bug 1173: corrected output, missing s with sprintf
[cacert-devel.git] / www / wot.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */ ?>
18 <?
19 require_once("../includes/loggedin.php");
20 require_once("../includes/lib/l10n.php");
21
22
23 function show_page($target,$message,$error)
24 {
25 showheader(_("My CAcert.org Account!"));
26 if ($error != "")
27 $message=_("ERROR").": ".$error;
28 if ($message != "")
29 echo "<p><font color='orange' size='+1'>".$message."</font></p>";
30
31 switch ($target)
32 {
33 case '0':
34 case 'InfoPage': includeit(0, "wot");
35 break;
36 case '1':
37 case 'ListByCity': includeit(1, "wot");
38 break;
39 case '2':
40 case 'BecomeAssurer': includeit(2, "wot");
41 break;
42 case '3':
43 case 'TrustRules': includeit(3, "wot");
44 break;
45 case '4':
46 case 'ShowTTPInfo': includeit(4, "wot");
47 break;
48 case '5';
49 case 'EnterEmail': includeit(5, "wot");
50 break;
51 case '6':
52 case 'VerifyData': includeit(6, "wot");
53 break;
54 // case '7':
55 // case '???': includeit(7, "wot");
56 // break;
57 case '8':
58 case 'EnterMyInfo': includeit(8, "wot");
59 break;
60 case '9':
61 case 'ContactAssurer': includeit(9, "wot");
62 break;
63 case '10':
64 case 'MyPointsOld': includeit(10, "wot");
65 break;
66 // case '11':
67 // case 'OAInfo': includeit(11, "wot");
68 // break;
69 case '12':
70 case 'SearchAssurer': includeit(12, "wot");
71 break;
72 case '13':
73 case 'EnterMyCity': includeit(13, "wot");
74 break;
75 // case '14':
76 // case 'EnterEmail': includeit(14, "wot");
77 // break;
78 case '15':
79 case 'MyPointsNew': includeit(15, "wot");
80 break;
81 }
82
83 showfooter();
84 }
85
86 function send_reminder()
87 {
88 $body = "";
89 $my_translation = L10n::get_translation();
90
91 $_SESSION['_config']['reminder-lang'] = $_POST['reminder-lang'];
92
93 $reminder_translations[] = $_POST['reminder-lang'];
94 if ( !in_array("en", $reminder_translations, $strict=true) ) {
95 $reminder_translations[] = "en";
96 }
97
98 foreach ($reminder_translations as $translation) {
99 L10n::set_translation($translation);
100
101 $body .= L10n::$translations[$translation].":\n\n";
102 $body .= sprintf(_("This is a short reminder that you filled out forms to become trusted with CAcert.org, and %s has attempted to issue you points. Please create your account at %s as soon as possible and then notify %s so that the points can be issued."), $_SESSION['profile']['fname']." (".$_SESSION['profile']['email'].")", "http://www.cacert.org", $_SESSION['profile']['fname'])."\n\n";
103 $body .= _("Best regards")."\n";
104 $body .= _("CAcert Support Team")."\n\n";
105 }
106
107 L10n::set_translation($reminder_translations[0]); // for the subject
108 sendmail($_POST['email'], "[CAcert.org] "._("Reminder Notice"), $body, $_SESSION['profile']['email'], "", "", $_SESSION['profile']['fname']);
109
110 L10n::set_translation($my_translation);
111
112 $_SESSION['_config']['remindersent'] = 1;
113 $_SESSION['_config']['error'] = _("A reminder notice has been sent.");
114 }
115
116
117
118 loadem("account");
119 if(array_key_exists('date',$_POST) && $_POST['date'] != "")
120 $_SESSION['_config']['date'] = $_POST['date'];
121
122 if(array_key_exists('location',$_POST) && $_POST['location'] != "")
123 $_SESSION['_config']['location'] = $_POST['location'];
124
125 $oldid=array_key_exists('oldid',$_REQUEST)?intval($_REQUEST['oldid']):0;
126
127 if($oldid == 12)
128 $id = $oldid;
129
130 if(($id == 5 || $oldid == 5 || $id == 6 || $oldid == 6))
131 if (!is_assurer($_SESSION['profile']['id']))
132 {
133 show_page ("Exit","",get_assurer_reason($_SESSION['profile']['id']));
134 exit;
135 }
136
137 if($oldid == 6 && intval($_SESSION['_config']['notarise']['id']) <= 0)
138 {
139 show_page ("EnterEmail","",_("Something went wrong. Please enter the email address again"));
140 exit;
141 }
142 if($oldid == 5 && array_key_exists('reminder',$_POST) && $_POST['reminder'] != "")
143 {
144 send_reminder();
145 show_page ("EnterEmail",_("A reminder notice has been sent."),"");
146 exit;
147 }
148
149 if($oldid == 5)
150 {
151 $query = "select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' and `deleted`=0";
152 $res = mysql_query($query);
153 if(mysql_num_rows($res) != 1)
154 {
155 $_SESSION['_config']['noemailfound'] = 1;
156 show_page("EnterEmail","",_("I'm sorry, there was no email matching what you entered in the system. Please double check your information."));
157 exit;
158 } else
159 {
160 $_SESSION['_config']['noemailfound'] = 0;
161 $_SESSION['_config']['notarise'] = mysql_fetch_assoc($res);
162 if ($_SESSION['_config']['notarise']['verified'] == 0)
163 {
164 show_page("EnterEmail","",_("User is not yet verified. Please try again in 24 hours!"));
165 exit;
166 }
167 }
168 $query = "select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' and `locked`=1";
169 $res = mysql_query($query);
170 if(mysql_num_rows($res) >= 1)
171 {
172 $_SESSION['_config']['noemailfound'] = 0;
173 show_page("EnterEmail","",_("This account is locked and can not be assured. For more information ask support@cacert.org."));
174 exit;
175 }
176 }
177
178 if($oldid == 5 || $oldid == 6)
179 {
180 $id=6;
181 // $oldid=0;
182 if(array_key_exists('cancel',$_REQUEST) && $_REQUEST['cancel'] != "")
183 {
184 show_page("EnterEmail","","");
185 exit;
186 }
187 if($_SESSION['_config']['notarise']['id'] == $_SESSION['profile']['id'])
188 {
189 show_page("EnterEmail","",_("You are never allowed to Assure yourself!"));
190 exit;
191 }
192
193 $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' and
194 `to`='".$_SESSION['_config']['notarise']['id']."'";
195 $res = mysql_query($query);
196 if(mysql_num_rows($res) > 0)
197 {
198 show_page("EnterEmail","",_("You are only allowed to Assure someone once!"));
199 exit;
200 }
201 }
202
203 if($oldid == 6)
204 {
205 $iecho= "c";
206 if(!array_key_exists('assertion',$_POST) || $_POST['assertion'] != 1)
207 {
208 show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
209 exit;
210 }
211
212 /* if(!array_key_exists('rules',$_POST) || $_POST['rules'] != 1)
213 {
214 show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
215 exit;
216 }
217 */
218
219 if((!array_key_exists('certify',$_POST) || $_POST['certify'] != 1 ) && $_SESSION['profile']['ttpadmin'] != 1)
220 {
221 show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
222 exit;
223 }
224
225 if($_SESSION['profile']['ttpadmin'] != 1 && $_POST['location'] == "")
226 {
227 show_page("VerifyData","",_("You failed to enter a location of your meeting."));
228 exit;
229 }
230
231 if($_REQUEST['points'] == "")
232 {
233 show_page("VerifyData","",_("You must enter the number of points you wish to allocate to this person."));
234 exit;
235 }
236
237 $query = "select * from `users` where `id`='".$_SESSION['_config']['notarise']['id']."'";
238 $res = mysql_query($query);
239 $row = mysql_fetch_assoc($res);
240 $name = $row['fname']." ".$row['mname']." ".$row['lname']." ".$row['suffix'];
241 if($_SESSION['_config']['wothash'] != md5($name."-".$row['dob']) || $_SESSION['_config']['wothash'] != $_REQUEST['pagehash'])
242 {
243 show_page("VerifyData","",_("Race condition discovered, user altered details during assurance procedure. PLEASE MAKE SURE THE NEW DETAILS BELOW MATCH THE ID DOCUMENTS."));
244 exit;
245 }
246 }
247
248
249 if($oldid == 6)
250 {
251 $max = maxpoints();
252
253 $awarded = $newpoints = intval($_POST['points']);
254 if($newpoints > $max)
255 $newpoints = $awarded = $max;
256 if($newpoints < 0)
257 $newpoints = $awarded = 0;
258
259 $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`";
260 $res = mysql_query($query);
261 $drow = mysql_fetch_assoc($res);
262
263 $_POST['expire'] = 0;
264
265 if(($drow['total'] + $newpoints) > 100 && $max < 100)
266 $newpoints = 100 - $drow['total'];
267 if(($drow['total'] + $newpoints) > $max && $max >= 100)
268 $newpoints = $max - $drow['total'];
269 if($newpoints < 0)
270 $newpoints = 0;
271
272 if(mysql_escape_string(stripslashes($_POST['date'])) == "")
273 $_POST['date'] = date("Y-m-d H:i:s");
274
275 $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' AND
276 `to`='".$_SESSION['_config']['notarise']['id']."' AND
277 `awarded`='$awarded' AND
278 `location`='".mysql_escape_string(stripslashes($_POST['location']))."' AND
279 `date`='".mysql_escape_string(stripslashes($_POST['date']))."'";
280 $res = mysql_query($query);
281 if(mysql_num_rows($res) > 0)
282 {
283 show_page("VerifyEmail","",_("Identical Assurance attempted, will not continue."));
284 exit;
285 }
286 }
287
288 if($oldid == 6)
289 {
290 $query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
291 `to`='".$_SESSION['_config']['notarise']['id']."',
292 `points`='$newpoints', `awarded`='$awarded',
293 `location`='".mysql_escape_string(stripslashes($_POST['location']))."',
294 `date`='".mysql_escape_string(stripslashes($_POST['date']))."',
295 `when`=NOW()";
296 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
297 {
298 $query .= ",\n`method`='Temporary Increase'";
299 $query .= ",\n`expire`=DATE_ADD(NOW(), INTERVAL '".intval($_POST['expire'])."' DAY)";
300 $query .= ",\n`sponsor`='".intval($_POST['sponsor'])."'";
301 } else if($_SESSION['profile']['board'] == 1) {
302 $query .= ",\n`method`='".mysql_escape_string(stripslashes($_POST['method']))."'";
303 } else if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) {
304 $query .= ",\n`method`='TTP-Assisted'";
305 }
306 mysql_query($query);
307 fix_assurer_flag($_SESSION['_config']['notarise']['id']);
308
309 if($_SESSION['profile']['points'] < 150)
310 {
311 $addpoints = 0;
312 if($_SESSION['profile']['points'] < 149 && $_SESSION['profile']['points'] >= 100)
313 $addpoints = 2;
314 else if($_SESSION['profile']['points'] == 149 && $_SESSION['profile']['points'] >= 100)
315 $addpoints = 1;
316 $query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
317 `to`='".$_SESSION['profile']['id']."',
318 `points`='$addpoints', `awarded`='$addpoints',
319 `location`='".mysql_escape_string(stripslashes($_POST['location']))."',
320 `date`='".mysql_escape_string(stripslashes($_POST['date']))."',
321 `method`='Administrative Increase',
322 `when`=NOW()";
323 mysql_query($query);
324 // No need to fix_assurer_flag here, this should only happen for assurers...
325 $_SESSION['profile']['points'] += $addpoints;
326 }
327
328 $my_translation = L10n::get_translation();
329 L10n::set_translation($_SESSION['_config']['notarise']['language']);
330
331 $body = sprintf(_("You are receiving this email because you have been assured by %s %s (%s)."), $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'])."\n\n";
332 if($_POST['points'] != $newpoints)
333 $body .= sprintf(_("You were issued %s points however the system has rounded this down to %s and you now have %s points in total."), $_POST['points'], $newpoints, ($newpoints + $drow['total']))."\n\n";
334 else
335 $body .= sprintf(_("You were issued %s points and you now have %s points in total."), $newpoints, ($newpoints + $drow['total']))."\n\n";
336
337 if(($drow['total'] + $newpoints) < 100 && ($drow['total'] + $newpoints) >= 50)
338 {
339 $body .= _("You now have over 50 points, and can now have your name added to client certificates, and issue server certificates for up to 2 years.")."\n\n";
340 }
341
342 if(($drow['total'] + $newpoints) >= 100 && $newpoints > 0)
343 {
344 $body .= _("You have at least 100 Assurance Points. If you want ".
345 "to become an assurer try the Assurer Challenge").
346 " ( https://cats.cacert.org ).\n\n";
347 $body .= _("To make it easier for others in your area to find ".
348 "you, it's helpful to list yourself as an assurer (this ".
349 "is voluntary), as well as a physical location where you ".
350 "live or work the most. You can flag your account to be ".
351 "listed, and add a comment to the display by going to:")."\n";
352 $body .= "https://www.cacert.org/wot.php?id=8\n\n";
353 $body .= _("You can list your location by going to:")."\n";
354 $body .= "https://www.cacert.org/wot.php?id=13\n\n";
355 }
356
357 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
358 $body .= sprintf(_("Please Note: this is a temporary increase for %s days only. After that time your points will be reduced to 150 points."), intval($_POST['expire']))."\n\n";
359
360 $body .= _("Best regards")."\n";
361 $body .= _("CAcert Support Team");
362
363 sendmail($_SESSION['_config']['notarise']['email'], "[CAcert.org] "._("You've been Assured."), $body, "support@cacert.org", "", "", "CAcert Website");
364
365 L10n::set_translation($my_translation);
366
367 $body = sprintf(_("You are receiving this email because you have assured %s %s (%s)."), $_SESSION['_config']['notarise']['fname'], $_SESSION['_config']['notarise']['lname'], $_SESSION['_config']['notarise']['email'])."\n\n";
368 if($_POST['points'] != $newpoints)
369 $body .= sprintf(_("You issued %s points however the system has rounded this down to %s and they now have %s points in total."), $_POST['points'], $newpoints, ($newpoints + $drow['total']))."\n\n";
370 else
371 $body .= sprintf(_("You issued %s points and they now have %s points in total."), $newpoints, ($newpoints + $drow['total']))."\n\n";
372
373 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
374 $body .= sprintf(_("Please Note: this is a temporary increase for %s days only. After that time their points will be reduced to 150 points."), intval($_POST['expire']))."\n\n";
375 $body .= _("Best regards")."\n";
376 $body .= _("CAcert Support Team");
377
378 sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("You've Assured Another Member."), $body, "support@cacert.org", "", "", "CAcert Support");
379
380 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
381 {
382 $body = sprintf("%s %s (%s) has issued a temporary increase to 200 points for %s %s (%s) for %s days. This action was sponsored by %s %s (%s).", $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'], $_SESSION['_config']['notarise']['fname'], $_SESSION['_config']['notarise']['lname'], $_SESSION['_config']['notarise']['email'], intval($_POST['expire']), $sponsor['fname'], $sponsor['lname'], $sponsor['email'])."\n\n";
383
384 sendmail("cacert-board@lists.cacert.org", "[CAcert.org] Temporary Increase Issued.", $body, "website@cacert.org", "", "", "CAcert Website");
385 }
386
387 showheader(_("My CAcert.org Account!"));
388 echo "<p>"._("Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this.")."</p>";
389 ?><form method="post" action="wot.php">
390 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
391 <tr>
392 <td colspan="2" class="title"><?=_("Assure Someone")?></td>
393 </tr>
394 <tr>
395 <td class="DataTD"><?=_("Email")?>:</td>
396 <td class="DataTD"><input type="text" name="email" id="email" value=""></td>
397 </tr>
398 <tr>
399 <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
400 </tr>
401 </table>
402 <input type="hidden" name="oldid" value="5">
403 </form>
404 <SCRIPT LANGUAGE="JavaScript">
405 //<![CDATA[
406 function my_init()
407 {
408 document.getElementById("email").focus();
409 }
410
411 window.onload = my_init();
412 //]]>
413 </script>
414 <?
415 showfooter();
416 exit;
417 }
418
419 if($oldid == 8)
420 {
421 csrf_check("chgcontact");
422
423 $info = mysql_escape_string(strip_tags(stripslashes($_POST['contactinfo'])));
424 $listme = intval($_POST['listme']);
425 if($listme < 0 || $listme > 1)
426 $listme = 0;
427
428 $_SESSION['profile']['listme'] = $listme;
429 $_SESSION['profile']['contactinfo'] = $info;
430
431 $query = "update `users` set `listme`='$listme',`contactinfo`='$info' where `id`='".$_SESSION['profile']['id']."'";
432 mysql_query($query);
433
434 showheader(_("My CAcert.org Account!"));
435 echo "<p>"._("Your account information has been updated.")."</p>";
436 showfooter();
437 exit;
438 }
439
440 if($oldid == 9 && $_REQUEST['userid'] > 0 && $_SESSION['profile']['id'] > 0)
441 {
442 if($_SESSION['_config']['pagehash'] != $_REQUEST['pageid'])
443 {
444 $oldid=0;
445 $id = 9;
446 show_page("ContactAssurer","",_("It looks like you were trying to contact multiple people, this isn't allowed due to data security reasons."));
447 exit;
448 } else {
449 $body = $_REQUEST['message'];
450 $subject = $_REQUEST['subject'];
451 $userid = intval($_REQUEST['userid']);
452 $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$userid' and `listme`=1"));
453 $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
454 where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0"));
455 if($points > 0)
456 {
457 $my_translation = L10n::get_translation();
458 L10n::set_translation($user['language']);
459
460 $subject = "[CAcert.org] ".sprintf(_("Message from %s"),
461 $_SESSION['profile']['fname']);
462
463 $body = sprintf(_("Hi %s,"), $user['fname'])."\n\n";
464 $body .= sprintf(_("%s %s has sent you a message via the ".
465 "contact an Assurer form on CAcert.org."),
466 $_SESSION['profile']['fname'],
467 $_SESSION['profile']['lname'])."\n\n";
468 $body .= sprintf(_("Subject: %s"), $_REQUEST['subject'])."\n";
469 $body .= _("Message:")."\n";
470 $body .= $_REQUEST['message']."\n\n";
471 $body .= "------------------------------------------------\n\n";
472 $body .= _("Please note, that this is NOT a message on behalf ".
473 "of CAcert but another CAcert community member. If ".
474 "you suspect that the contact form might have been ".
475 "abused, please write to support@cacert.org")."\n\n";
476 $body .= _("Best regards")."\n";
477 $body .= _("Your CAcert Community");
478
479 sendmail($user['email'], $subject, $body,
480 $_SESSION['profile']['email'], //from
481 "", //replyto
482 "", //toname
483 $_SESSION['profile']['fname']." ".
484 $_SESSION['profile']['lname']); //fromname
485
486 L10n::set_translation($my_translation);
487
488 showheader(_("My CAcert.org Account!"));?>
489 <p>
490 <? printf(_("Your email has been sent to %s."), $user['fname']); ?>
491 </p>
492 <p>[ <a href='javascript:history.go(-2)'><?= _("Go Back") ?></a> ]</p>
493 <?
494 showfooter();
495 exit;
496 } else {
497 show_page(0,"",_("Sorry, I was unable to locate that user."));
498 exit;
499 }
500
501 }
502 }
503 if($oldid == 9)
504 {
505 $oldid=0;
506 $id = 9;
507 show_page("ContactAssurer","",_("There was an error and I couldn't proceed"));
508 exit;
509 }
510
511 // showheader(_("My CAcert.org Account!"));
512 // echo "ID now = ".$id."/".$oldid.">>".$iecho;
513 // includeit($id, "wot");
514 // showfooter();
515 show_page ($id,"","");
516 ?>