Merge branch 'release' into bug-1221
[cacert-devel.git] / www / wot.php
index 858f81b..dec4246 100644 (file)
@@ -18,6 +18,8 @@
 <?
 require_once("../includes/loggedin.php");
 require_once("../includes/lib/l10n.php");
+require_once("../includes/notary.inc.php");
+
 
 
 function show_page($target,$message,$error)
@@ -113,9 +115,6 @@ function send_reminder()
        $_SESSION['_config']['error'] = _("A reminder notice has been sent.");
 }
 
-
-
-
        loadem("account");
        if(array_key_exists('date',$_POST) && $_POST['date'] != "")
                $_SESSION['_config']['date'] = $_POST['date'];
@@ -127,7 +126,7 @@ function send_reminder()
 
        if($oldid == 12)
                $id = $oldid;
-               
+
        if($oldid == 4)
        {
                if ($_POST['ttp']!='') {
@@ -226,7 +225,7 @@ function send_reminder()
                }
 
                $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' and
-                                                       `to`='".$_SESSION['_config']['notarise']['id']."'";
+                       `to`='".$_SESSION['_config']['notarise']['id']."' and `deleted` = 0";
                $res = mysql_query($query);
                if(mysql_num_rows($res) > 0)
                {
@@ -238,37 +237,79 @@ function send_reminder()
        if($oldid == 6)
        {
 $iecho= "c";
+               //date checks
+               if(trim($_REQUEST['date']) == '')
+               {
+                       show_page("VerifyData","",_("You must enter the date when you met the assuree."));
+                       exit;
+               }
+
+               if(!check_date_format(trim($_REQUEST['date'])))
+               {
+                       show_page("VerifyData","",_("You must enter the date in this format: YYYY-MM-DD."));
+                       exit;
+               }
+
+               if(!check_date_difference(trim($_REQUEST['date'])))
+               {
+                       show_page("VerifyData","",_("You must not enter a date in the future."));
+                       exit;
+               }
+
+               //proof of identity check and accept arbitration, implements CCA
                if(!array_key_exists('assertion',$_POST) || $_POST['assertion'] != 1)
                {
                        show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
                        exit;
                }
 
-/*             if(!array_key_exists('rules',$_POST) || $_POST['rules'] != 1)
+               //proof of CCA agreement by assuree after 2010-01-01
+               if((!array_key_exists('CCAAgreed',$_POST) || $_POST['CCAAgreed'] != 1) and (check_date_format(trim($_REQUEST['date']),2010)))
+               {
+                       show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
+                       exit;
+               }
+
+               //assurance done according to rules
+               if(!array_key_exists('rules',$_POST) || $_POST['rules'] != 1)
                {
                        show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
                        exit;
                }
-*/
 
-               if((!array_key_exists('certify',$_POST) || $_POST['certify'] != 1 )  && $_SESSION['profile']['ttpadmin'] != 1)
+               //met assuree in person, not appliciable for TTP / TTP Topup assurances
+               if((!array_key_exists('certify',$_POST) || $_POST['certify'] != 1 )  && $_REQUEST['method'] != "Trusted 3rd Parties")
                {
                        show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
                        exit;
                }
 
-               if($_SESSION['profile']['ttpadmin'] != 1 && $_POST['location'] == "")
+               //check location, min 3 characters
+               if(!array_key_exists('location',$_POST) || trim($_POST['location']) == "")
                {
                        show_page("VerifyData","",_("You failed to enter a location of your meeting."));
                        exit;
                }
 
+               if(strlen(trim($_REQUEST['location']))<=2)
+               {
+                       show_page("VerifyData","",_("You must enter a location with at least 3 characters eg town and country."));
+                       exit;
+               }
+
+               //check for points in range 0-35, for nucleus 35 + 15 temporary
                if($_REQUEST['points'] == "" || !is_numeric($_REQUEST['points']))
                {
                        show_page("VerifyData","",_("You must enter the number of points you wish to allocate to this person."));
                        exit;
                }
 
+               if($_REQUEST['points'] <0 || ($_REQUEST['points']>35))
+               {
+                       show_page("VerifyData","",_("The number of points you entered are out of the range given by policy."));
+                       exit;
+               }
+
                $query = "select * from `users` where `id`='".$_SESSION['_config']['notarise']['id']."'";
                $res = mysql_query($query);
                $row = mysql_fetch_assoc($res);
@@ -291,7 +332,7 @@ $iecho= "c";
                if($newpoints < 0)
                        $newpoints = $awarded = 0;
 
-               $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`";
+               $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' and `deleted` = 0 group by `to`";
                $res = mysql_query($query);
                $drow = mysql_fetch_assoc($res);
 
@@ -311,11 +352,12 @@ $iecho= "c";
                                                `to`='".$_SESSION['_config']['notarise']['id']."' AND
                                                `awarded`='$awarded' AND
                                                `location`='".mysql_escape_string(stripslashes($_POST['location']))."' AND
-                                               `date`='".mysql_escape_string(stripslashes($_POST['date']))."'";
+                                               `date`='".mysql_escape_string(stripslashes($_POST['date']))."' AND
+                                               `deleted`=0";
                $res = mysql_query($query);
                if(mysql_num_rows($res) > 0)
                {
-                        show_page("VerifyEmail","",_("Identical Assurance attempted, will not continue."));
+                       show_page("VerifyEmail","",_("Identical Assurance attempted, will not continue."));
                        exit;
                }
        }
@@ -328,16 +370,17 @@ $iecho= "c";
                                                `location`='".mysql_escape_string(stripslashes($_POST['location']))."',
                                                `date`='".mysql_escape_string(stripslashes($_POST['date']))."',
                                                `when`=NOW()";
+               //record active acceptance by Assurer
+               if (check_date_format(trim($_REQUEST['date']),2010)) {
+                       write_user_agreement($_SESSION['profile']['id'], "CCA", "assurance", "Assuring", 1, $_SESSION['_config']['notarise']['id']);
+                       write_user_agreement($_SESSION['_config']['notarise']['id'], "CCA", "assurance", "Being assured", 0, $_SESSION['profile']['id']);
+               }
                if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) {
                        $query .= ",\n`method`='TTP-Assisted'";
                }
                mysql_query($query);
                fix_assurer_flag($_SESSION['_config']['notarise']['id']);
                include_once("../includes/notary.inc.php");
-/*to be activated after CCA accept option is implemented in form
-               write_user_agreement($_SESSION['profile']['id'], "CCA", "assurance", "Assuring", 1, $_SESSION['_config']['notarise']['id']);}*/
-/* to be activated after the CCA recording is announced
-               write_user_agreement($_SESSION['_config']['notarise']['id'], "CCA", "assurance", "Being assured", 0, $_SESSION['profile']['id']); */
 
                if($_SESSION['profile']['points'] < 150)
                {
@@ -404,16 +447,16 @@ $iecho= "c";
                echo "<p>"._("Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this.")."</p>";
 ?><form method="post" action="wot.php">
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
-  <tr>
-    <td colspan="2" class="title"><?=_("Assure Someone")?></td>
-  </tr>
-  <tr>
-    <td class="DataTD"><?=_("Email")?>:</td>
-    <td class="DataTD"><input type="text" name="email" id="email" value=""></td>
-  </tr>
-  <tr>
-    <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
-  </tr>
+       <tr>
+               <td colspan="2" class="title"><?=_("Assure Someone")?></td>
+       </tr>
+       <tr>
+               <td class="DataTD"><?=_("Email")?>:</td>
+               <td class="DataTD"><input type="text" name="email" id="email" value=""></td>
+       </tr>
+       <tr>
+               <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
+       </tr>
 </table>
 <input type="hidden" name="oldid" value="5">
 </form>
@@ -466,8 +509,8 @@ $iecho= "c";
                        $subject = $_REQUEST['subject'];
                        $userid = intval($_REQUEST['userid']);
                        $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$userid' and `listme`=1"));
-                       $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
-                                               where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0"));
+                       $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
+                                               where `to`='".$user['id']."' and `deleted` = 0 group by `to` HAVING SUM(`points`) > 0"));
                        if($points > 0)
                        {
                                $my_translation = L10n::get_translation();