bug 1137: changed the wot.inc.php to make it work
[cacert-devel.git] / www / wot.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */ ?>
18 <?
19 require_once("../includes/loggedin.php");
20 require_once("../includes/lib/l10n.php");
21 require_once("../includes/wot.inc.php");
22
23
24
25 function show_page($target,$message,$error)
26 {
27 showheader(_("My CAcert.org Account!"));
28 if ($error != "")
29 $message=_("ERROR").": ".$error;
30 if ($message != "")
31 echo "<p><font color='orange' size='+1'>".$message."</font></p>";
32
33 switch ($target)
34 {
35 case '0':
36 case 'InfoPage': includeit(0, "wot");
37 break;
38 case '1':
39 case 'ListByCity': includeit(1, "wot");
40 break;
41 case '2':
42 case 'BecomeAssurer': includeit(2, "wot");
43 break;
44 case '3':
45 case 'TrustRules': includeit(3, "wot");
46 break;
47 case '4':
48 case 'ShowTTPInfo': includeit(4, "wot");
49 break;
50 case '5';
51 case 'EnterEmail': includeit(5, "wot");
52 break;
53 case '6':
54 case 'VerifyData': includeit(6, "wot");
55 break;
56 // case '7':
57 // case '???': includeit(7, "wot");
58 // break;
59 case '8':
60 case 'EnterMyInfo': includeit(8, "wot");
61 break;
62 case '9':
63 case 'ContactAssurer': includeit(9, "wot");
64 break;
65 case '10':
66 case 'MyPointsOld': includeit(10, "wot");
67 break;
68 // case '11':
69 // case 'OAInfo': includeit(11, "wot");
70 // break;
71 case '12':
72 case 'SearchAssurer': includeit(12, "wot");
73 break;
74 case '13':
75 case 'EnterMyCity': includeit(13, "wot");
76 break;
77 // case '14':
78 // case 'EnterEmail': includeit(14, "wot");
79 // break;
80 case '15':
81 case 'MyPointsNew': includeit(15, "wot");
82 break;
83 }
84
85 showfooter();
86 }
87
88 function send_reminder()
89 {
90 $body = "";
91 $my_translation = L10n::get_translation();
92
93 $_SESSION['_config']['reminder-lang'] = $_POST['reminder-lang'];
94
95 $reminder_translations[] = $_POST['reminder-lang'];
96 if ( !in_array("en", $reminder_translations, $strict=true) ) {
97 $reminder_translations[] = "en";
98 }
99
100 foreach ($reminder_translations as $translation) {
101 L10n::set_translation($translation);
102
103 $body .= L10n::$translations[$translation].":\n\n";
104 $body .= sprintf(_("This is a short reminder that you filled out forms to become trusted with CAcert.org, and %s has attempted to issue you points. Please create your account at %s as soon as possible and then notify %s so that the points can be issued."), $_SESSION['profile']['fname']." (".$_SESSION['profile']['email'].")", "http://www.cacert.org", $_SESSION['profile']['fname'])."\n\n";
105 $body .= _("Best regards")."\n";
106 $body .= _("CAcert Support Team")."\n\n";
107 }
108
109 L10n::set_translation($reminder_translations[0]); // for the subject
110 sendmail($_POST['email'], "[CAcert.org] "._("Reminder Notice"), $body, $_SESSION['profile']['email'], "", "", $_SESSION['profile']['fname']);
111
112 L10n::set_translation($my_translation);
113
114 $_SESSION['_config']['remindersent'] = 1;
115 $_SESSION['_config']['error'] = _("A reminder notice has been sent.");
116 }
117
118
119
120 loadem("account");
121 if(array_key_exists('date',$_POST) && $_POST['date'] != "")
122 $_SESSION['_config']['date'] = $_POST['date'];
123
124 if(array_key_exists('location',$_POST) && $_POST['location'] != "")
125 $_SESSION['_config']['location'] = $_POST['location'];
126
127 $oldid=array_key_exists('oldid',$_REQUEST)?intval($_REQUEST['oldid']):0;
128
129 if($oldid == 12)
130 $id = $oldid;
131
132 if(($id == 5 || $oldid == 5 || $id == 6 || $oldid == 6))
133 if (!is_assurer($_SESSION['profile']['id']))
134 {
135 show_page ("Exit","",get_assurer_reason($_SESSION['profile']['id']));
136 exit;
137 }
138
139 if($oldid == 6 && intval($_SESSION['_config']['notarise']['id']) <= 0)
140 {
141 show_page ("EnterEmail","",_("Something went wrong. Please enter the email address again"));
142 exit;
143 }
144 if($oldid == 5 && array_key_exists('reminder',$_POST) && $_POST['reminder'] != "")
145 {
146 send_reminder();
147 show_page ("EnterEmail",_("A reminder notice has been sent."),"");
148 exit;
149 }
150
151 if($oldid == 5)
152 {
153 $query = "select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' and `deleted`=0";
154 $res = mysql_query($query);
155 if(mysql_num_rows($res) != 1)
156 {
157 $_SESSION['_config']['noemailfound'] = 1;
158 show_page("EnterEmail","",_("I'm sorry, there was no email matching what you entered in the system. Please double check your information."));
159 exit;
160 } else
161 {
162 $_SESSION['_config']['noemailfound'] = 0;
163 $_SESSION['_config']['notarise'] = mysql_fetch_assoc($res);
164 if ($_SESSION['_config']['notarise']['verified'] == 0)
165 {
166 show_page("EnterEmail","",_("User is not yet verified. Please try again in 24 hours!"));
167 exit;
168 }
169 }
170 }
171
172 if($oldid == 5 || $oldid == 6)
173 {
174 $id=6;
175 // $oldid=0;
176 if(array_key_exists('cancel',$_REQUEST) && $_REQUEST['cancel'] != "")
177 {
178 show_page("EnterEmail","","");
179 exit;
180 }
181 if($_SESSION['_config']['notarise']['id'] == $_SESSION['profile']['id'])
182 {
183 show_page("EnterEmail","",_("You are never allowed to Assure yourself!"));
184 exit;
185 }
186
187 $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' and
188 `to`='".$_SESSION['_config']['notarise']['id']."'";
189 $res = mysql_query($query);
190 if(mysql_num_rows($res) > 0)
191 {
192 show_page("EnterEmail","",_("You are only allowed to Assure someone once!"));
193 exit;
194 }
195 }
196
197 if($oldid == 6)
198 {
199 $iecho= "c";
200 if(!array_key_exists('assertion',$_POST) || $_POST['assertion'] != 1)
201 {
202 show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
203 exit;
204 }
205
206 if(!array_key_exists('CCAAgreed',$_POST) || $_POST['CCAAgreed'] != 1)
207 {
208 show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
209 exit;
210 }
211
212 /* if(!array_key_exists('rules',$_POST) || $_POST['rules'] != 1)
213 {
214 show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
215 exit;
216 }
217 */
218
219 if((!array_key_exists('certify',$_POST) || $_POST['certify'] != 1 ) && $_SESSION['profile']['ttpadmin'] != 1)
220 {
221 show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
222 exit;
223 }
224
225 if($_SESSION['profile']['ttpadmin'] != 1 && $_POST['location'] == "")
226 {
227 show_page("VerifyData","",_("You failed to enter a location of your meeting."));
228 exit;
229 }
230
231 if($_REQUEST['points'] == "")
232 {
233 show_page("VerifyData","",_("You must enter the number of points you wish to allocate to this person."));
234 exit;
235 }
236
237 $query = "select * from `users` where `id`='".$_SESSION['_config']['notarise']['id']."'";
238 $res = mysql_query($query);
239 $row = mysql_fetch_assoc($res);
240 $name = $row['fname']." ".$row['mname']." ".$row['lname']." ".$row['suffix'];
241 if($_SESSION['_config']['wothash'] != md5($name."-".$row['dob']) || $_SESSION['_config']['wothash'] != $_REQUEST['pagehash'])
242 {
243 show_page("VerifyData","",_("Race condition discovered, user altered details during assurance procedure. PLEASE MAKE SURE THE NEW DETAILS BELOW MATCH THE ID DOCUMENTS."));
244 exit;
245 }
246 }
247
248
249 if($oldid == 6)
250 {
251 $max = maxpoints();
252
253 $awarded = $newpoints = intval($_POST['points']);
254 if($newpoints > $max)
255 $newpoints = $awarded = $max;
256 if($newpoints < 0)
257 $newpoints = $awarded = 0;
258
259 $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`";
260 $res = mysql_query($query);
261 $drow = mysql_fetch_assoc($res);
262
263 $_POST['expire'] = 0;
264
265 if(($drow['total'] + $newpoints) > 100 && $max < 100)
266 $newpoints = 100 - $drow['total'];
267 if(($drow['total'] + $newpoints) > $max && $max >= 100)
268 $newpoints = $max - $drow['total'];
269 if($newpoints < 0)
270 $newpoints = 0;
271
272 if(mysql_escape_string(stripslashes($_POST['date'])) == "")
273 $_POST['date'] = date("Y-m-d H:i:s");
274
275 $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' AND
276 `to`='".$_SESSION['_config']['notarise']['id']."' AND
277 `awarded`='$awarded' AND
278 `location`='".mysql_escape_string(stripslashes($_POST['location']))."' AND
279 `date`='".mysql_escape_string(stripslashes($_POST['date']))."'";
280 $res = mysql_query($query);
281 if(mysql_num_rows($res) > 0)
282 {
283 show_page("VerifyEmail","",_("Identical Assurance attempted, will not continue."));
284 exit;
285 }
286 }
287
288 if($oldid == 6)
289 {
290 $query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
291 `to`='".$_SESSION['_config']['notarise']['id']."',
292 `points`='$newpoints', `awarded`='$awarded',
293 `location`='".mysql_escape_string(stripslashes($_POST['location']))."',
294 `date`='".mysql_escape_string(stripslashes($_POST['date']))."',
295 `when`=NOW()";
296 //record active acceptance by Assurer
297 write_user_agreement($_SESSION['profile']['id'], "CCA", "Assurance", "Assurer", 1, $_SESSION['_config']['notarise']['id']);
298 //record passive acceptance by Assuree
299 write_user_agreement($_SESSION['_config']['notarise']['id'], "CCA", "Assurance", "Assuree", 0, $_SESSION['profile']['id']);
300 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
301 {
302 $query .= ",\n`method`='Temporary Increase'";
303 $query .= ",\n`expire`=DATE_ADD(NOW(), INTERVAL '".intval($_POST['expire'])."' DAY)";
304 $query .= ",\n`sponsor`='".intval($_POST['sponsor'])."'";
305 } else if($_SESSION['profile']['board'] == 1) {
306 $query .= ",\n`method`='".mysql_escape_string(stripslashes($_POST['method']))."'";
307 } else if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) {
308 $query .= ",\n`method`='Trusted Third Parties'";
309 }
310 mysql_query($query);
311 fix_assurer_flag($_SESSION['_config']['notarise']['id']);
312
313 if($_SESSION['profile']['points'] < 150)
314 {
315 $addpoints = 0;
316 if($_SESSION['profile']['points'] < 149 && $_SESSION['profile']['points'] >= 100)
317 $addpoints = 2;
318 else if($_SESSION['profile']['points'] == 149 && $_SESSION['profile']['points'] >= 100)
319 $addpoints = 1;
320 $query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
321 `to`='".$_SESSION['profile']['id']."',
322 `points`='$addpoints', `awarded`='$addpoints',
323 `location`='".mysql_escape_string(stripslashes($_POST['location']))."',
324 `date`='".mysql_escape_string(stripslashes($_POST['date']))."',
325 `method`='Administrative Increase',
326 `when`=NOW()";
327 mysql_query($query);
328 // No need to fix_assurer_flag here, this should only happen for assurers...
329 $_SESSION['profile']['points'] += $addpoints;
330 }
331
332 $my_translation = L10n::get_translation();
333 L10n::set_translation($_SESSION['_config']['notarise']['language']);
334
335 $body = sprintf(_("You are receiving this email because you have been assured by %s %s (%s)."), $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'])."\n\n";
336 if($_POST['points'] != $newpoints)
337 $body .= sprintf(_("You were issued %s points however the system has rounded this down to %s and you now have %s points in total."), $_POST['points'], $newpoints, ($newpoints + $drow['total']))."\n\n";
338 else
339 $body .= sprintf(_("You were issued %s points and you now have %s points in total."), $newpoints, ($newpoints + $drow['total']))."\n\n";
340
341 if(($drow['total'] + $newpoints) < 100 && ($drow['total'] + $newpoints) >= 50)
342 {
343 $body .= _("You now have over 50 points, and can now have your name added to client certificates, and issue server certificates for up to 2 years.")."\n\n";
344 }
345
346 if(($drow['total'] + $newpoints) >= 100 && $newpoints > 0)
347 {
348 $body .= _("You have at least 100 Assurance Points. If you want ".
349 "to become an assurer try the Assurer Challenge").
350 " ( https://cats.cacert.org ).\n\n";
351 $body .= _("To make it easier for others in your area to find ".
352 "you, it's helpful to list yourself as an assurer (this ".
353 "is voluntary), as well as a physical location where you ".
354 "live or work the most. You can flag your account to be ".
355 "listed, and add a comment to the display by going to:")."\n";
356 $body .= "https://www.cacert.org/wot.php?id=8\n\n";
357 $body .= _("You can list your location by going to:")."\n";
358 $body .= "https://www.cacert.org/wot.php?id=13\n\n";
359 }
360
361 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
362 $body .= sprintf(_("Please Note: this is a temporary increase for %s days only. After that time your points will be reduced to 150 points."), intval($_POST['expire']))."\n\n";
363
364 $body .= _("Best regards")."\n";
365 $body .= _("CAcert Support Team");
366
367 sendmail($_SESSION['_config']['notarise']['email'], "[CAcert.org] "._("You've been Assured."), $body, "support@cacert.org", "", "", "CAcert Website");
368
369 L10n::set_translation($my_translation);
370
371 $body = sprintf(_("You are receiving this email because you have assured %s %s (%s)."), $_SESSION['_config']['notarise']['fname'], $_SESSION['_config']['notarise']['lname'], $_SESSION['_config']['notarise']['email'])."\n\n";
372 if($_POST['points'] != $newpoints)
373 $body .= sprintf(_("You issued %s points however the system has rounded this down to %s and they now have %s points in total."), $_POST['points'], $newpoints, ($newpoints + $drow['total']))."\n\n";
374 else
375 $body .= sprintf(_("You issued %s points and they now have %s points in total."), $newpoints, ($newpoints + $drow['total']))."\n\n";
376
377 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
378 $body .= sprintf(_("Please Note: this is a temporary increase for %s days only. After that time their points will be reduced to 150 points."), intval($_POST['expire']))."\n\n";
379 $body .= _("Best regards")."\n";
380 $body .= _("CAcert Support Team");
381
382 sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("You've Assured Another Member."), $body, "support@cacert.org", "", "", "CAcert Support");
383
384 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
385 {
386 $body = sprintf("%s %s (%s) has issued a temporary increase to 200 points for %s %s (%s) for %s days. This action was sponsored by %s %s (%s).", $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'], $_SESSION['_config']['notarise']['fname'], $_SESSION['_config']['notarise']['lname'], $_SESSION['_config']['notarise']['email'], intval($_POST['expire']), $sponsor['fname'], $sponsor['lname'], $sponsor['email'])."\n\n";
387
388 sendmail("cacert-board@lists.cacert.org", "[CAcert.org] Temporary Increase Issued.", $body, "website@cacert.org", "", "", "CAcert Website");
389 }
390
391 showheader(_("My CAcert.org Account!"));
392 echo "<p>"._("Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this.")."</p>";
393 ?><form method="post" action="wot.php">
394 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
395 <tr>
396 <td colspan="2" class="title"><?=_("Assure Someone")?></td>
397 </tr>
398 <tr>
399 <td class="DataTD"><?=_("Email")?>:</td>
400 <td class="DataTD"><input type="text" name="email" id="email" value=""></td>
401 </tr>
402 <tr>
403 <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
404 </tr>
405 </table>
406 <input type="hidden" name="oldid" value="5">
407 </form>
408 <SCRIPT LANGUAGE="JavaScript">
409 //<![CDATA[
410 function my_init()
411 {
412 document.getElementById("email").focus();
413 }
414
415 window.onload = my_init();
416 //]]>
417 </script>
418 <?
419 showfooter();
420 exit;
421 }
422
423 if($oldid == 8)
424 {
425 csrf_check("chgcontact");
426
427 $info = mysql_escape_string(strip_tags(stripslashes($_POST['contactinfo'])));
428 $listme = intval($_POST['listme']);
429 if($listme < 0 || $listme > 1)
430 $listme = 0;
431
432 $_SESSION['profile']['listme'] = $listme;
433 $_SESSION['profile']['contactinfo'] = $info;
434
435 $query = "update `users` set `listme`='$listme',`contactinfo`='$info' where `id`='".$_SESSION['profile']['id']."'";
436 mysql_query($query);
437
438 showheader(_("My CAcert.org Account!"));
439 echo "<p>"._("Your account information has been updated.")."</p>";
440 showfooter();
441 exit;
442 }
443
444 if($oldid == 9 && $_REQUEST['userid'] > 0 && $_SESSION['profile']['id'] > 0)
445 {
446 if($_SESSION['_config']['pagehash'] != $_REQUEST['pageid'])
447 {
448 $oldid=0;
449 $id = 9;
450 show_page("ContactAssurer","",_("It looks like you were trying to contact multiple people, this isn't allowed due to data security reasons."));
451 exit;
452 } else {
453 $body = $_REQUEST['message'];
454 $subject = $_REQUEST['subject'];
455 $userid = intval($_REQUEST['userid']);
456 $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$userid' and `listme`=1"));
457 $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
458 where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0"));
459 if($points > 0)
460 {
461 $my_translation = L10n::get_translation();
462 L10n::set_translation($user['language']);
463
464 $subject = "[CAcert.org] ".sprintf(_("Message from %s"),
465 $_SESSION['profile']['fname']);
466
467 $body = sprintf(_("Hi %s,"), $user['fname'])."\n\n";
468 $body .= sprintf(_("%s %s has sent you a message via the ".
469 "contact an Assurer form on CAcert.org."),
470 $_SESSION['profile']['fname'],
471 $_SESSION['profile']['lname'])."\n\n";
472 $body .= sprintf(_("Subject: %s"), $_REQUEST['subject'])."\n";
473 $body .= _("Message:")."\n";
474 $body .= $_REQUEST['message']."\n\n";
475 $body .= "------------------------------------------------\n\n";
476 $body .= _("Please note, that this is NOT a message on behalf ".
477 "of CAcert but another CAcert community member. If ".
478 "you suspect that the contact form might have been ".
479 "abused, please write to support@cacert.org")."\n\n";
480 $body .= _("Best regards")."\n";
481 $body .= _("Your CAcert Community");
482
483 sendmail($user['email'], $subject, $body,
484 $_SESSION['profile']['email'], //from
485 "", //replyto
486 "", //toname
487 $_SESSION['profile']['fname']." ".
488 $_SESSION['profile']['lname']); //fromname
489
490 L10n::set_translation($my_translation);
491
492 showheader(_("My CAcert.org Account!"));?>
493 <p>
494 <? printf(_("Your email has been sent to %s."), $user['fname']); ?>
495 </p>
496 <p>[ <a href='javascript:history.go(-2)'><?= _("Go Back") ?></a> ]</p>
497 <?
498 showfooter();
499 exit;
500 } else {
501 show_page(0,"",_("Sorry, I was unable to locate that user."));
502 exit;
503 }
504
505 }
506 }
507 if($oldid == 9)
508 {
509 $oldid=0;
510 $id = 9;
511 show_page("ContactAssurer","",_("There was an error and I couldn't proceed"));
512 exit;
513 }
514
515 // showheader(_("My CAcert.org Account!"));
516 // echo "ID now = ".$id."/".$oldid.">>".$iecho;
517 // includeit($id, "wot");
518 // showfooter();
519 show_page ($id,"","");
520 ?>