2ffaf7b2954e39e2f40d557d95be9b7f457a926e
[cacert-devel.git] / www / wot.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */ ?>
18 <?
19 require_once("../includes/loggedin.php");
20 require_once("../includes/lib/l10n.php");
21
22
23 function show_page($target,$message,$error)
24 {
25 showheader(_("My CAcert.org Account!"));
26 if ($error != "")
27 $message=_("ERROR").": ".$error;
28 if ($message != "")
29 echo "<p><font color='orange' size='+1'>".$message."</font></p>";
30
31 switch ($target)
32 {
33 case '0':
34 case 'InfoPage': includeit(0, "wot");
35 break;
36 case '1':
37 case 'ListByCity': includeit(1, "wot");
38 break;
39 case '2':
40 case 'BecomeAssurer': includeit(2, "wot");
41 break;
42 case '3':
43 case 'TrustRules': includeit(3, "wot");
44 break;
45 case '4':
46 case 'ShowTTPInfo': includeit(4, "wot");
47 break;
48 case '5';
49 case 'EnterEmail': includeit(5, "wot");
50 break;
51 case '6':
52 case 'VerifyData': includeit(6, "wot");
53 break;
54 // case '7':
55 // case '???': includeit(7, "wot");
56 // break;
57 case '8':
58 case 'EnterMyInfo': includeit(8, "wot");
59 break;
60 case '9':
61 case 'ContactAssurer': includeit(9, "wot");
62 break;
63 case '10':
64 case 'MyPointsOld': includeit(10, "wot");
65 break;
66 // case '11':
67 // case 'OAInfo': includeit(11, "wot");
68 // break;
69 case '12':
70 case 'SearchAssurer': includeit(12, "wot");
71 break;
72 case '13':
73 case 'EnterMyCity': includeit(13, "wot");
74 break;
75 // case '14':
76 // case 'EnterEmail': includeit(14, "wot");
77 // break;
78 case '15':
79 case 'MyPointsNew': includeit(15, "wot");
80 break;
81 }
82
83 showfooter();
84 }
85
86 function send_reminder()
87 {
88 $body = "";
89 $my_translation = L10n::get_translation();
90
91 $_SESSION['_config']['reminder-lang'] = $_POST['reminder-lang'];
92
93 $reminder_translations[] = $_POST['reminder-lang'];
94 if ( !in_array("en", $reminder_translations, $strict=true) ) {
95 $reminder_translations[] = "en";
96 }
97
98 foreach ($reminder_translations as $translation) {
99 L10n::set_translation($translation);
100
101 $body .= L10n::$translations[$translation].":\n\n";
102 $body .= sprintf(_("This is a short reminder that you filled out forms to become trusted with CAcert.org, and %s has attempted to issue you points. Please create your account at %s as soon as possible and then notify %s so that the points can be issued."), $_SESSION['profile']['fname']." (".$_SESSION['profile']['email'].")", "http://www.cacert.org", $_SESSION['profile']['fname'])."\n\n";
103 $body .= _("Best regards")."\n";
104 $body .= _("CAcert Support Team")."\n\n";
105 }
106
107 L10n::set_translation($reminder_translations[0]); // for the subject
108 sendmail($_POST['email'], "[CAcert.org] "._("Reminder Notice"), $body, $_SESSION['profile']['email'], "", "", $_SESSION['profile']['fname']);
109
110 L10n::set_translation($my_translation);
111
112 $_SESSION['_config']['remindersent'] = 1;
113 $_SESSION['_config']['error'] = _("A reminder notice has been sent.");
114 }
115
116
117
118
119 loadem("account");
120 if(array_key_exists('date',$_POST) && $_POST['date'] != "")
121 $_SESSION['_config']['date'] = $_POST['date'];
122
123 if(array_key_exists('location',$_POST) && $_POST['location'] != "")
124 $_SESSION['_config']['location'] = $_POST['location'];
125
126 $oldid=array_key_exists('oldid',$_REQUEST)?intval($_REQUEST['oldid']):0;
127
128 if($oldid == 12)
129 $id = $oldid;
130
131 if($oldid == 4)
132 {
133 $my_translation = L10n::get_translation();
134 L10n::set_translation($_SESSION['_config']['notarise']['language']);
135 if ($_POST['ttp']!='') {
136 //This mail does not need to be translated
137 $body = "Hi TTP adminstrators,\n\n";
138 $body .= "User ".$_SESSION['profile']['fname']." ".
139 $_SESSION['profile']['lname']." with email address '".
140 $_SESSION['profile']['email']."' is requesting a TTP assurances for ".
141 mysql_escape_string(stripslashes($_POST['country'])).".\n\n";
142 if ($_POST['ttptopup']=='1') {
143 $body .= "The user is requesting also the TTP TOPUP.\n\n";
144 }else{
145 $body .= "The user is NOT requesting the TTP TOPUP.\n\n";
146 }
147 $body .= "The user received ".(int)$_SESSION['profile']['points']." assurance points up today.\n\n";
148 $body .= "Please start the TTP assurance process.";
149 sendmail("support@cacert.org", "[CAcert.org] "._("TTP request."), $body, "support@cacert.org", "", "", "CAcert Website");
150
151 //This mail needs to be translated
152 L10n::set_translation($my_translation);
153
154 $body =_("You are receiving this email because you asked for TTP assurance.")."\n\n";
155 if ($_POST['ttptopup']=='1') {
156 $body .=_("You are requesting the TTP TOPUP.")."\n\n";
157 }else{
158 $body .=_("You are NOT requesting the TTP TOPUP.")."\n\n";
159 }
160 $body .= _("Best regards")."\n";
161 $body .= _("CAcert Support Team");
162
163 sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("You requested TTP assurances"), $body, "support@cacert.org", "", "", "CAcert Support");
164
165 }
166
167 }
168
169 if(($id == 5 || $oldid == 5 || $id == 6 || $oldid == 6))
170 if (!is_assurer($_SESSION['profile']['id']))
171 {
172 show_page ("Exit","",get_assurer_reason($_SESSION['profile']['id']));
173 exit;
174 }
175
176 if($oldid == 6 && intval($_SESSION['_config']['notarise']['id']) <= 0)
177 {
178 show_page ("EnterEmail","",_("Something went wrong. Please enter the email address again"));
179 exit;
180 }
181 if($oldid == 5 && array_key_exists('reminder',$_POST) && $_POST['reminder'] != "")
182 {
183 send_reminder();
184 show_page ("EnterEmail",_("A reminder notice has been sent."),"");
185 exit;
186 }
187
188 if($oldid == 5)
189 {
190 $query = "select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' and `deleted`=0";
191 $res = mysql_query($query);
192 if(mysql_num_rows($res) != 1)
193 {
194 $_SESSION['_config']['noemailfound'] = 1;
195 show_page("EnterEmail","",_("I'm sorry, there was no email matching what you entered in the system. Please double check your information."));
196 exit;
197 } else
198 {
199 $_SESSION['_config']['noemailfound'] = 0;
200 $_SESSION['_config']['notarise'] = mysql_fetch_assoc($res);
201 if ($_SESSION['_config']['notarise']['verified'] == 0)
202 {
203 show_page("EnterEmail","",_("User is not yet verified. Please try again in 24 hours!"));
204 exit;
205 }
206 }
207 }
208
209 if($oldid == 5 || $oldid == 6)
210 {
211 $id=6;
212 // $oldid=0;
213 if(array_key_exists('cancel',$_REQUEST) && $_REQUEST['cancel'] != "")
214 {
215 show_page("EnterEmail","","");
216 exit;
217 }
218 if($_SESSION['_config']['notarise']['id'] == $_SESSION['profile']['id'])
219 {
220 show_page("EnterEmail","",_("You are never allowed to Assure yourself!"));
221 exit;
222 }
223
224 $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' and
225 `to`='".$_SESSION['_config']['notarise']['id']."'";
226 $res = mysql_query($query);
227 if(mysql_num_rows($res) > 0)
228 {
229 show_page("EnterEmail","",_("You are only allowed to Assure someone once!"));
230 exit;
231 }
232 }
233
234 if($oldid == 6)
235 {
236 $iecho= "c";
237 if(!array_key_exists('assertion',$_POST) || $_POST['assertion'] != 1)
238 {
239 show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
240 exit;
241 }
242
243 /* if(!array_key_exists('rules',$_POST) || $_POST['rules'] != 1)
244 {
245 show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
246 exit;
247 }
248 */
249
250 if((!array_key_exists('certify',$_POST) || $_POST['certify'] != 1 ) && $_SESSION['profile']['ttpadmin'] != 1)
251 {
252 show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
253 exit;
254 }
255
256 if($_SESSION['profile']['ttpadmin'] != 1 && $_POST['location'] == "")
257 {
258 show_page("VerifyData","",_("You failed to enter a location of your meeting."));
259 exit;
260 }
261
262 if($_REQUEST['points'] == "")
263 {
264 show_page("VerifyData","",_("You must enter the number of points you wish to allocate to this person."));
265 exit;
266 }
267
268 $query = "select * from `users` where `id`='".$_SESSION['_config']['notarise']['id']."'";
269 $res = mysql_query($query);
270 $row = mysql_fetch_assoc($res);
271 $name = $row['fname']." ".$row['mname']." ".$row['lname']." ".$row['suffix'];
272 if($_SESSION['_config']['wothash'] != md5($name."-".$row['dob']) || $_SESSION['_config']['wothash'] != $_REQUEST['pagehash'])
273 {
274 show_page("VerifyData","",_("Race condition discovered, user altered details during assurance procedure. PLEASE MAKE SURE THE NEW DETAILS BELOW MATCH THE ID DOCUMENTS."));
275 exit;
276 }
277 }
278
279
280 if($oldid == 6)
281 {
282 $max = maxpoints();
283
284 $awarded = $newpoints = intval($_POST['points']);
285 if($newpoints > $max)
286 $newpoints = $awarded = $max;
287 if($newpoints < 0)
288 $newpoints = $awarded = 0;
289
290 $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`";
291 $res = mysql_query($query);
292 $drow = mysql_fetch_assoc($res);
293
294 $_POST['expire'] = 0;
295
296 if(($drow['total'] + $newpoints) > 100 && $max < 100)
297 $newpoints = 100 - $drow['total'];
298 if(($drow['total'] + $newpoints) > $max && $max >= 100)
299 $newpoints = $max - $drow['total'];
300 if($newpoints < 0)
301 $newpoints = 0;
302
303 if(mysql_escape_string(stripslashes($_POST['date'])) == "")
304 $_POST['date'] = date("Y-m-d H:i:s");
305
306 $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' AND
307 `to`='".$_SESSION['_config']['notarise']['id']."' AND
308 `awarded`='$awarded' AND
309 `location`='".mysql_escape_string(stripslashes($_POST['location']))."' AND
310 `date`='".mysql_escape_string(stripslashes($_POST['date']))."'";
311 $res = mysql_query($query);
312 if(mysql_num_rows($res) > 0)
313 {
314 show_page("VerifyEmail","",_("Identical Assurance attempted, will not continue."));
315 exit;
316 }
317 }
318
319 if($oldid == 6)
320 {
321 $query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
322 `to`='".$_SESSION['_config']['notarise']['id']."',
323 `points`='$newpoints', `awarded`='$awarded',
324 `location`='".mysql_escape_string(stripslashes($_POST['location']))."',
325 `date`='".mysql_escape_string(stripslashes($_POST['date']))."',
326 `when`=NOW()";
327 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
328 {
329 $query .= ",\n`method`='Temporary Increase'";
330 $query .= ",\n`expire`=DATE_ADD(NOW(), INTERVAL '".intval($_POST['expire'])."' DAY)";
331 $query .= ",\n`sponsor`='".intval($_POST['sponsor'])."'";
332 } else if($_SESSION['profile']['board'] == 1) {
333 $query .= ",\n`method`='".mysql_escape_string(stripslashes($_POST['method']))."'";
334 } else if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) {
335 $query .= ",\n`method`='Trusted Third Parties'";
336 }
337 mysql_query($query);
338 fix_assurer_flag($_SESSION['_config']['notarise']['id']);
339
340 if($_SESSION['profile']['points'] < 150)
341 {
342 $addpoints = 0;
343 if($_SESSION['profile']['points'] < 149 && $_SESSION['profile']['points'] >= 100)
344 $addpoints = 2;
345 else if($_SESSION['profile']['points'] == 149 && $_SESSION['profile']['points'] >= 100)
346 $addpoints = 1;
347 $query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
348 `to`='".$_SESSION['profile']['id']."',
349 `points`='$addpoints', `awarded`='$addpoints',
350 `location`='".mysql_escape_string(stripslashes($_POST['location']))."',
351 `date`='".mysql_escape_string(stripslashes($_POST['date']))."',
352 `method`='Administrative Increase',
353 `when`=NOW()";
354 mysql_query($query);
355 // No need to fix_assurer_flag here, this should only happen for assurers...
356 $_SESSION['profile']['points'] += $addpoints;
357 }
358
359 $my_translation = L10n::get_translation();
360 L10n::set_translation($_SESSION['_config']['notarise']['language']);
361
362 $body = sprintf(_("You are receiving this email because you have been assured by %s %s (%s)."), $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'])."\n\n";
363 if($_POST['points'] != $newpoints)
364 $body .= sprintf(_("You were issued %s points however the system has rounded this down to %s and you now have %s points in total."), $_POST['points'], $newpoints, ($newpoints + $drow['total']))."\n\n";
365 else
366 $body .= sprintf(_("You were issued %s points and you now have %s points in total."), $newpoints, ($newpoints + $drow['total']))."\n\n";
367
368 if(($drow['total'] + $newpoints) < 100 && ($drow['total'] + $newpoints) >= 50)
369 {
370 $body .= _("You now have over 50 points, and can now have your name added to client certificates, and issue server certificates for up to 2 years.")."\n\n";
371 }
372
373 if(($drow['total'] + $newpoints) >= 100 && $newpoints > 0)
374 {
375 // $body .= _("You now have over 100 points and can start assuring others.")."\n\n";
376 $body .= _("You have at least 100 Assurance Points, if you want to become an assurer try the")." ";
377 $body .= _("Assurer Challenge")." ( https://cats.cacert.org )\n\n";
378 $body .= _("To make it easier for others in your area to find you, it's helpful to list yourself as an assurer (this is voluntary), as well as a physical location where you live or work the most. You can flag your account to be listed, and add a comment to the display by going to:")."\n\n";
379 $body .= "https://www.cacert.org/wot.php?id=8\n\n";
380 $body .= _("You can list your location by going to:")."\n\n";
381 $body .= "https://www.cacert.org/wot.php?id=13\n\n";
382 }
383
384 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
385 $body .= sprintf(_("Please Note: this is a temporary increase for %s days only. After that time your points will be reduced to 150 points."), intval($_POST['expire']))."\n\n";
386
387 $body .= _("Best regards")."\n";
388 $body .= _("CAcert Support Team");
389
390 sendmail($_SESSION['_config']['notarise']['email'], "[CAcert.org] "._("You've been Assured."), $body, "support@cacert.org", "", "", "CAcert Website");
391
392 L10n::set_translation($my_translation);
393
394 $body = sprintf(_("You are receiving this email because you have assured %s %s (%s)."), $_SESSION['_config']['notarise']['fname'], $_SESSION['_config']['notarise']['lname'], $_SESSION['_config']['notarise']['email'])."\n\n";
395 if($_POST['points'] != $newpoints)
396 $body .= sprintf(_("You issued %s points however the system has rounded this down to %s and they now have %s points in total."), $_POST['points'], $newpoints, ($newpoints + $drow['total']))."\n\n";
397 else
398 $body .= sprintf(_("You issued %s points and they now have %s points in total."), $newpoints, ($newpoints + $drow['total']))."\n\n";
399
400 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
401 $body .= sprintf(_("Please Note: this is a temporary increase for %s days only. After that time their points will be reduced to 150 points."), intval($_POST['expire']))."\n\n";
402 $body .= _("Best regards")."\n";
403 $body .= _("CAcert Support Team");
404
405 sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("You've Assured Another Member."), $body, "support@cacert.org", "", "", "CAcert Support");
406
407 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
408 {
409 $body = sprintf("%s %s (%s) has issued a temporary increase to 200 points for %s %s (%s) for %s days. This action was sponsored by %s %s (%s).", $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'], $_SESSION['_config']['notarise']['fname'], $_SESSION['_config']['notarise']['lname'], $_SESSION['_config']['notarise']['email'], intval($_POST['expire']), $sponsor['fname'], $sponsor['lname'], $sponsor['email'])."\n\n";
410
411 sendmail("cacert-board@lists.cacert.org", "[CAcert.org] Temporary Increase Issued.", $body, "website@cacert.org", "", "", "CAcert Website");
412 }
413
414 showheader(_("My CAcert.org Account!"));
415 echo "<p>"._("Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this.")."</p>";
416 ?><form method="post" action="wot.php">
417 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
418 <tr>
419 <td colspan="2" class="title"><?=_("Assure Someone")?></td>
420 </tr>
421 <tr>
422 <td class="DataTD"><?=_("Email")?>:</td>
423 <td class="DataTD"><input type="text" name="email" id="email" value=""></td>
424 </tr>
425 <tr>
426 <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
427 </tr>
428 </table>
429 <input type="hidden" name="oldid" value="5">
430 </form>
431 <SCRIPT LANGUAGE="JavaScript">
432 //<![CDATA[
433 function my_init()
434 {
435 document.getElementById("email").focus();
436 }
437
438 window.onload = my_init();
439 //]]>
440 </script>
441 <?
442 showfooter();
443 exit;
444 }
445
446 if($oldid == 8)
447 {
448 csrf_check("chgcontact");
449
450 $info = mysql_escape_string(strip_tags(stripslashes($_POST['contactinfo'])));
451 $listme = intval($_POST['listme']);
452 if($listme < 0 || $listme > 1)
453 $listme = 0;
454
455 $_SESSION['profile']['listme'] = $listme;
456 $_SESSION['profile']['contactinfo'] = $info;
457
458 $query = "update `users` set `listme`='$listme',`contactinfo`='$info' where `id`='".$_SESSION['profile']['id']."'";
459 mysql_query($query);
460
461 showheader(_("My CAcert.org Account!"));
462 echo "<p>"._("Your account information has been updated.")."</p>";
463 showfooter();
464 exit;
465 }
466
467 if($oldid == 9 && $_REQUEST['userid'] > 0 && $_SESSION['profile']['id'] > 0)
468 {
469 if($_SESSION['_config']['pagehash'] != $_REQUEST['pageid'])
470 {
471 $oldid=0;
472 $id = 9;
473 show_page("ContactAssurer","",_("It looks like you were trying to contact multiple people, this isn't allowed due to data security reasons."));
474 exit;
475 } else {
476 $body = $_REQUEST['message'];
477 $subject = $_REQUEST['subject'];
478 $userid = intval($_REQUEST['userid']);
479 $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$userid' and `listme`=1"));
480 $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
481 where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0"));
482 if($points > 0)
483 {
484 $my_translation = L10n::get_translation();
485 L10n::set_translation($user['language']);
486
487 $subject = "[CAcert.org] ".sprintf(_("Message from %s"),
488 $_SESSION['profile']['fname']);
489
490 $body = sprintf(_("Hi %s,"), $user['fname'])."\n\n";
491 $body .= sprintf(_("%s %s has sent you a message via the ".
492 "contact an Assurer form on CAcert.org."),
493 $_SESSION['profile']['fname'],
494 $_SESSION['profile']['lname'])."\n\n";
495 $body .= sprintf(_("Subject: %s"), $_REQUEST['subject'])."\n";
496 $body .= _("Message:")."\n";
497 $body .= $_REQUEST['message']."\n\n";
498 $body .= "------------------------------------------------\n\n";
499 $body .= _("Please note, that this is NOT a message on behalf ".
500 "of CAcert but another CAcert community member. If ".
501 "you suspect that the contact form might have been ".
502 "abused, please write to support@cacert.org")."\n\n";
503 $body .= _("Best regards")."\n";
504 $body .= _("Your CAcert Community");
505
506 sendmail($user['email'], $subject, $body,
507 $_SESSION['profile']['email'], //from
508 "", //replyto
509 "", //toname
510 $_SESSION['profile']['fname']." ".
511 $_SESSION['profile']['lname']); //fromname
512
513 L10n::set_translation($my_translation);
514
515 showheader(_("My CAcert.org Account!"));?>
516 <p>
517 <? printf(_("Your email has been sent to %s."), $user['fname']); ?>
518 </p>
519 <p>[ <a href='javascript:history.go(-2)'><?= _("Go Back") ?></a> ]</p>
520 <?
521 showfooter();
522 exit;
523 } else {
524 show_page(0,"",_("Sorry, I was unable to locate that user."));
525 exit;
526 }
527
528 }
529 }
530 if($oldid == 9)
531 {
532 $oldid=0;
533 $id = 9;
534 show_page("ContactAssurer","",_("There was an error and I couldn't proceed"));
535 exit;
536 }
537
538 // showheader(_("My CAcert.org Account!"));
539 // echo "ID now = ".$id."/".$oldid.">>".$iecho;
540 // includeit($id, "wot");
541 // showfooter();
542 show_page ($id,"","");
543 ?>