c6c05680d00e1ad8b2474129975da0623dcf316e
[cacert-devel.git] / www / wot.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */ ?>
18 <?
19 require_once("../includes/loggedin.php");
20 require_once("../includes/lib/l10n.php");
21
22
23 function show_page($target,$message,$error)
24 {
25 showheader(_("My CAcert.org Account!"));
26 if ($error != "")
27 $message=_("ERROR").": ".$error;
28 if ($message != "")
29 echo "<p><font color='orange' size='+1'>".$message."</font></p>";
30
31 switch ($target)
32 {
33 case '0':
34 case 'InfoPage': includeit(0, "wot");
35 break;
36 case '1':
37 case 'ListByCity': includeit(1, "wot");
38 break;
39 case '2':
40 case 'BecomeAssurer': includeit(2, "wot");
41 break;
42 case '3':
43 case 'TrustRules': includeit(3, "wot");
44 break;
45 case '4':
46 case 'ShowTTPInfo': includeit(4, "wot");
47 break;
48 case '5';
49 case 'EnterEmail': includeit(5, "wot");
50 break;
51 case '6':
52 case 'VerifyData': includeit(6, "wot");
53 break;
54 // case '7':
55 // case '???': includeit(7, "wot");
56 // break;
57 case '8':
58 case 'EnterMyInfo': includeit(8, "wot");
59 break;
60 case '9':
61 case 'ContactAssurer': includeit(9, "wot");
62 break;
63 case '10':
64 case 'MyPointsOld': includeit(10, "wot");
65 break;
66 // case '11':
67 // case 'OAInfo': includeit(11, "wot");
68 // break;
69 case '12':
70 case 'SearchAssurer': includeit(12, "wot");
71 break;
72 case '13':
73 case 'EnterMyCity': includeit(13, "wot");
74 break;
75 // case '14':
76 // case 'EnterEmail': includeit(14, "wot");
77 // break;
78 case '15':
79 case 'MyPointsNew': includeit(15, "wot");
80 break;
81 }
82
83 showfooter();
84 }
85
86 function send_reminder()
87 {
88 $body = "";
89 $my_translation = L10n::get_translation();
90
91 $_SESSION['_config']['reminder-lang'] = $_POST['reminder-lang'];
92
93 $reminder_translations[] = $_POST['reminder-lang'];
94 if ( !in_array("en", $reminder_translations, $strict=true) ) {
95 $reminder_translations[] = "en";
96 }
97
98 foreach ($reminder_translations as $translation) {
99 L10n::set_translation($translation);
100
101 $body .= L10n::$translations[$translation].":\n\n";
102 $body .= sprintf(_("This is a short reminder that you filled out forms to become trusted with CAcert.org, and %s has attempted to issue you points. Please create your account at %s as soon as possible and then notify %s so that the points can be issued."), $_SESSION['profile']['fname']." (".$_SESSION['profile']['email'].")", "http://www.cacert.org", $_SESSION['profile']['fname'])."\n\n";
103 $body .= _("Best regards")."\n";
104 $body .= _("CAcert Support Team")."\n\n";
105 }
106
107 L10n::set_translation($reminder_translations[0]); // for the subject
108 sendmail($_POST['email'], "[CAcert.org] "._("Reminder Notice"), $body, $_SESSION['profile']['email'], "", "", $_SESSION['profile']['fname']);
109
110 L10n::set_translation($my_translation);
111
112 $_SESSION['_config']['remindersent'] = 1;
113 $_SESSION['_config']['error'] = _("A reminder notice has been sent.");
114 }
115
116
117
118 loadem("account");
119 if(array_key_exists('date',$_POST) && $_POST['date'] != "")
120 $_SESSION['_config']['date'] = $_POST['date'];
121
122 if(array_key_exists('location',$_POST) && $_POST['location'] != "")
123 $_SESSION['_config']['location'] = $_POST['location'];
124
125 $oldid=array_key_exists('oldid',$_REQUEST)?intval($_REQUEST['oldid']):0;
126
127 if($oldid == 12)
128 $id = $oldid;
129
130 if(($id == 5 || $oldid == 5 || $id == 6 || $oldid == 6))
131 if (!is_assurer($_SESSION['profile']['id']))
132 {
133 show_page ("Exit","",get_assurer_reason($_SESSION['profile']['id']));
134 exit;
135 }
136
137 if($oldid == 6 && intval($_SESSION['_config']['notarise']['id']) <= 0)
138 {
139 show_page ("EnterEmail","",_("Something went wrong. Please enter the email address again"));
140 exit;
141 }
142 if($oldid == 5 && array_key_exists('reminder',$_POST) && $_POST['reminder'] != "")
143 {
144 send_reminder();
145 show_page ("EnterEmail",_("A reminder notice has been sent."),"");
146 exit;
147 }
148
149 if($oldid == 5)
150 {
151 $query = "select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' and `deleted`=0";
152 $res = mysql_query($query);
153 if(mysql_num_rows($res) != 1)
154 {
155 $_SESSION['_config']['noemailfound'] = 1;
156 show_page("EnterEmail","",_("I'm sorry, there was no email matching what you entered in the system. Please double check your information."));
157 exit;
158 } else
159 {
160 $_SESSION['_config']['noemailfound'] = 0;
161 $_SESSION['_config']['notarise'] = mysql_fetch_assoc($res);
162 if ($_SESSION['_config']['notarise']['verified'] == 0)
163 {
164 show_page("EnterEmail","",_("User is not yet verified. Please try again in 24 hours!"));
165 exit;
166 }
167 }
168 }
169
170 if($oldid == 5 || $oldid == 6)
171 {
172 $id=6;
173 // $oldid=0;
174 if(array_key_exists('cancel',$_REQUEST) && $_REQUEST['cancel'] != "")
175 {
176 show_page("EnterEmail","","");
177 exit;
178 }
179 if($_SESSION['_config']['notarise']['id'] == $_SESSION['profile']['id'])
180 {
181 show_page("EnterEmail","",_("You are never allowed to Assure yourself!"));
182 exit;
183 }
184
185 $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' and
186 `to`='".$_SESSION['_config']['notarise']['id']."'";
187 $res = mysql_query($query);
188 if(mysql_num_rows($res) > 0)
189 {
190 show_page("EnterEmail","",_("You are only allowed to Assure someone once!"));
191 exit;
192 }
193 }
194
195 if($oldid == 6)
196 {
197 $iecho= "c";
198 if(!array_key_exists('assertion',$_POST) || $_POST['assertion'] != 1)
199 {
200 show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
201 exit;
202 }
203
204 /* if(!array_key_exists('rules',$_POST) || $_POST['rules'] != 1)
205 {
206 show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
207 exit;
208 }
209 */
210
211 if((!array_key_exists('certify',$_POST) || $_POST['certify'] != 1 ) && $_SESSION['profile']['ttpadmin'] != 1)
212 {
213 show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
214 exit;
215 }
216
217 if($_SESSION['profile']['ttpadmin'] != 1 && $_POST['location'] == "")
218 {
219 show_page("VerifyData","",_("You failed to enter a location of your meeting."));
220 exit;
221 }
222
223 if($_REQUEST['points'] == "")
224 {
225 show_page("VerifyData","",_("You must enter the number of points you wish to allocate to this person."));
226 exit;
227 }
228
229 $query = "select * from `users` where `id`='".$_SESSION['_config']['notarise']['id']."'";
230 $res = mysql_query($query);
231 $row = mysql_fetch_assoc($res);
232 $name = $row['fname']." ".$row['mname']." ".$row['lname']." ".$row['suffix'];
233 if($_SESSION['_config']['wothash'] != md5($name."-".$row['dob']) || $_SESSION['_config']['wothash'] != $_REQUEST['pagehash'])
234 {
235 show_page("VerifyData","",_("Race condition discovered, user altered details during assurance procedure. PLEASE MAKE SURE THE NEW DETAILS BELOW MATCH THE ID DOCUMENTS."));
236 exit;
237 }
238 }
239
240
241 if($oldid == 6)
242 {
243 $max = maxpoints();
244
245 $awarded = $newpoints = intval($_POST['points']);
246 if($newpoints > $max)
247 $newpoints = $awarded = $max;
248 if($newpoints < 0)
249 $newpoints = $awarded = 0;
250
251 $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`";
252 $res = mysql_query($query);
253 $drow = mysql_fetch_assoc($res);
254
255 $_POST['expire'] = 0;
256
257 if(($drow['total'] + $newpoints) > 100 && $max < 100)
258 $newpoints = 100 - $drow['total'];
259 if(($drow['total'] + $newpoints) > $max && $max >= 100)
260 $newpoints = $max - $drow['total'];
261 if($newpoints < 0)
262 $newpoints = 0;
263
264 if(mysql_escape_string(stripslashes($_POST['date'])) == "")
265 $_POST['date'] = date("Y-m-d H:i:s");
266
267 $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' AND
268 `to`='".$_SESSION['_config']['notarise']['id']."' AND
269 `awarded`='$awarded' AND
270 `location`='".mysql_escape_string(stripslashes($_POST['location']))."' AND
271 `date`='".mysql_escape_string(stripslashes($_POST['date']))."'";
272 $res = mysql_query($query);
273 if(mysql_num_rows($res) > 0)
274 {
275 show_page("VerifyEmail","",_("Identical Assurance attempted, will not continue."));
276 exit;
277 }
278 }
279
280 if($oldid == 6)
281 {
282 $query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
283 `to`='".$_SESSION['_config']['notarise']['id']."',
284 `points`='$newpoints', `awarded`='$awarded',
285 `location`='".mysql_escape_string(stripslashes($_POST['location']))."',
286 `date`='".mysql_escape_string(stripslashes($_POST['date']))."',
287 `when`=NOW()";
288 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
289 {
290 $query .= ",\n`method`='Temporary Increase'";
291 $query .= ",\n`expire`=DATE_ADD(NOW(), INTERVAL '".intval($_POST['expire'])."' DAY)";
292 $query .= ",\n`sponsor`='".intval($_POST['sponsor'])."'";
293 } else if($_SESSION['profile']['board'] == 1) {
294 $query .= ",\n`method`='".mysql_escape_string(stripslashes($_POST['method']))."'";
295 } else if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) {
296 $query .= ",\n`method`='Trusted Third Parties'";
297 }
298 mysql_query($query);
299 fix_assurer_flag($_SESSION['_config']['notarise']['id']);
300
301 if($_SESSION['profile']['points'] < 150)
302 {
303 $addpoints = 0;
304 if($_SESSION['profile']['points'] < 149 && $_SESSION['profile']['points'] >= 100)
305 $addpoints = 2;
306 else if($_SESSION['profile']['points'] == 149 && $_SESSION['profile']['points'] >= 100)
307 $addpoints = 1;
308 $query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
309 `to`='".$_SESSION['profile']['id']."',
310 `points`='$addpoints', `awarded`='$addpoints',
311 `location`='".mysql_escape_string(stripslashes($_POST['location']))."',
312 `date`='".mysql_escape_string(stripslashes($_POST['date']))."',
313 `method`='Administrative Increase',
314 `when`=NOW()";
315 mysql_query($query);
316 // No need to fix_assurer_flag here, this should only happen for assurers...
317 $_SESSION['profile']['points'] += $addpoints;
318 }
319
320 $my_translation = L10n::get_translation();
321 L10n::set_translation($_SESSION['_config']['notarise']['language']);
322
323 $body = sprintf(_("You are receiving this email because you have been assured by %s %s (%s)."), $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'])."\n\n";
324 if($_POST['points'] != $newpoints)
325 $body .= sprintf(_("You were issued %s points however the system has rounded this down to %s and you now have %s points in total."), $_POST['points'], $newpoints, ($newpoints + $drow['total']))."\n\n";
326 else
327 $body .= sprintf(_("You were issued %s points and you now have %s points in total."), $newpoints, ($newpoints + $drow['total']))."\n\n";
328
329 if(($drow['total'] + $newpoints) < 100 && ($drow['total'] + $newpoints) >= 50)
330 {
331 $body .= _("You now have over 50 points, and can now have your name added to client certificates, and issue server certificates for up to 2 years.")."\n\n";
332 }
333
334 if(($drow['total'] + $newpoints) >= 100 && $newpoints > 0)
335 {
336 $body .= _("You have at least 100 Assurance Points. If you want ".
337 "to become an assurer try the Assurer Challenge").
338 " ( https://cats.cacert.org ).\n\n";
339 $body .= _("To make it easier for others in your area to find ".
340 "you, it's helpful to list yourself as an assurer (this ".
341 "is voluntary), as well as a physical location where you ".
342 "live or work the most. You can flag your account to be ".
343 "listed, and add a comment to the display by going to:")."\n";
344 $body .= "https://www.cacert.org/wot.php?id=8\n\n";
345 $body .= _("You can list your location by going to:")."\n";
346 $body .= "https://www.cacert.org/wot.php?id=13\n\n";
347 }
348
349 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
350 $body .= sprintf(_("Please Note: this is a temporary increase for %s days only. After that time your points will be reduced to 150 points."), intval($_POST['expire']))."\n\n";
351
352 $body .= _("Best regards")."\n";
353 $body .= _("CAcert Support Team");
354
355 sendmail($_SESSION['_config']['notarise']['email'], "[CAcert.org] "._("You've been Assured."), $body, "support@cacert.org", "", "", "CAcert Website");
356
357 L10n::set_translation($my_translation);
358
359 $body = sprintf(_("You are receiving this email because you have assured %s %s (%s)."), $_SESSION['_config']['notarise']['fname'], $_SESSION['_config']['notarise']['lname'], $_SESSION['_config']['notarise']['email'])."\n\n";
360 if($_POST['points'] != $newpoints)
361 $body .= sprintf(_("You issued %s points however the system has rounded this down to %s and they now have %s points in total."), $_POST['points'], $newpoints, ($newpoints + $drow['total']))."\n\n";
362 else
363 $body .= sprintf(_("You issued %s points and they now have %s points in total."), $newpoints, ($newpoints + $drow['total']))."\n\n";
364
365 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
366 $body .= sprintf(_("Please Note: this is a temporary increase for %s days only. After that time their points will be reduced to 150 points."), intval($_POST['expire']))."\n\n";
367 $body .= _("Best regards")."\n";
368 $body .= _("CAcert Support Team");
369
370 sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("You've Assured Another Member."), $body, "support@cacert.org", "", "", "CAcert Support");
371
372 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
373 {
374 $body = sprintf("%s %s (%s) has issued a temporary increase to 200 points for %s %s (%s) for %s days. This action was sponsored by %s %s (%s).", $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'], $_SESSION['_config']['notarise']['fname'], $_SESSION['_config']['notarise']['lname'], $_SESSION['_config']['notarise']['email'], intval($_POST['expire']), $sponsor['fname'], $sponsor['lname'], $sponsor['email'])."\n\n";
375
376 sendmail("cacert-board@lists.cacert.org", "[CAcert.org] Temporary Increase Issued.", $body, "website@cacert.org", "", "", "CAcert Website");
377 }
378
379 showheader(_("My CAcert.org Account!"));
380 echo "<p>"._("Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this.")."</p>";
381 ?><form method="post" action="wot.php">
382 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
383 <tr>
384 <td colspan="2" class="title"><?=_("Assure Someone")?></td>
385 </tr>
386 <tr>
387 <td class="DataTD"><?=_("Email")?>:</td>
388 <td class="DataTD"><input type="text" name="email" id="email" value=""></td>
389 </tr>
390 <tr>
391 <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
392 </tr>
393 </table>
394 <input type="hidden" name="oldid" value="5">
395 </form>
396 <SCRIPT LANGUAGE="JavaScript">
397 //<![CDATA[
398 function my_init()
399 {
400 document.getElementById("email").focus();
401 }
402
403 window.onload = my_init();
404 //]]>
405 </script>
406 <?
407 showfooter();
408 exit;
409 }
410
411 if($oldid == 8)
412 {
413 csrf_check("chgcontact");
414
415 $info = mysql_escape_string(strip_tags(stripslashes($_POST['contactinfo'])));
416 $listme = intval($_POST['listme']);
417 if($listme < 0 || $listme > 1)
418 $listme = 0;
419
420 $_SESSION['profile']['listme'] = $listme;
421 $_SESSION['profile']['contactinfo'] = $info;
422
423 $query = "update `users` set `listme`='$listme',`contactinfo`='$info' where `id`='".$_SESSION['profile']['id']."'";
424 mysql_query($query);
425
426 showheader(_("My CAcert.org Account!"));
427 echo "<p>"._("Your account information has been updated.")."</p>";
428 showfooter();
429 exit;
430 }
431
432 if($oldid == 9 && $_REQUEST['userid'] > 0 && $_SESSION['profile']['id'] > 0)
433 {
434 if($_SESSION['_config']['pagehash'] != $_REQUEST['pageid'])
435 {
436 $oldid=0;
437 $id = 9;
438 show_page("ContactAssurer","",_("It looks like you were trying to contact multiple people, this isn't allowed due to data security reasons."));
439 exit;
440 } else {
441 $body = $_REQUEST['message'];
442 $subject = $_REQUEST['subject'];
443 $userid = intval($_REQUEST['userid']);
444 $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$userid' and `listme`=1"));
445 $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
446 where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0"));
447 if($points > 0)
448 {
449 $my_translation = L10n::get_translation();
450 L10n::set_translation($user['language']);
451
452 $subject = "[CAcert.org] ".sprintf(_("Message from %s"),
453 $_SESSION['profile']['fname']);
454
455 $body = sprintf(_("Hi %s,"), $user['fname'])."\n\n";
456 $body .= sprintf(_("%s %s has sent you a message via the ".
457 "contact an Assurer form on CAcert.org."),
458 $_SESSION['profile']['fname'],
459 $_SESSION['profile']['lname'])."\n\n";
460 $body .= sprintf(_("Subject: %s"), $_REQUEST['subject'])."\n";
461 $body .= _("Message:")."\n";
462 $body .= $_REQUEST['message']."\n\n";
463 $body .= "------------------------------------------------\n\n";
464 $body .= _("Please note, that this is NOT a message on behalf ".
465 "of CAcert but another CAcert community member. If ".
466 "you suspect that the contact form might have been ".
467 "abused, please write to support@cacert.org")."\n\n";
468 $body .= _("Best regards")."\n";
469 $body .= _("Your CAcert Community");
470
471 sendmail($user['email'], $subject, $body,
472 $_SESSION['profile']['email'], //from
473 "", //replyto
474 "", //toname
475 $_SESSION['profile']['fname']." ".
476 $_SESSION['profile']['lname']); //fromname
477
478 L10n::set_translation($my_translation);
479
480 showheader(_("My CAcert.org Account!"));?>
481 <p>
482 <? printf(_("Your email has been sent to %s."), $user['fname']); ?>
483 </p>
484 <p>[ <a href='javascript:history.go(-2)'><?= _("Go Back") ?></a> ]</p>
485 <?
486 showfooter();
487 exit;
488 } else {
489 show_page(0,"",_("Sorry, I was unable to locate that user."));
490 exit;
491 }
492
493 }
494 }
495 if($oldid == 9)
496 {
497 $oldid=0;
498 $id = 9;
499 show_page("ContactAssurer","",_("There was an error and I couldn't proceed"));
500 exit;
501 }
502
503 // showheader(_("My CAcert.org Account!"));
504 // echo "ID now = ".$id."/".$oldid.">>".$iecho;
505 // includeit($id, "wot");
506 // showfooter();
507 show_page ($id,"","");
508 ?>