bug 1221: make formatting consistent with the surrounding code
[cacert-devel.git] / www / wot.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */ ?>
18 <?
19 require_once("../includes/loggedin.php");
20 require_once("../includes/lib/l10n.php");
21 require_once("../includes/notary.inc.php");
22
23
24
25 function show_page($target,$message,$error)
26 {
27 showheader(_("My CAcert.org Account!"));
28 if ($error != "")
29 $message=_("ERROR").": ".$error;
30 if ($message != "")
31 echo "<p><font color='orange' size='+1'>".$message."</font></p>";
32
33 switch ($target)
34 {
35 case '0':
36 case 'InfoPage': includeit(0, "wot");
37 break;
38 case '1':
39 case 'ListByCity': includeit(1, "wot");
40 break;
41 case '2':
42 case 'BecomeAssurer': includeit(2, "wot");
43 break;
44 case '3':
45 case 'TrustRules': includeit(3, "wot");
46 break;
47 case '4':
48 case 'ShowTTPInfo': includeit(4, "wot");
49 break;
50 case '5';
51 case 'EnterEmail': includeit(5, "wot");
52 break;
53 case '6':
54 case 'VerifyData': includeit(6, "wot");
55 break;
56 // case '7':
57 // case '???': includeit(7, "wot");
58 // break;
59 case '8':
60 case 'EnterMyInfo': includeit(8, "wot");
61 break;
62 case '9':
63 case 'ContactAssurer': includeit(9, "wot");
64 break;
65 case '10':
66 case 'MyPointsOld': includeit(10, "wot");
67 break;
68 // case '11':
69 // case 'OAInfo': includeit(11, "wot");
70 // break;
71 case '12':
72 case 'SearchAssurer': includeit(12, "wot");
73 break;
74 case '13':
75 case 'EnterMyCity': includeit(13, "wot");
76 break;
77 // case '14':
78 // case 'EnterEmail': includeit(14, "wot");
79 // break;
80 case '15':
81 case 'MyPointsNew': includeit(15, "wot");
82 break;
83 }
84
85 showfooter();
86 }
87
88 function send_reminder()
89 {
90 $body = "";
91 $my_translation = L10n::get_translation();
92
93 $_SESSION['_config']['reminder-lang'] = $_POST['reminder-lang'];
94
95 $reminder_translations[] = $_POST['reminder-lang'];
96 if ( !in_array("en", $reminder_translations, $strict=true) ) {
97 $reminder_translations[] = "en";
98 }
99
100 foreach ($reminder_translations as $translation) {
101 L10n::set_translation($translation);
102
103 $body .= L10n::$translations[$translation].":\n\n";
104 $body .= sprintf(_("This is a short reminder that you filled out forms to become trusted with CAcert.org, and %s has attempted to issue you points. Please create your account at %s as soon as possible and then notify %s so that the points can be issued."), $_SESSION['profile']['fname']." (".$_SESSION['profile']['email'].")", "http://www.cacert.org", $_SESSION['profile']['fname'])."\n\n";
105 $body .= _("Best regards")."\n";
106 $body .= _("CAcert Support Team")."\n\n";
107 }
108
109 L10n::set_translation($reminder_translations[0]); // for the subject
110 sendmail($_POST['email'], "[CAcert.org] "._("Reminder Notice"), $body, $_SESSION['profile']['email'], "", "", $_SESSION['profile']['fname']);
111
112 L10n::set_translation($my_translation);
113
114 $_SESSION['_config']['remindersent'] = 1;
115 $_SESSION['_config']['error'] = _("A reminder notice has been sent.");
116 }
117
118 loadem("account");
119 if(array_key_exists('date',$_POST) && $_POST['date'] != "")
120 $_SESSION['_config']['date'] = $_POST['date'];
121
122 if(array_key_exists('location',$_POST) && $_POST['location'] != "")
123 $_SESSION['_config']['location'] = $_POST['location'];
124
125 $oldid=array_key_exists('oldid',$_REQUEST)?intval($_REQUEST['oldid']):0;
126
127 if($oldid == 12)
128 $id = $oldid;
129
130 if($oldid == 4)
131 {
132 if ($_POST['ttp']!='') {
133 //This mail does not need to be translated
134 $body = "Hi TTP adminstrators,\n\n";
135 $body .= "User ".$_SESSION['profile']['fname']." ".
136 $_SESSION['profile']['lname']." with email address '".
137 $_SESSION['profile']['email']."' is requesting a TTP assurances for ".
138 mysql_escape_string(stripslashes($_POST['country'])).".\n\n";
139 if ($_POST['ttptopup']=='1') {
140 $body .= "The user is also requesting TTP TOPUP.\n\n";
141 }else{
142 $body .= "The user is NOT requesting TTP TOPUP.\n\n";
143 }
144 $body .= "The user received ".intval($_SESSION['profile']['points'])." assurance points up to today.\n\n";
145 $body .= "Please start the TTP assurance process.";
146 sendmail("support@cacert.org", "[CAcert.org] TTP request.", $body, "support@cacert.org", "", "", "CAcert Website");
147
148 //This mail needs to be translated
149 $body =_("You are receiving this email because you asked for TTP assurance.")."\n\n";
150 if ($_POST['ttptopup']=='1') {
151 $body .=_("You are requesting TTP TOPUP.")."\n\n";
152 }else{
153 $body .=_("You are NOT requesting TTP TOPUP.")."\n\n";
154 }
155 $body .= _("Best regards")."\n";
156 $body .= _("CAcert Support Team");
157
158 sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("You requested TTP assurances"), $body, "support@cacert.org", "", "", "CAcert Support");
159
160 }
161
162 }
163
164 if(($id == 5 || $oldid == 5 || $id == 6 || $oldid == 6))
165 if (!is_assurer($_SESSION['profile']['id']))
166 {
167 show_page ("Exit","",get_assurer_reason($_SESSION['profile']['id']));
168 exit;
169 }
170
171 if($oldid == 6 && intval($_SESSION['_config']['notarise']['id']) <= 0)
172 {
173 show_page ("EnterEmail","",_("Something went wrong. Please enter the email address again"));
174 exit;
175 }
176 if($oldid == 5 && array_key_exists('reminder',$_POST) && $_POST['reminder'] != "")
177 {
178 send_reminder();
179 show_page ("EnterEmail",_("A reminder notice has been sent."),"");
180 exit;
181 }
182
183 if($oldid == 5)
184 {
185 $query = "select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' and `deleted`=0";
186 $res = mysql_query($query);
187 if(mysql_num_rows($res) != 1)
188 {
189 $_SESSION['_config']['noemailfound'] = 1;
190 show_page("EnterEmail","",_("I'm sorry, there was no email matching what you entered in the system. Please double check your information."));
191 exit;
192 } else
193 {
194 $_SESSION['_config']['noemailfound'] = 0;
195 $_SESSION['_config']['notarise'] = mysql_fetch_assoc($res);
196 if ($_SESSION['_config']['notarise']['verified'] == 0)
197 {
198 show_page("EnterEmail","",_("User is not yet verified. Please try again in 24 hours!"));
199 exit;
200 }
201 }
202 $query = "select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' and `locked`=1";
203 $res = mysql_query($query);
204 if(mysql_num_rows($res) >= 1)
205 {
206 $_SESSION['_config']['noemailfound'] = 0;
207 show_page("EnterEmail","",_("This account is locked and can not be assured. For more information ask support@cacert.org."));
208 exit;
209 }
210 }
211
212 if($oldid == 5 || $oldid == 6)
213 {
214 $id=6;
215 // $oldid=0;
216 if(array_key_exists('cancel',$_REQUEST) && $_REQUEST['cancel'] != "")
217 {
218 show_page("EnterEmail","","");
219 exit;
220 }
221 if($_SESSION['_config']['notarise']['id'] == $_SESSION['profile']['id'])
222 {
223 show_page("EnterEmail","",_("You are never allowed to Assure yourself!"));
224 exit;
225 }
226
227 $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' and
228 `to`='".$_SESSION['_config']['notarise']['id']."' and `deleted` = 0";
229 $res = mysql_query($query);
230 if(mysql_num_rows($res) > 0)
231 {
232 show_page("EnterEmail","",_("You are only allowed to Assure someone once!"));
233 exit;
234 }
235 }
236
237 if($oldid == 6)
238 {
239 $iecho= "c";
240 //date checks
241 if(trim($_REQUEST['date']) == '')
242 {
243 show_page("VerifyData","",_("You must enter the date when you met the assuree."));
244 exit;
245 }
246
247 if(!check_date_format(trim($_REQUEST['date'])))
248 {
249 show_page("VerifyData","",_("You must enter the date in this format: YYYY-MM-DD."));
250 exit;
251 }
252
253 if(!check_date_difference(trim($_REQUEST['date'])))
254 {
255 show_page("VerifyData","",_("You must not enter a date in the future."));
256 exit;
257 }
258
259 //proof of identity check and accept arbitration, implements CCA
260 if(!array_key_exists('assertion',$_POST) || $_POST['assertion'] != 1)
261 {
262 show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
263 exit;
264 }
265
266 //proof of CCA agreement by assuree after 2010-01-01
267 if((!array_key_exists('CCAAgreed',$_POST) || $_POST['CCAAgreed'] != 1) and (check_date_format(trim($_REQUEST['date']),2010)))
268 {
269 show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
270 exit;
271 }
272
273 //assurance done according to rules
274 if(!array_key_exists('rules',$_POST) || $_POST['rules'] != 1)
275 {
276 show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
277 exit;
278 }
279
280 //met assuree in person, not appliciable for TTP / TTP Topup assurances
281 if((!array_key_exists('certify',$_POST) || $_POST['certify'] != 1 ) && $_REQUEST['method'] != "Trusted 3rd Parties")
282 {
283 show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
284 exit;
285 }
286
287 //check location, min 3 characters
288 if(!array_key_exists('location',$_POST) || trim($_POST['location']) == "")
289 {
290 show_page("VerifyData","",_("You failed to enter a location of your meeting."));
291 exit;
292 }
293
294 if(strlen(trim($_REQUEST['location']))<=2)
295 {
296 show_page("VerifyData","",_("You must enter a location with at least 3 characters eg town and country."));
297 exit;
298 }
299
300 //check for points in range 0-35, for nucleus 35 + 15 temporary
301 if($_REQUEST['points'] == "" || !is_numeric($_REQUEST['points']))
302 {
303 show_page("VerifyData","",_("You must enter the number of points you wish to allocate to this person."));
304 exit;
305 }
306
307 if($_REQUEST['points'] <0 || ($_REQUEST['points']>35))
308 {
309 show_page("VerifyData","",_("The number of points you entered are out of the range given by policy."));
310 exit;
311 }
312
313 $query = "select * from `users` where `id`='".$_SESSION['_config']['notarise']['id']."'";
314 $res = mysql_query($query);
315 $row = mysql_fetch_assoc($res);
316 $name = $row['fname']." ".$row['mname']." ".$row['lname']." ".$row['suffix'];
317 if($_SESSION['_config']['wothash'] != md5($name."-".$row['dob']) || $_SESSION['_config']['wothash'] != $_REQUEST['pagehash'])
318 {
319 show_page("VerifyData","",_("Race condition discovered, user altered details during assurance procedure. PLEASE MAKE SURE THE NEW DETAILS BELOW MATCH THE ID DOCUMENTS."));
320 exit;
321 }
322 }
323
324
325 if($oldid == 6)
326 {
327 $max = maxpoints();
328
329 $awarded = $newpoints = intval($_POST['points']);
330 if($newpoints > $max)
331 $newpoints = $awarded = $max;
332 if($newpoints < 0)
333 $newpoints = $awarded = 0;
334
335 $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' and `deleted` = 0 group by `to`";
336 $res = mysql_query($query);
337 $drow = mysql_fetch_assoc($res);
338
339 $_POST['expire'] = 0;
340
341 if(($drow['total'] + $newpoints) > 100 && $max < 100)
342 $newpoints = 100 - $drow['total'];
343 if(($drow['total'] + $newpoints) > $max && $max >= 100)
344 $newpoints = $max - $drow['total'];
345 if($newpoints < 0)
346 $newpoints = 0;
347
348 if(mysql_escape_string(stripslashes($_POST['date'])) == "")
349 $_POST['date'] = date("Y-m-d H:i:s");
350
351 $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' AND
352 `to`='".$_SESSION['_config']['notarise']['id']."' AND
353 `awarded`='$awarded' AND
354 `location`='".mysql_escape_string(stripslashes($_POST['location']))."' AND
355 `date`='".mysql_escape_string(stripslashes($_POST['date']))."' AND
356 `deleted`=0";
357 $res = mysql_query($query);
358 if(mysql_num_rows($res) > 0)
359 {
360 show_page("VerifyEmail","",_("Identical Assurance attempted, will not continue."));
361 exit;
362 }
363 }
364
365 if($oldid == 6)
366 {
367 $query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
368 `to`='".$_SESSION['_config']['notarise']['id']."',
369 `points`='$newpoints', `awarded`='$awarded',
370 `location`='".mysql_escape_string(stripslashes($_POST['location']))."',
371 `date`='".mysql_escape_string(stripslashes($_POST['date']))."',
372 `when`=NOW()";
373 //record active acceptance by Assurer
374 if (check_date_format(trim($_REQUEST['date']),2010)) {
375 write_user_agreement($_SESSION['profile']['id'], "CCA", "Assurance", "Assurer", 1, $_SESSION['_config']['notarise']['id']);
376 }
377 if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) {
378 $query .= ",\n`method`='TTP-Assisted'";
379 }
380 mysql_query($query);
381 fix_assurer_flag($_SESSION['_config']['notarise']['id']);
382 include_once("../includes/notary.inc.php");
383 /*to be activated after CCA accept option is implemented in form
384 write_user_agreement($_SESSION['profile']['id'], "CCA", "assurance", "Assuring", 1, $_SESSION['_config']['notarise']['id']);}*/
385 /* to be activated after the CCA recording is announced
386 write_user_agreement($_SESSION['_config']['notarise']['id'], "CCA", "assurance", "Being assured", 0, $_SESSION['profile']['id']); */
387
388 if($_SESSION['profile']['points'] < 150)
389 {
390 $addpoints = 0;
391 if($_SESSION['profile']['points'] < 149 && $_SESSION['profile']['points'] >= 100)
392 $addpoints = 2;
393 else if($_SESSION['profile']['points'] == 149 && $_SESSION['profile']['points'] >= 100)
394 $addpoints = 1;
395 $query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
396 `to`='".$_SESSION['profile']['id']."',
397 `points`='$addpoints', `awarded`='$addpoints',
398 `location`='".mysql_escape_string(stripslashes($_POST['location']))."',
399 `date`='".mysql_escape_string(stripslashes($_POST['date']))."',
400 `method`='Administrative Increase',
401 `when`=NOW()";
402 mysql_query($query);
403
404 // No need to fix_assurer_flag here, this should only happen for assurers...
405 $_SESSION['profile']['points'] += $addpoints;
406 }
407
408 $my_translation = L10n::get_translation();
409 L10n::set_translation($_SESSION['_config']['notarise']['language']);
410
411 $body = sprintf(_("You are receiving this email because you have been assured by %s %s (%s)."), $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'])."\n\n";
412 if($_POST['points'] != $newpoints)
413 $body .= sprintf(_("You were issued %s points however the system has rounded this down to %s and you now have %s points in total."), $_POST['points'], $newpoints, ($newpoints + $drow['total']))."\n\n";
414 else
415 $body .= sprintf(_("You were issued %s points and you now have %s points in total."), $newpoints, ($newpoints + $drow['total']))."\n\n";
416
417 if(($drow['total'] + $newpoints) < 100 && ($drow['total'] + $newpoints) >= 50)
418 {
419 $body .= _("You now have over 50 points, and can now have your name added to client certificates, and issue server certificates for up to 2 years.")."\n\n";
420 }
421
422 if(($drow['total'] + $newpoints) >= 100 && $newpoints > 0)
423 {
424 $body .= _("You have at least 100 Assurance Points, if you want to become an assurer try the Assurer Challenge")." ( https://cats.cacert.org )\n\n";
425 $body .= _("To make it easier for others in your area to find you, it's helpful to list yourself as an assurer (this is voluntary), as well as a physical location where you live or work the most. You can flag your account to be listed, and add a comment to the display by going to:")."\n";
426 $body .= "https://www.cacert.org/wot.php?id=8\n\n";
427 $body .= _("You can list your location by going to:")."\n";
428 $body .= "https://www.cacert.org/wot.php?id=13\n\n";
429 }
430
431 $body .= _("Best regards")."\n";
432 $body .= _("CAcert Support Team");
433
434 sendmail($_SESSION['_config']['notarise']['email'], "[CAcert.org] "._("You've been Assured."), $body, "support@cacert.org", "", "", "CAcert Website");
435
436 L10n::set_translation($my_translation);
437
438 $body = sprintf(_("You are receiving this email because you have assured %s %s (%s)."), $_SESSION['_config']['notarise']['fname'], $_SESSION['_config']['notarise']['lname'], $_SESSION['_config']['notarise']['email'])."\n\n";
439 if($_POST['points'] != $newpoints)
440 $body .= sprintf(_("You issued %s points however the system has rounded this down to %s and they now have %s points in total."), $_POST['points'], $newpoints, ($newpoints + $drow['total']))."\n\n";
441 else
442 $body .= sprintf(_("You issued %s points and they now have %s points in total."), $newpoints, ($newpoints + $drow['total']))."\n\n";
443
444 $body .= _("Best regards")."\n";
445 $body .= _("CAcert Support Team");
446
447 sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("You've Assured Another Member."), $body, "support@cacert.org", "", "", "CAcert Support");
448
449 showheader(_("My CAcert.org Account!"));
450 echo "<p>"._("Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this.")."</p>";
451 ?><form method="post" action="wot.php">
452 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
453 <tr>
454 <td colspan="2" class="title"><?=_("Assure Someone")?></td>
455 </tr>
456 <tr>
457 <td class="DataTD"><?=_("Email")?>:</td>
458 <td class="DataTD"><input type="text" name="email" id="email" value=""></td>
459 </tr>
460 <tr>
461 <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
462 </tr>
463 </table>
464 <input type="hidden" name="oldid" value="5">
465 </form>
466 <SCRIPT LANGUAGE="JavaScript">
467 //<![CDATA[
468 function my_init()
469 {
470 document.getElementById("email").focus();
471 }
472
473 window.onload = my_init();
474 //]]>
475 </script>
476 <?
477 showfooter();
478 exit;
479 }
480
481 if($oldid == 8)
482 {
483 csrf_check("chgcontact");
484
485 $info = mysql_escape_string(strip_tags(stripslashes($_POST['contactinfo'])));
486 $listme = intval($_POST['listme']);
487 if($listme < 0 || $listme > 1)
488 $listme = 0;
489
490 $_SESSION['profile']['listme'] = $listme;
491 $_SESSION['profile']['contactinfo'] = $info;
492
493 $query = "update `users` set `listme`='$listme',`contactinfo`='$info' where `id`='".$_SESSION['profile']['id']."'";
494 mysql_query($query);
495
496 showheader(_("My CAcert.org Account!"));
497 echo "<p>"._("Your account information has been updated.")."</p>";
498 showfooter();
499 exit;
500 }
501
502 if($oldid == 9 && $_REQUEST['userid'] > 0 && $_SESSION['profile']['id'] > 0)
503 {
504 if($_SESSION['_config']['pagehash'] != $_REQUEST['pageid'])
505 {
506 $oldid=0;
507 $id = 9;
508 show_page("ContactAssurer","",_("It looks like you were trying to contact multiple people, this isn't allowed due to data security reasons."));
509 exit;
510 } else {
511 $body = $_REQUEST['message'];
512 $subject = $_REQUEST['subject'];
513 $userid = intval($_REQUEST['userid']);
514 $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$userid' and `listme`=1"));
515 $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
516 where `to`='".$user['id']."' and `deleted` = 0 group by `to` HAVING SUM(`points`) > 0"));
517 if($points > 0)
518 {
519 $my_translation = L10n::get_translation();
520 L10n::set_translation($user['language']);
521
522 $subject = "[CAcert.org] ".sprintf(_("Message from %s"),
523 $_SESSION['profile']['fname']);
524
525 $body = sprintf(_("Hi %s,"), $user['fname'])."\n\n";
526 $body .= sprintf(_("%s %s has sent you a message via the ".
527 "contact an Assurer form on CAcert.org."),
528 $_SESSION['profile']['fname'],
529 $_SESSION['profile']['lname'])."\n\n";
530 $body .= sprintf(_("Subject: %s"), $_REQUEST['subject'])."\n";
531 $body .= _("Message:")."\n";
532 $body .= $_REQUEST['message']."\n\n";
533 $body .= "------------------------------------------------\n\n";
534 $body .= _("Please note, that this is NOT a message on behalf ".
535 "of CAcert but another CAcert community member. If ".
536 "you suspect that the contact form might have been ".
537 "abused, please write to support@cacert.org")."\n\n";
538 $body .= _("Best regards")."\n";
539 $body .= _("Your CAcert Community");
540
541 sendmail($user['email'], $subject, $body,
542 $_SESSION['profile']['email'], //from
543 "", //replyto
544 "", //toname
545 $_SESSION['profile']['fname']." ".
546 $_SESSION['profile']['lname']); //fromname
547
548 L10n::set_translation($my_translation);
549
550 showheader(_("My CAcert.org Account!"));?>
551 <p>
552 <? printf(_("Your email has been sent to %s."), $user['fname']); ?>
553 </p>
554 <p>[ <a href='javascript:history.go(-2)'><?= _("Go Back") ?></a> ]</p>
555 <?
556 showfooter();
557 exit;
558 } else {
559 show_page(0,"",_("Sorry, I was unable to locate that user."));
560 exit;
561 }
562
563 }
564 }
565 if($oldid == 9)
566 {
567 $oldid=0;
568 $id = 9;
569 show_page("ContactAssurer","",_("There was an error and I couldn't proceed"));
570 exit;
571 }
572
573 // showheader(_("My CAcert.org Account!"));
574 // echo "ID now = ".$id."/".$oldid.">>".$iecho;
575 // includeit($id, "wot");
576 // showfooter();
577 show_page ($id,"","");
578 ?>