bug 1112: Fix things popped up in review:
[cacert-devel.git] / www / wot.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */ ?>
18 <?
19 require_once("../includes/loggedin.php");
20 require_once("../includes/lib/l10n.php");
21
22
23 function show_page($target,$message,$error)
24 {
25 showheader(_("My CAcert.org Account!"));
26 if ($error != "")
27 $message=_("ERROR").": ".$error;
28 if ($message != "")
29 echo "<p><font color='orange' size='+1'>".$message."</font></p>";
30
31 switch ($target)
32 {
33 case '0':
34 case 'InfoPage': includeit(0, "wot");
35 break;
36 case '1':
37 case 'ListByCity': includeit(1, "wot");
38 break;
39 case '2':
40 case 'BecomeAssurer': includeit(2, "wot");
41 break;
42 case '3':
43 case 'TrustRules': includeit(3, "wot");
44 break;
45 case '4':
46 case 'ShowTTPInfo': includeit(4, "wot");
47 break;
48 case '5';
49 case 'EnterEmail': includeit(5, "wot");
50 break;
51 case '6':
52 case 'VerifyData': includeit(6, "wot");
53 break;
54 // case '7':
55 // case '???': includeit(7, "wot");
56 // break;
57 case '8':
58 case 'EnterMyInfo': includeit(8, "wot");
59 break;
60 case '9':
61 case 'ContactAssurer': includeit(9, "wot");
62 break;
63 case '10':
64 case 'MyPointsOld': includeit(10, "wot");
65 break;
66 // case '11':
67 // case 'OAInfo': includeit(11, "wot");
68 // break;
69 case '12':
70 case 'SearchAssurer': includeit(12, "wot");
71 break;
72 case '13':
73 case 'EnterMyCity': includeit(13, "wot");
74 break;
75 // case '14':
76 // case 'EnterEmail': includeit(14, "wot");
77 // break;
78 case '15':
79 case 'MyPointsNew': includeit(15, "wot");
80 break;
81 }
82
83 showfooter();
84 }
85
86 function send_reminder()
87 {
88 $body = "";
89 $my_translation = L10n::get_translation();
90
91 $_SESSION['_config']['reminder-lang'] = $_POST['reminder-lang'];
92
93 $reminder_translations[] = $_POST['reminder-lang'];
94 if ( !in_array("en", $reminder_translations, $strict=true) ) {
95 $reminder_translations[] = "en";
96 }
97
98 foreach ($reminder_translations as $translation) {
99 L10n::set_translation($translation);
100
101 $body .= L10n::$translations[$translation].":\n\n";
102 $body .= sprintf(_("This is a short reminder that you filled out forms to become trusted with CAcert.org, and %s has attempted to issue you points. Please create your account at %s as soon as possible and then notify %s so that the points can be issued."), $_SESSION['profile']['fname']." (".$_SESSION['profile']['email'].")", "http://www.cacert.org", $_SESSION['profile']['fname'])."\n\n";
103 $body .= _("Best regards")."\n";
104 $body .= _("CAcert Support Team")."\n\n";
105 }
106
107 L10n::set_translation($reminder_translations[0]); // for the subject
108 sendmail($_POST['email'], "[CAcert.org] "._("Reminder Notice"), $body, $_SESSION['profile']['email'], "", "", $_SESSION['profile']['fname']);
109
110 L10n::set_translation($my_translation);
111
112 $_SESSION['_config']['remindersent'] = 1;
113 $_SESSION['_config']['error'] = _("A reminder notice has been sent.");
114 }
115
116
117
118
119 loadem("account");
120 if(array_key_exists('date',$_POST) && $_POST['date'] != "")
121 $_SESSION['_config']['date'] = $_POST['date'];
122
123 if(array_key_exists('location',$_POST) && $_POST['location'] != "")
124 $_SESSION['_config']['location'] = $_POST['location'];
125
126 $oldid=array_key_exists('oldid',$_REQUEST)?intval($_REQUEST['oldid']):0;
127
128 if($oldid == 12)
129 $id = $oldid;
130
131 if($oldid == 4)
132 {
133 if ($_POST['ttp']!='') {
134 //This mail does not need to be translated
135 $body = "Hi TTP adminstrators,\n\n";
136 $body .= "User ".$_SESSION['profile']['fname']." ".
137 $_SESSION['profile']['lname']." with email address '".
138 $_SESSION['profile']['email']."' is requesting a TTP assurances for ".
139 mysql_escape_string(stripslashes($_POST['country'])).".\n\n";
140 if ($_POST['ttptopup']=='1') {
141 $body .= "The user is also requesting TTP TOPUP.\n\n";
142 }else{
143 $body .= "The user is NOT requesting TTP TOPUP.\n\n";
144 }
145 $body .= "The user received ".intval($_SESSION['profile']['points'])." assurance points up to today.\n\n";
146 $body .= "Please start the TTP assurance process.";
147 sendmail("support@cacert.org", "[CAcert.org] TTP request.", $body, "support@cacert.org", "", "", "CAcert Website");
148
149 //This mail needs to be translated
150 $body =_("You are receiving this email because you asked for TTP assurance.")."\n\n";
151 if ($_POST['ttptopup']=='1') {
152 $body .=_("You are requesting TTP TOPUP.")."\n\n";
153 }else{
154 $body .=_("You are NOT requesting TTP TOPUP.")."\n\n";
155 }
156 $body .= _("Best regards")."\n";
157 $body .= _("CAcert Support Team");
158
159 sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("You requested TTP assurances"), $body, "support@cacert.org", "", "", "CAcert Support");
160
161 }
162
163 }
164
165 if(($id == 5 || $oldid == 5 || $id == 6 || $oldid == 6))
166 if (!is_assurer($_SESSION['profile']['id']))
167 {
168 show_page ("Exit","",get_assurer_reason($_SESSION['profile']['id']));
169 exit;
170 }
171
172 if($oldid == 6 && intval($_SESSION['_config']['notarise']['id']) <= 0)
173 {
174 show_page ("EnterEmail","",_("Something went wrong. Please enter the email address again"));
175 exit;
176 }
177 if($oldid == 5 && array_key_exists('reminder',$_POST) && $_POST['reminder'] != "")
178 {
179 send_reminder();
180 show_page ("EnterEmail",_("A reminder notice has been sent."),"");
181 exit;
182 }
183
184 if($oldid == 5)
185 {
186 $query = "select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' and `deleted`=0";
187 $res = mysql_query($query);
188 if(mysql_num_rows($res) != 1)
189 {
190 $_SESSION['_config']['noemailfound'] = 1;
191 show_page("EnterEmail","",_("I'm sorry, there was no email matching what you entered in the system. Please double check your information."));
192 exit;
193 } else
194 {
195 $_SESSION['_config']['noemailfound'] = 0;
196 $_SESSION['_config']['notarise'] = mysql_fetch_assoc($res);
197 if ($_SESSION['_config']['notarise']['verified'] == 0)
198 {
199 show_page("EnterEmail","",_("User is not yet verified. Please try again in 24 hours!"));
200 exit;
201 }
202 }
203 }
204
205 if($oldid == 5 || $oldid == 6)
206 {
207 $id=6;
208 // $oldid=0;
209 if(array_key_exists('cancel',$_REQUEST) && $_REQUEST['cancel'] != "")
210 {
211 show_page("EnterEmail","","");
212 exit;
213 }
214 if($_SESSION['_config']['notarise']['id'] == $_SESSION['profile']['id'])
215 {
216 show_page("EnterEmail","",_("You are never allowed to Assure yourself!"));
217 exit;
218 }
219
220 $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' and
221 `to`='".$_SESSION['_config']['notarise']['id']."'";
222 $res = mysql_query($query);
223 if(mysql_num_rows($res) > 0)
224 {
225 show_page("EnterEmail","",_("You are only allowed to Assure someone once!"));
226 exit;
227 }
228 }
229
230 if($oldid == 6)
231 {
232 $iecho= "c";
233 if(!array_key_exists('assertion',$_POST) || $_POST['assertion'] != 1)
234 {
235 show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
236 exit;
237 }
238
239 /* if(!array_key_exists('rules',$_POST) || $_POST['rules'] != 1)
240 {
241 show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
242 exit;
243 }
244 */
245
246 if((!array_key_exists('certify',$_POST) || $_POST['certify'] != 1 ) && $_SESSION['profile']['ttpadmin'] != 1)
247 {
248 show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
249 exit;
250 }
251
252 if($_SESSION['profile']['ttpadmin'] != 1 && $_POST['location'] == "")
253 {
254 show_page("VerifyData","",_("You failed to enter a location of your meeting."));
255 exit;
256 }
257
258 if($_REQUEST['points'] == "")
259 {
260 show_page("VerifyData","",_("You must enter the number of points you wish to allocate to this person."));
261 exit;
262 }
263
264 $query = "select * from `users` where `id`='".$_SESSION['_config']['notarise']['id']."'";
265 $res = mysql_query($query);
266 $row = mysql_fetch_assoc($res);
267 $name = $row['fname']." ".$row['mname']." ".$row['lname']." ".$row['suffix'];
268 if($_SESSION['_config']['wothash'] != md5($name."-".$row['dob']) || $_SESSION['_config']['wothash'] != $_REQUEST['pagehash'])
269 {
270 show_page("VerifyData","",_("Race condition discovered, user altered details during assurance procedure. PLEASE MAKE SURE THE NEW DETAILS BELOW MATCH THE ID DOCUMENTS."));
271 exit;
272 }
273 }
274
275
276 if($oldid == 6)
277 {
278 $max = maxpoints();
279
280 $awarded = $newpoints = intval($_POST['points']);
281 if($newpoints > $max)
282 $newpoints = $awarded = $max;
283 if($newpoints < 0)
284 $newpoints = $awarded = 0;
285
286 $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`";
287 $res = mysql_query($query);
288 $drow = mysql_fetch_assoc($res);
289
290 $_POST['expire'] = 0;
291
292 if(($drow['total'] + $newpoints) > 100 && $max < 100)
293 $newpoints = 100 - $drow['total'];
294 if(($drow['total'] + $newpoints) > $max && $max >= 100)
295 $newpoints = $max - $drow['total'];
296 if($newpoints < 0)
297 $newpoints = 0;
298
299 if(mysql_escape_string(stripslashes($_POST['date'])) == "")
300 $_POST['date'] = date("Y-m-d H:i:s");
301
302 $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' AND
303 `to`='".$_SESSION['_config']['notarise']['id']."' AND
304 `awarded`='$awarded' AND
305 `location`='".mysql_escape_string(stripslashes($_POST['location']))."' AND
306 `date`='".mysql_escape_string(stripslashes($_POST['date']))."'";
307 $res = mysql_query($query);
308 if(mysql_num_rows($res) > 0)
309 {
310 show_page("VerifyEmail","",_("Identical Assurance attempted, will not continue."));
311 exit;
312 }
313 }
314
315 if($oldid == 6)
316 {
317 $query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
318 `to`='".$_SESSION['_config']['notarise']['id']."',
319 `points`='$newpoints', `awarded`='$awarded',
320 `location`='".mysql_escape_string(stripslashes($_POST['location']))."',
321 `date`='".mysql_escape_string(stripslashes($_POST['date']))."',
322 `when`=NOW()";
323 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
324 {
325 $query .= ",\n`method`='Temporary Increase'";
326 $query .= ",\n`expire`=DATE_ADD(NOW(), INTERVAL '".intval($_POST['expire'])."' DAY)";
327 $query .= ",\n`sponsor`='".intval($_POST['sponsor'])."'";
328 } else if($_SESSION['profile']['board'] == 1) {
329 $query .= ",\n`method`='".mysql_escape_string(stripslashes($_POST['method']))."'";
330 } else if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) {
331 $query .= ",\n`method`='Trusted Third Parties'";
332 }
333 mysql_query($query);
334 fix_assurer_flag($_SESSION['_config']['notarise']['id']);
335
336 if($_SESSION['profile']['points'] < 150)
337 {
338 $addpoints = 0;
339 if($_SESSION['profile']['points'] < 149 && $_SESSION['profile']['points'] >= 100)
340 $addpoints = 2;
341 else if($_SESSION['profile']['points'] == 149 && $_SESSION['profile']['points'] >= 100)
342 $addpoints = 1;
343 $query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
344 `to`='".$_SESSION['profile']['id']."',
345 `points`='$addpoints', `awarded`='$addpoints',
346 `location`='".mysql_escape_string(stripslashes($_POST['location']))."',
347 `date`='".mysql_escape_string(stripslashes($_POST['date']))."',
348 `method`='Administrative Increase',
349 `when`=NOW()";
350 mysql_query($query);
351 // No need to fix_assurer_flag here, this should only happen for assurers...
352 $_SESSION['profile']['points'] += $addpoints;
353 }
354
355 $my_translation = L10n::get_translation();
356 L10n::set_translation($_SESSION['_config']['notarise']['language']);
357
358 $body = sprintf(_("You are receiving this email because you have been assured by %s %s (%s)."), $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'])."\n\n";
359 if($_POST['points'] != $newpoints)
360 $body .= sprintf(_("You were issued %s points however the system has rounded this down to %s and you now have %s points in total."), $_POST['points'], $newpoints, ($newpoints + $drow['total']))."\n\n";
361 else
362 $body .= sprintf(_("You were issued %s points and you now have %s points in total."), $newpoints, ($newpoints + $drow['total']))."\n\n";
363
364 if(($drow['total'] + $newpoints) < 100 && ($drow['total'] + $newpoints) >= 50)
365 {
366 $body .= _("You now have over 50 points, and can now have your name added to client certificates, and issue server certificates for up to 2 years.")."\n\n";
367 }
368
369 if(($drow['total'] + $newpoints) >= 100 && $newpoints > 0)
370 {
371 $body .= _("You have at least 100 Assurance Points, if you want to become an assurer try the Assurer Challenge")." ( https://cats.cacert.org )\n\n";
372 $body .= _("To make it easier for others in your area to find you, it's helpful to list yourself as an assurer (this is voluntary), as well as a physical location where you live or work the most. You can flag your account to be listed, and add a comment to the display by going to:")."\n";
373 $body .= "https://www.cacert.org/wot.php?id=8\n\n";
374 $body .= _("You can list your location by going to:")."\n";
375 $body .= "https://www.cacert.org/wot.php?id=13\n\n";
376 }
377
378 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
379 $body .= sprintf(_("Please Note: this is a temporary increase for %s days only. After that time your points will be reduced to 150 points."), intval($_POST['expire']))."\n\n";
380
381 $body .= _("Best regards")."\n";
382 $body .= _("CAcert Support Team");
383
384 sendmail($_SESSION['_config']['notarise']['email'], "[CAcert.org] "._("You've been Assured."), $body, "support@cacert.org", "", "", "CAcert Website");
385
386 L10n::set_translation($my_translation);
387
388 $body = sprintf(_("You are receiving this email because you have assured %s %s (%s)."), $_SESSION['_config']['notarise']['fname'], $_SESSION['_config']['notarise']['lname'], $_SESSION['_config']['notarise']['email'])."\n\n";
389 if($_POST['points'] != $newpoints)
390 $body .= sprintf(_("You issued %s points however the system has rounded this down to %s and they now have %s points in total."), $_POST['points'], $newpoints, ($newpoints + $drow['total']))."\n\n";
391 else
392 $body .= sprintf(_("You issued %s points and they now have %s points in total."), $newpoints, ($newpoints + $drow['total']))."\n\n";
393
394 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
395 $body .= sprintf(_("Please Note: this is a temporary increase for %s days only. After that time their points will be reduced to 150 points."), intval($_POST['expire']))."\n\n";
396 $body .= _("Best regards")."\n";
397 $body .= _("CAcert Support Team");
398
399 sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("You've Assured Another Member."), $body, "support@cacert.org", "", "", "CAcert Support");
400
401 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
402 {
403 $body = sprintf("%s %s (%s) has issued a temporary increase to 200 points for %s %s (%s) for %s days. This action was sponsored by %s %s (%s).", $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'], $_SESSION['_config']['notarise']['fname'], $_SESSION['_config']['notarise']['lname'], $_SESSION['_config']['notarise']['email'], intval($_POST['expire']), $sponsor['fname'], $sponsor['lname'], $sponsor['email'])."\n\n";
404
405 sendmail("cacert-board@lists.cacert.org", "[CAcert.org] Temporary Increase Issued.", $body, "website@cacert.org", "", "", "CAcert Website");
406 }
407
408 showheader(_("My CAcert.org Account!"));
409 echo "<p>"._("Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this.")."</p>";
410 ?><form method="post" action="wot.php">
411 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
412 <tr>
413 <td colspan="2" class="title"><?=_("Assure Someone")?></td>
414 </tr>
415 <tr>
416 <td class="DataTD"><?=_("Email")?>:</td>
417 <td class="DataTD"><input type="text" name="email" id="email" value=""></td>
418 </tr>
419 <tr>
420 <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
421 </tr>
422 </table>
423 <input type="hidden" name="oldid" value="5">
424 </form>
425 <SCRIPT LANGUAGE="JavaScript">
426 //<![CDATA[
427 function my_init()
428 {
429 document.getElementById("email").focus();
430 }
431
432 window.onload = my_init();
433 //]]>
434 </script>
435 <?
436 showfooter();
437 exit;
438 }
439
440 if($oldid == 8)
441 {
442 csrf_check("chgcontact");
443
444 $info = mysql_escape_string(strip_tags(stripslashes($_POST['contactinfo'])));
445 $listme = intval($_POST['listme']);
446 if($listme < 0 || $listme > 1)
447 $listme = 0;
448
449 $_SESSION['profile']['listme'] = $listme;
450 $_SESSION['profile']['contactinfo'] = $info;
451
452 $query = "update `users` set `listme`='$listme',`contactinfo`='$info' where `id`='".$_SESSION['profile']['id']."'";
453 mysql_query($query);
454
455 showheader(_("My CAcert.org Account!"));
456 echo "<p>"._("Your account information has been updated.")."</p>";
457 showfooter();
458 exit;
459 }
460
461 if($oldid == 9 && $_REQUEST['userid'] > 0 && $_SESSION['profile']['id'] > 0)
462 {
463 if($_SESSION['_config']['pagehash'] != $_REQUEST['pageid'])
464 {
465 $oldid=0;
466 $id = 9;
467 show_page("ContactAssurer","",_("It looks like you were trying to contact multiple people, this isn't allowed due to data security reasons."));
468 exit;
469 } else {
470 $body = $_REQUEST['message'];
471 $subject = $_REQUEST['subject'];
472 $userid = intval($_REQUEST['userid']);
473 $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$userid' and `listme`=1"));
474 $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
475 where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0"));
476 if($points > 0)
477 {
478 $my_translation = L10n::get_translation();
479 L10n::set_translation($user['language']);
480
481 $subject = "[CAcert.org] ".sprintf(_("Message from %s"),
482 $_SESSION['profile']['fname']);
483
484 $body = sprintf(_("Hi %s,"), $user['fname'])."\n\n";
485 $body .= sprintf(_("%s %s has sent you a message via the ".
486 "contact an Assurer form on CAcert.org."),
487 $_SESSION['profile']['fname'],
488 $_SESSION['profile']['lname'])."\n\n";
489 $body .= sprintf(_("Subject: %s"), $_REQUEST['subject'])."\n";
490 $body .= _("Message:")."\n";
491 $body .= $_REQUEST['message']."\n\n";
492 $body .= "------------------------------------------------\n\n";
493 $body .= _("Please note, that this is NOT a message on behalf ".
494 "of CAcert but another CAcert community member. If ".
495 "you suspect that the contact form might have been ".
496 "abused, please write to support@cacert.org")."\n\n";
497 $body .= _("Best regards")."\n";
498 $body .= _("Your CAcert Community");
499
500 sendmail($user['email'], $subject, $body,
501 $_SESSION['profile']['email'], //from
502 "", //replyto
503 "", //toname
504 $_SESSION['profile']['fname']." ".
505 $_SESSION['profile']['lname']); //fromname
506
507 L10n::set_translation($my_translation);
508
509 showheader(_("My CAcert.org Account!"));?>
510 <p>
511 <? printf(_("Your email has been sent to %s."), $user['fname']); ?>
512 </p>
513 <p>[ <a href='javascript:history.go(-2)'><?= _("Go Back") ?></a> ]</p>
514 <?
515 showfooter();
516 exit;
517 } else {
518 show_page(0,"",_("Sorry, I was unable to locate that user."));
519 exit;
520 }
521
522 }
523 }
524 if($oldid == 9)
525 {
526 $oldid=0;
527 $id = 9;
528 show_page("ContactAssurer","",_("There was an error and I couldn't proceed"));
529 exit;
530 }
531
532 // showheader(_("My CAcert.org Account!"));
533 // echo "ID now = ".$id."/".$oldid.">>".$iecho;
534 // includeit($id, "wot");
535 // showfooter();
536 show_page ($id,"","");
537 ?>