm sorry, there was no email matching what you entered in the system. Please double check your information."));
158 exit;
159 } else
160 {
161 $_SESSION['_config']['noemailfound'] = 0;
162 $_SESSION['_config']['notarise'] = mysql_fetch_assoc($res);
163 if ($_SESSION['_config']['notarise']['verified'] == 0)
164 {
165 show_page("EnterEmail","",_("User is not yet verified. Please try again in 24 hours!"));
166 exit;
167 }
168 }
169 }
170
171 if($oldid == 5 || $oldid == 6)
172 {
173 $id=6;
174 // $oldid=0;
175 if(array_key_exists('cancel',$_REQUEST) && $_REQUEST['cancel'] != "")
176 {
177 show_page("EnterEmail","","");
178 exit;
179 }
180 if($_SESSION['_config']['notarise']['id'] == $_SESSION['profile']['id'])
181 {
182 show_page("EnterEmail","",_("You are never allowed to Assure yourself!"));
183 exit;
184 }
185
186 $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' and
187 `to`='".$_SESSION['_config']['notarise']['id']."'";
188 $res = mysql_query($query);
189 if(mysql_num_rows($res) > 0)
190 {
191 show_page("EnterEmail","",_("You are only allowed to Assure someone once!"));
192 exit;
193 }
194 }
195
196 if($oldid == 6)
197 {
198 $iecho= "c";
199 if(!array_key_exists('assertion',$_POST) || $_POST['assertion'] != 1)
200 {
201 show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
202 exit;
203 }
204
205 if(!array_key_exists('CCAAgreed',$_POST) || $_POST['CCAAgreed'] != 1)
206 {
207 show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
208 exit;
209 }
210
211 /* if(!array_key_exists('rules',$_POST) || $_POST['rules'] != 1)
212 {
213 show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
214 exit;
215 }
216 */
217
218 if((!array_key_exists('certify',$_POST) || $_POST['certify'] != 1 ) && $_SESSION['profile']['ttpadmin'] != 1)
219 {
220 show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
221 exit;
222 }
223
224 if($_SESSION['profile']['ttpadmin'] != 1 && $_POST['location'] == "")
225 {
226 show_page("VerifyData","",_("You failed to enter a location of your meeting."));
227 exit;
228 }
229
230 if($_REQUEST['points'] == "")
231 {
232 show_page("VerifyData","",_("You must enter the number of points you wish to allocate to this person."));
233 exit;
234 }
235
236 $query = "select * from `users` where `id`='".$_SESSION['_config']['notarise']['id']."'";
237 $res = mysql_query($query);
238 $row = mysql_fetch_assoc($res);
239 $name = $row['fname']." ".$row['mname']." ".$row['lname']." ".$row['suffix'];
240 if($_SESSION['_config']['wothash'] != md5($name."-".$row['dob']) || $_SESSION['_config']['wothash'] != $_REQUEST['pagehash'])
241 {
242 show_page("VerifyData","",_("Race condition discovered, user altered details during assurance procedure. PLEASE MAKE SURE THE NEW DETAILS BELOW MATCH THE ID DOCUMENTS."));
243 exit;
244 }
245 }
246
247
248 if($oldid == 6)
249 {
250 $max = maxpoints();
251
252 $awarded = $newpoints = intval($_POST['points']);
253 if($newpoints > $max)
254 $newpoints = $awarded = $max;
255 if($newpoints < 0)
256 $newpoints = $awarded = 0;
257
258 $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`";
259 $res = mysql_query($query);
260 $drow = mysql_fetch_assoc($res);
261
262 $_POST['expire'] = 0;
263
264 if(($drow['total'] + $newpoints) > 100 && $max < 100)
265 $newpoints = 100 - $drow['total'];
266 if(($drow['total'] + $newpoints) > $max && $max >= 100)
267 $newpoints = $max - $drow['total'];
268 if($newpoints < 0)
269 $newpoints = 0;
270
271 if(mysql_escape_string(stripslashes($_POST['date'])) == "")
272 $_POST['date'] = date("Y-m-d H:i:s");
273
274 $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' AND
275 `to`='".$_SESSION['_config']['notarise']['id']."' AND
276 `awarded`='$awarded' AND
277 `location`='".mysql_escape_string(stripslashes($_POST['location']))."' AND
278 `date`='".mysql_escape_string(stripslashes($_POST['date']))."'";
279 $res = mysql_query($query);
280 if(mysql_num_rows($res) > 0)
281 {
282 show_page("VerifyEmail","",_("Identical Assurance attempted, will not continue."));
283 exit;
284 }
285 }
286
287 if($oldid == 6)
288 {
289 $query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
290 `to`='".$_SESSION['_config']['notarise']['id']."',
291 `points`='$newpoints', `awarded`='$awarded',
292 `location`='".mysql_escape_string(stripslashes($_POST['location']))."',
293 `date`='".mysql_escape_string(stripslashes($_POST['date']))."',
294 `when`=NOW()";
295 //record active acceptance by Assurer
296 write_user_agreement($_SESSION['profile']['id'], "CCA", "Assurance", "Assurer", 1, $_SESSION['_config']['notarise']['id']);
297 //record passive acceptance by Assuree
298 write_user_agreement($_SESSION['_config']['notarise']['id'], "CCA", "Assurance", "Assuree", 0, $_SESSION['profile']['id']);
299 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
300 {
301 $query .= ",\n`method`='Temporary Increase'";
302 $query .= ",\n`expire`=DATE_ADD(NOW(), INTERVAL '".intval($_POST['expire'])."' DAY)";
303 $query .= ",\n`sponsor`='".intval($_POST['sponsor'])."'";
304 } else if($_SESSION['profile']['board'] == 1) {
305 $query .= ",\n`method`='".mysql_escape_string(stripslashes($_POST['method']))."'";
306 } else if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) {
307 $query .= ",\n`method`='Trusted Third Parties'";
308 }
309 mysql_query($query);
310 fix_assurer_flag($_SESSION['_config']['notarise']['id']);
311
312 if($_SESSION['profile']['points'] < 150)
313 {
314 $addpoints = 0;
315 if($_SESSION['profile']['points'] < 149 && $_SESSION['profile']['points'] >= 100)
316 $addpoints = 2;
317 else if($_SESSION['profile']['points'] == 149 && $_SESSION['profile']['points'] >= 100)
318 $addpoints = 1;
319 $query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
320 `to`='".$_SESSION['profile']['id']."',
321 `points`='$addpoints', `awarded`='$addpoints',
322 `location`='".mysql_escape_string(stripslashes($_POST['location']))."',
323 `date`='".mysql_escape_string(stripslashes($_POST['date']))."',
324 `method`='Administrative Increase',
325 `when`=NOW()";
326 mysql_query($query);
327 // No need to fix_assurer_flag here, this should only happen for assurers...
328 $_SESSION['profile']['points'] += $addpoints;
329 }
330
331 $my_translation = L10n::get_translation();
332 L10n::set_translation($_SESSION['_config']['notarise']['language']);
333
334 $body = sprintf(_("You are receiving this email because you have been assured by %s %s (%s)."), $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'])."\n\n";
335 if($_POST['points'] != $newpoints)
336 $body .= sprintf(_("You were issued %s points however the system has rounded this down to %s and you now have %s points in total."), $_POST['points'], $newpoints, ($newpoints + $drow['total']))."\n\n";
337 else
338 $body .= sprintf(_("You were issued %s points and you now have %s points in total."), $newpoints, ($newpoints + $drow['total']))."\n\n";
339
340 if(($drow['total'] + $newpoints) < 100 && ($drow['total'] + $newpoints) >= 50)
341 {
342 $body .= _("You now have over 50 points, and can now have your name added to client certificates, and issue server certificates for up to 2 years.")."\n\n";
343 }
344
345 if(($drow['total'] + $newpoints) >= 100 && $newpoints > 0)
346 {
347 $body .= _("You have at least 100 Assurance Points. If you want ".
348 "to become an assurer try the Assurer Challenge").
349 " ( https://cats.cacert.org ).\n\n";
350 $body .= _("To make it easier for others in your area to find ".
351 "you, it's helpful to list yourself as an assurer (this ".
352 "is voluntary), as well as a physical location where you ".
353 "live or work the most. You can flag your account to be ".
354 "listed, and add a comment to the display by going to:")."\n";
355 $body .= "https://www.cacert.org/wot.php?id=8\n\n";
356 $body .= _("You can list your location by going to:")."\n";
357 $body .= "https://www.cacert.org/wot.php?id=13\n\n";
358 }
359
360 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
361 $body .= sprintf(_("Please Note: this is a temporary increase for %s days only. After that time your points will be reduced to 150 points."), intval($_POST['expire']))."\n\n";
362
363 $body .= _("Best regards")."\n";
364 $body .= _("CAcert Support Team");
365
366 sendmail($_SESSION['_config']['notarise']['email'], "[CAcert.org] "._("You've been Assured."), $body, "support@cacert.org", "", "", "CAcert Website");
367
368 L10n::set_translation($my_translation);
369
370 $body = sprintf(_("You are receiving this email because you have assured %s %s (%s)."), $_SESSION['_config']['notarise']['fname'], $_SESSION['_config']['notarise']['lname'], $_SESSION['_config']['notarise']['email'])."\n\n";
371 if($_POST['points'] != $newpoints)
372 $body .= sprintf(_("You issued %s points however the system has rounded this down to %s and they now have %s points in total."), $_POST['points'], $newpoints, ($newpoints + $drow['total']))."\n\n";
373 else
374 $body .= sprintf(_("You issued %s points and they now have %s points in total."), $newpoints, ($newpoints + $drow['total']))."\n\n";
375
376 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
377 $body .= sprintf(_("Please Note: this is a temporary increase for %s days only. After that time their points will be reduced to 150 points."), intval($_POST['expire']))."\n\n";
378 $body .= _("Best regards")."\n";
379 $body .= _("CAcert Support Team");
380
381 sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("You've Assured Another Member."), $body, "support@cacert.org", "", "", "CAcert Support");
382
383 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
384 {
385 $body = sprintf("%s %s (%s) has issued a temporary increase to 200 points for %s %s (%s) for %s days. This action was sponsored by %s %s (%s).", $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'], $_SESSION['_config']['notarise']['fname'], $_SESSION['_config']['notarise']['lname'], $_SESSION['_config']['notarise']['email'], intval($_POST['expire']), $sponsor['fname'], $sponsor['lname'], $sponsor['email'])."\n\n";
386
387 sendmail("cacert-board@lists.cacert.org", "[CAcert.org] Temporary Increase Issued.", $body, "website@cacert.org", "", "", "CAcert Website");
388 }
389
390 showheader(_("My CAcert.org Account!"));
391 echo "<p>"._("Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this.")."</p>";
392 ?><form method="post" action="wot.php">
393 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
394 <tr>
395 <td colspan="2" class="title"><?=_("Assure Someone")?></td>
396 </tr>
397 <tr>
398 <td class="DataTD"><?=_("Email")?>:</td>
399 <td class="DataTD"><input type="text" name="email" id="email" value=""></td>
400 </tr>
401 <tr>
402 <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
403 </tr>
404 </table>
405 <input type="hidden" name="oldid" value="5">
406 </form>
407 <SCRIPT LANGUAGE="JavaScript">
408 //<![CDATA[
409 function my_init()
410 {
411 document.getElementById("email").focus();
412 }
413
414 window.onload = my_init();
415 //]]>
416 </script>
417 <?
418 showfooter();
419 exit;
420 }
421
422 if($oldid == 8)
423 {
424 csrf_check("chgcontact");
425
426 $info = mysql_escape_string(strip_tags(stripslashes($_POST['contactinfo'])));
427 $listme = intval($_POST['listme']);
428 if($listme < 0 || $listme > 1)
429 $listme = 0;
430
431 $_SESSION['profile']['listme'] = $listme;
432 $_SESSION['profile']['contactinfo'] = $info;
433
434 $query = "update `users` set `listme`='$listme',`contactinfo`='$info' where `id`='".$_SESSION['profile']['id']."'";
435 mysql_query($query);
436
437 showheader(_("My CAcert.org Account!"));
438 echo "<p>"._("Your account information has been updated.")."</p>";
439 showfooter();
440 exit;
441 }
442
443 if($oldid == 9 && $_REQUEST['userid'] > 0 && $_SESSION['profile']['id'] > 0)
444 {
445 if($_SESSION['_config']['pagehash'] != $_REQUEST['pageid'])
446 {
447 $oldid=0;
448 $id = 9;
449 show_page("ContactAssurer","",_("It looks like you were trying to contact multiple people, this isn't allowed due to data security reasons."));
450 exit;
451 } else {
452 $body = $_REQUEST['message'];
453 $subject = $_REQUEST['subject'];
454 $userid = intval($_REQUEST['userid']);
455 $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$userid' and `listme`=1"));
456 $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
457 where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0"));
458 if($points > 0)
459 {
460 $my_translation = L10n::get_translation();
461 L10n::set_translation($user['language']);
462
463 $subject = "[CAcert.org] ".sprintf(_("Message from %s"),
464 $_SESSION['profile']['fname']);
465
466 $body = sprintf(_("Hi %s,"), $user['fname'])."\n\n";
467 $body .= sprintf(_("%s %s has sent you a message via the ".
468 "contact an Assurer form on CAcert.org."),
469 $_SESSION['profile']['fname'],
470 $_SESSION['profile']['lname'])."\n\n";
471 $body .= sprintf(_("Subject: %s"), $_REQUEST['subject'])."\n";
472 $body .= _("Message:")."\n";
473 $body .= $_REQUEST['message']."\n\n";
474 $body .= "------------------------------------------------\n\n";
475 $body .= _("Please note, that this is NOT a message on behalf ".
476 "of CAcert but another CAcert community member. If ".
477 "you suspect that the contact form might have been ".
478 "abused, please write to support@cacert.org")."\n\n";
479 $body .= _("Best regards")."\n";
480 $body .= _("Your CAcert Community");
481
482 sendmail($user['email'], $subject, $body,
483 $_SESSION['profile']['email'], //from
484 "", //replyto
485 "", //toname
486 $_SESSION['profile']['fname']." ".
487 $_SESSION['profile']['lname']); //fromname
488
489 L10n::set_translation($my_translation);
490
491 showheader(_("My CAcert.org Account!"));?>
492 <p>
493 <? printf(_("Your email has been sent to %s."), $user['fname']); ?>
494 </p>
495 <p>[ <a href='javascript:history.go(-2)'><?= _("Go Back") ?></a> ]</p>
496 <?
497 showfooter();
498 exit;
499 } else {
500 show_page(0,"",_("Sorry, I was unable to locate that user."));
501 exit;
502 }
503
504 }
505 }
506 if($oldid == 9)
507 {
508 $oldid=0;
509 $id = 9;
510 show_page("ContactAssurer","",_("There was an error and I couldn't proceed"));
511 exit;
512 }
513
514 // showheader(_("My CAcert.org Account!"));
515 // echo "ID now = ".$id."/".$oldid.">>".$iecho;
516 // includeit($id, "wot");
517 // showfooter();
518 show_page ($id,"","");
519 ?>