Merge branch 'release' into bug-1221
[cacert-devel.git] / www / wot.php
index 40e8a71..dec4246 100644 (file)
@@ -18,7 +18,7 @@
 <?
 require_once("../includes/loggedin.php");
 require_once("../includes/lib/l10n.php");
-require_once("../includes/wot.inc.php");
+require_once("../includes/notary.inc.php");
 
 
 
@@ -115,8 +115,6 @@ function send_reminder()
        $_SESSION['_config']['error'] = _("A reminder notice has been sent.");
 }
 
-
-
        loadem("account");
        if(array_key_exists('date',$_POST) && $_POST['date'] != "")
                $_SESSION['_config']['date'] = $_POST['date'];
@@ -129,6 +127,40 @@ function send_reminder()
        if($oldid == 12)
                $id = $oldid;
 
+       if($oldid == 4)
+       {
+               if ($_POST['ttp']!='') {
+                       //This mail does not need to be translated
+                       $body = "Hi TTP adminstrators,\n\n";
+                       $body .= "User ".$_SESSION['profile']['fname']." ".
+                       $_SESSION['profile']['lname']." with email address '".
+                       $_SESSION['profile']['email']."' is requesting a TTP assurances for ".
+                       mysql_escape_string(stripslashes($_POST['country'])).".\n\n";
+                       if ($_POST['ttptopup']=='1') {
+                               $body .= "The user is also requesting TTP TOPUP.\n\n";
+                       }else{
+                               $body .= "The user is NOT requesting TTP TOPUP.\n\n";
+                       }
+                       $body .= "The user received ".intval($_SESSION['profile']['points'])." assurance points up to today.\n\n";
+                       $body .= "Please start the TTP assurance process.";
+                       sendmail("support@cacert.org", "[CAcert.org] TTP request.", $body, "support@cacert.org", "", "", "CAcert Website");
+
+                       //This mail needs to be translated
+                       $body  =_("You are receiving this email because you asked for TTP assurance.")."\n\n";
+                       if ($_POST['ttptopup']=='1') {
+                               $body .=_("You are requesting TTP TOPUP.")."\n\n";
+                       }else{
+                               $body .=_("You are NOT requesting TTP TOPUP.")."\n\n";
+                       }
+                       $body .= _("Best regards")."\n";
+                       $body .= _("CAcert Support Team");
+
+                       sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("You requested TTP assurances"), $body, "support@cacert.org", "", "", "CAcert Support");
+
+               }
+
+       }
+
        if(($id == 5 || $oldid == 5 || $id == 6 || $oldid == 6))
                if (!is_assurer($_SESSION['profile']['id']))
                        {
@@ -167,6 +199,14 @@ function send_reminder()
                                exit;
                        }
                }
+               $query = "select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' and `locked`=1";
+               $res = mysql_query($query);
+               if(mysql_num_rows($res) >= 1)
+               {
+                       $_SESSION['_config']['noemailfound'] = 0;
+                       show_page("EnterEmail","",_("This account is locked and can not be assured. For more information ask support@cacert.org."));
+                       exit;
+               }
        }
 
        if($oldid == 5 || $oldid == 6)
@@ -185,7 +225,7 @@ function send_reminder()
                }
 
                $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' and
-                                                       `to`='".$_SESSION['_config']['notarise']['id']."'";
+                       `to`='".$_SESSION['_config']['notarise']['id']."' and `deleted` = 0";
                $res = mysql_query($query);
                if(mysql_num_rows($res) > 0)
                {
@@ -197,43 +237,79 @@ function send_reminder()
        if($oldid == 6)
        {
 $iecho= "c";
+               //date checks
+               if(trim($_REQUEST['date']) == '')
+               {
+                       show_page("VerifyData","",_("You must enter the date when you met the assuree."));
+                       exit;
+               }
+
+               if(!check_date_format(trim($_REQUEST['date'])))
+               {
+                       show_page("VerifyData","",_("You must enter the date in this format: YYYY-MM-DD."));
+                       exit;
+               }
+
+               if(!check_date_difference(trim($_REQUEST['date'])))
+               {
+                       show_page("VerifyData","",_("You must not enter a date in the future."));
+                       exit;
+               }
+
+               //proof of identity check and accept arbitration, implements CCA
                if(!array_key_exists('assertion',$_POST) || $_POST['assertion'] != 1)
                {
                        show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
                        exit;
                }
 
-               if(!array_key_exists('CCAAgreed',$_POST) || $_POST['CCAAgreed'] != 1)
+               //proof of CCA agreement by assuree after 2010-01-01
+               if((!array_key_exists('CCAAgreed',$_POST) || $_POST['CCAAgreed'] != 1) and (check_date_format(trim($_REQUEST['date']),2010)))
                {
                        show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
                        exit;
                }
 
-/*             if(!array_key_exists('rules',$_POST) || $_POST['rules'] != 1)
+               //assurance done according to rules
+               if(!array_key_exists('rules',$_POST) || $_POST['rules'] != 1)
                {
                        show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
                        exit;
                }
-*/
 
-               if((!array_key_exists('certify',$_POST) || $_POST['certify'] != 1 )  && $_SESSION['profile']['ttpadmin'] != 1)
+               //met assuree in person, not appliciable for TTP / TTP Topup assurances
+               if((!array_key_exists('certify',$_POST) || $_POST['certify'] != 1 )  && $_REQUEST['method'] != "Trusted 3rd Parties")
                {
                        show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
                        exit;
                }
 
-               if($_SESSION['profile']['ttpadmin'] != 1 && $_POST['location'] == "")
+               //check location, min 3 characters
+               if(!array_key_exists('location',$_POST) || trim($_POST['location']) == "")
                {
                        show_page("VerifyData","",_("You failed to enter a location of your meeting."));
                        exit;
                }
 
-               if($_REQUEST['points'] == "")
+               if(strlen(trim($_REQUEST['location']))<=2)
+               {
+                       show_page("VerifyData","",_("You must enter a location with at least 3 characters eg town and country."));
+                       exit;
+               }
+
+               //check for points in range 0-35, for nucleus 35 + 15 temporary
+               if($_REQUEST['points'] == "" || !is_numeric($_REQUEST['points']))
                {
                        show_page("VerifyData","",_("You must enter the number of points you wish to allocate to this person."));
                        exit;
                }
 
+               if($_REQUEST['points'] <0 || ($_REQUEST['points']>35))
+               {
+                       show_page("VerifyData","",_("The number of points you entered are out of the range given by policy."));
+                       exit;
+               }
+
                $query = "select * from `users` where `id`='".$_SESSION['_config']['notarise']['id']."'";
                $res = mysql_query($query);
                $row = mysql_fetch_assoc($res);
@@ -256,7 +332,7 @@ $iecho= "c";
                if($newpoints < 0)
                        $newpoints = $awarded = 0;
 
-               $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`";
+               $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' and `deleted` = 0 group by `to`";
                $res = mysql_query($query);
                $drow = mysql_fetch_assoc($res);
 
@@ -276,11 +352,12 @@ $iecho= "c";
                                                `to`='".$_SESSION['_config']['notarise']['id']."' AND
                                                `awarded`='$awarded' AND
                                                `location`='".mysql_escape_string(stripslashes($_POST['location']))."' AND
-                                               `date`='".mysql_escape_string(stripslashes($_POST['date']))."'";
+                                               `date`='".mysql_escape_string(stripslashes($_POST['date']))."' AND
+                                               `deleted`=0";
                $res = mysql_query($query);
                if(mysql_num_rows($res) > 0)
                {
-                        show_page("VerifyEmail","",_("Identical Assurance attempted, will not continue."));
+                       show_page("VerifyEmail","",_("Identical Assurance attempted, will not continue."));
                        exit;
                }
        }
@@ -294,19 +371,16 @@ $iecho= "c";
                                                `date`='".mysql_escape_string(stripslashes($_POST['date']))."',
                                                `when`=NOW()";
                //record active acceptance by Assurer
-               write_user_agreement($_SESSION['profile']['id'], "CCA", "Assurance", "Assurer", 1, $_SESSION['_config']['notarise']['id']);
-               if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
-               {
-                       $query .= ",\n`method`='Temporary Increase'";
-                       $query .= ",\n`expire`=DATE_ADD(NOW(), INTERVAL '".intval($_POST['expire'])."' DAY)";
-                       $query .= ",\n`sponsor`='".intval($_POST['sponsor'])."'";
-               } else if($_SESSION['profile']['board'] == 1) {
-                       $query .= ",\n`method`='".mysql_escape_string(stripslashes($_POST['method']))."'";
-               } else if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) {
-                       $query .= ",\n`method`='Trusted Third Parties'";
+               if (check_date_format(trim($_REQUEST['date']),2010)) {
+                       write_user_agreement($_SESSION['profile']['id'], "CCA", "assurance", "Assuring", 1, $_SESSION['_config']['notarise']['id']);
+                       write_user_agreement($_SESSION['_config']['notarise']['id'], "CCA", "assurance", "Being assured", 0, $_SESSION['profile']['id']);
+               }
+               if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) {
+                       $query .= ",\n`method`='TTP-Assisted'";
                }
                mysql_query($query);
                fix_assurer_flag($_SESSION['_config']['notarise']['id']);
+               include_once("../includes/notary.inc.php");
 
                if($_SESSION['profile']['points'] < 150)
                {
@@ -323,6 +397,7 @@ $iecho= "c";
                                                        `method`='Administrative Increase',
                                                        `when`=NOW()";
                        mysql_query($query);
+
                        // No need to fix_assurer_flag here, this should only happen for assurers...
                        $_SESSION['profile']['points'] += $addpoints;
                }
@@ -343,22 +418,13 @@ $iecho= "c";
 
                if(($drow['total'] + $newpoints) >= 100 && $newpoints > 0)
                {
-                       $body .= _("You have at least 100 Assurance Points. If you want ".
-                                       "to become an assurer try the Assurer Challenge").
-                                       " ( https://cats.cacert.org ).\n\n";
-                       $body .= _("To make it easier for others in your area to find ".
-                                       "you, it's helpful to list yourself as an assurer (this ".
-                                       "is voluntary), as well as a physical location where you ".
-                                       "live or work the most. You can flag your account to be ".
-                                       "listed, and add a comment to the display by going to:")."\n";
+                       $body .= _("You have at least 100 Assurance Points, if you want to become an assurer try the Assurer Challenge")." ( https://cats.cacert.org )\n\n";
+                       $body .= _("To make it easier for others in your area to find you, it's helpful to list yourself as an assurer (this is voluntary), as well as a physical location where you live or work the most. You can flag your account to be listed, and add a comment to the display by going to:")."\n";
                        $body .= "https://www.cacert.org/wot.php?id=8\n\n";
                        $body .= _("You can list your location by going to:")."\n";
                        $body .= "https://www.cacert.org/wot.php?id=13\n\n";
                }
 
-               if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
-                       $body .= sprintf(_("Please Note: this is a temporary increase for %s days only. After that time your points will be reduced to 150 points."), intval($_POST['expire']))."\n\n";
-
                $body .= _("Best regards")."\n";
                $body .= _("CAcert Support Team");
 
@@ -372,34 +438,25 @@ $iecho= "c";
                else
                        $body .= sprintf(_("You issued %s points and they now have %s points in total."), $newpoints, ($newpoints + $drow['total']))."\n\n";
 
-               if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
-                       $body .= sprintf(_("Please Note: this is a temporary increase for %s days only. After that time their points will be reduced to 150 points."), intval($_POST['expire']))."\n\n";
                $body .= _("Best regards")."\n";
                $body .= _("CAcert Support Team");
 
                sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("You've Assured Another Member."), $body, "support@cacert.org", "", "", "CAcert Support");
 
-               if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
-               {
-                       $body  = sprintf("%s %s (%s) has issued a temporary increase to 200 points for %s %s (%s) for %s days. This action was sponsored by %s %s (%s).", $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'], $_SESSION['_config']['notarise']['fname'], $_SESSION['_config']['notarise']['lname'], $_SESSION['_config']['notarise']['email'], intval($_POST['expire']), $sponsor['fname'], $sponsor['lname'], $sponsor['email'])."\n\n";
-
-                       sendmail("cacert-board@lists.cacert.org", "[CAcert.org] Temporary Increase Issued.", $body, "website@cacert.org", "", "", "CAcert Website");
-               }
-
                showheader(_("My CAcert.org Account!"));
                echo "<p>"._("Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this.")."</p>";
 ?><form method="post" action="wot.php">
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
-  <tr>
-    <td colspan="2" class="title"><?=_("Assure Someone")?></td>
-  </tr>
-  <tr>
-    <td class="DataTD"><?=_("Email")?>:</td>
-    <td class="DataTD"><input type="text" name="email" id="email" value=""></td>
-  </tr>
-  <tr>
-    <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
-  </tr>
+       <tr>
+               <td colspan="2" class="title"><?=_("Assure Someone")?></td>
+       </tr>
+       <tr>
+               <td class="DataTD"><?=_("Email")?>:</td>
+               <td class="DataTD"><input type="text" name="email" id="email" value=""></td>
+       </tr>
+       <tr>
+               <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
+       </tr>
 </table>
 <input type="hidden" name="oldid" value="5">
 </form>
@@ -452,8 +509,8 @@ $iecho= "c";
                        $subject = $_REQUEST['subject'];
                        $userid = intval($_REQUEST['userid']);
                        $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$userid' and `listme`=1"));
-                       $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
-                                               where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0"));
+                       $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
+                                               where `to`='".$user['id']."' and `deleted` = 0 group by `to` HAVING SUM(`points`) > 0"));
                        if($points > 0)
                        {
                                $my_translation = L10n::get_translation();