Merge branch 'release' into bug-1221
[cacert-devel.git] / www / wot.php
index a8506cb..dec4246 100644 (file)
@@ -18,6 +18,8 @@
 <?
 require_once("../includes/loggedin.php");
 require_once("../includes/lib/l10n.php");
+require_once("../includes/notary.inc.php");
+
 
 
 function show_page($target,$message,$error)
@@ -87,34 +89,32 @@ function send_reminder()
 {
        $body = "";
        $my_translation = L10n::get_translation();
-       
+
        $_SESSION['_config']['reminder-lang'] = $_POST['reminder-lang'];
-       
+
        $reminder_translations[] = $_POST['reminder-lang'];
        if ( !in_array("en", $reminder_translations, $strict=true) ) {
                $reminder_translations[] = "en";
        }
-       
+
        foreach ($reminder_translations as $translation) {
                L10n::set_translation($translation);
-               
+
                $body .= L10n::$translations[$translation].":\n\n";
                $body .= sprintf(_("This is a short reminder that you filled out forms to become trusted with CAcert.org, and %s has attempted to issue you points. Please create your account at %s as soon as possible and then notify %s so that the points can be issued."), $_SESSION['profile']['fname']." (".$_SESSION['profile']['email'].")", "http://www.cacert.org", $_SESSION['profile']['fname'])."\n\n";
                $body .= _("Best regards")."\n";
                $body .= _("CAcert Support Team")."\n\n";
        }
-       
+
        L10n::set_translation($reminder_translations[0]); // for the subject
        sendmail($_POST['email'], "[CAcert.org] "._("Reminder Notice"), $body, $_SESSION['profile']['email'], "", "", $_SESSION['profile']['fname']);
-       
+
        L10n::set_translation($my_translation);
-       
+
        $_SESSION['_config']['remindersent'] = 1;
        $_SESSION['_config']['error'] = _("A reminder notice has been sent.");
 }
 
-
-
        loadem("account");
        if(array_key_exists('date',$_POST) && $_POST['date'] != "")
                $_SESSION['_config']['date'] = $_POST['date'];
@@ -122,13 +122,47 @@ function send_reminder()
        if(array_key_exists('location',$_POST) && $_POST['location'] != "")
                $_SESSION['_config']['location'] = $_POST['location'];
 
-       $oldid=array_key_exists('oldid',$_REQUEST)?intval($_REQUEST['oldid']):0;        
+       $oldid=array_key_exists('oldid',$_REQUEST)?intval($_REQUEST['oldid']):0;
 
        if($oldid == 12)
                $id = $oldid;
 
+       if($oldid == 4)
+       {
+               if ($_POST['ttp']!='') {
+                       //This mail does not need to be translated
+                       $body = "Hi TTP adminstrators,\n\n";
+                       $body .= "User ".$_SESSION['profile']['fname']." ".
+                       $_SESSION['profile']['lname']." with email address '".
+                       $_SESSION['profile']['email']."' is requesting a TTP assurances for ".
+                       mysql_escape_string(stripslashes($_POST['country'])).".\n\n";
+                       if ($_POST['ttptopup']=='1') {
+                               $body .= "The user is also requesting TTP TOPUP.\n\n";
+                       }else{
+                               $body .= "The user is NOT requesting TTP TOPUP.\n\n";
+                       }
+                       $body .= "The user received ".intval($_SESSION['profile']['points'])." assurance points up to today.\n\n";
+                       $body .= "Please start the TTP assurance process.";
+                       sendmail("support@cacert.org", "[CAcert.org] TTP request.", $body, "support@cacert.org", "", "", "CAcert Website");
+
+                       //This mail needs to be translated
+                       $body  =_("You are receiving this email because you asked for TTP assurance.")."\n\n";
+                       if ($_POST['ttptopup']=='1') {
+                               $body .=_("You are requesting TTP TOPUP.")."\n\n";
+                       }else{
+                               $body .=_("You are NOT requesting TTP TOPUP.")."\n\n";
+                       }
+                       $body .= _("Best regards")."\n";
+                       $body .= _("CAcert Support Team");
+
+                       sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("You requested TTP assurances"), $body, "support@cacert.org", "", "", "CAcert Support");
+
+               }
+
+       }
+
        if(($id == 5 || $oldid == 5 || $id == 6 || $oldid == 6))
-               if (!is_assurer($_SESSION['profile']['id'])) 
+               if (!is_assurer($_SESSION['profile']['id']))
                        {
                                show_page ("Exit","",get_assurer_reason($_SESSION['profile']['id']));
                                exit;
@@ -155,7 +189,7 @@ function send_reminder()
                        $_SESSION['_config']['noemailfound'] = 1;
                        show_page("EnterEmail","",_("I'm sorry, there was no email matching what you entered in the system. Please double check your information."));
                        exit;
-               } else 
+               } else
                {
                        $_SESSION['_config']['noemailfound'] = 0;
                        $_SESSION['_config']['notarise'] = mysql_fetch_assoc($res);
@@ -165,6 +199,14 @@ function send_reminder()
                                exit;
                        }
                }
+               $query = "select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' and `locked`=1";
+               $res = mysql_query($query);
+               if(mysql_num_rows($res) >= 1)
+               {
+                       $_SESSION['_config']['noemailfound'] = 0;
+                       show_page("EnterEmail","",_("This account is locked and can not be assured. For more information ask support@cacert.org."));
+                       exit;
+               }
        }
 
        if($oldid == 5 || $oldid == 6)
@@ -183,7 +225,7 @@ function send_reminder()
                }
 
                $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' and
-                                                       `to`='".$_SESSION['_config']['notarise']['id']."'";
+                       `to`='".$_SESSION['_config']['notarise']['id']."' and `deleted` = 0";
                $res = mysql_query($query);
                if(mysql_num_rows($res) > 0)
                {
@@ -195,37 +237,79 @@ function send_reminder()
        if($oldid == 6)
        {
 $iecho= "c";
+               //date checks
+               if(trim($_REQUEST['date']) == '')
+               {
+                       show_page("VerifyData","",_("You must enter the date when you met the assuree."));
+                       exit;
+               }
+
+               if(!check_date_format(trim($_REQUEST['date'])))
+               {
+                       show_page("VerifyData","",_("You must enter the date in this format: YYYY-MM-DD."));
+                       exit;
+               }
+
+               if(!check_date_difference(trim($_REQUEST['date'])))
+               {
+                       show_page("VerifyData","",_("You must not enter a date in the future."));
+                       exit;
+               }
+
+               //proof of identity check and accept arbitration, implements CCA
                if(!array_key_exists('assertion',$_POST) || $_POST['assertion'] != 1)
                {
                        show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
                        exit;
                }
 
-/*             if(!array_key_exists('rules',$_POST) || $_POST['rules'] != 1)
+               //proof of CCA agreement by assuree after 2010-01-01
+               if((!array_key_exists('CCAAgreed',$_POST) || $_POST['CCAAgreed'] != 1) and (check_date_format(trim($_REQUEST['date']),2010)))
                {
                        show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
                        exit;
                }
-*/
 
-               if((!array_key_exists('certify',$_POST) || $_POST['certify'] != 1 )  && $_SESSION['profile']['ttpadmin'] != 1)
+               //assurance done according to rules
+               if(!array_key_exists('rules',$_POST) || $_POST['rules'] != 1)
                {
                        show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
                        exit;
                }
 
-               if($_SESSION['profile']['ttpadmin'] != 1 && $_POST['location'] == "")
+               //met assuree in person, not appliciable for TTP / TTP Topup assurances
+               if((!array_key_exists('certify',$_POST) || $_POST['certify'] != 1 )  && $_REQUEST['method'] != "Trusted 3rd Parties")
+               {
+                       show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
+                       exit;
+               }
+
+               //check location, min 3 characters
+               if(!array_key_exists('location',$_POST) || trim($_POST['location']) == "")
                {
                        show_page("VerifyData","",_("You failed to enter a location of your meeting."));
                        exit;
                }
 
-               if($_REQUEST['points'] == "")
+               if(strlen(trim($_REQUEST['location']))<=2)
+               {
+                       show_page("VerifyData","",_("You must enter a location with at least 3 characters eg town and country."));
+                       exit;
+               }
+
+               //check for points in range 0-35, for nucleus 35 + 15 temporary
+               if($_REQUEST['points'] == "" || !is_numeric($_REQUEST['points']))
                {
                        show_page("VerifyData","",_("You must enter the number of points you wish to allocate to this person."));
                        exit;
                }
 
+               if($_REQUEST['points'] <0 || ($_REQUEST['points']>35))
+               {
+                       show_page("VerifyData","",_("The number of points you entered are out of the range given by policy."));
+                       exit;
+               }
+
                $query = "select * from `users` where `id`='".$_SESSION['_config']['notarise']['id']."'";
                $res = mysql_query($query);
                $row = mysql_fetch_assoc($res);
@@ -247,8 +331,8 @@ $iecho= "c";
                        $newpoints = $awarded = $max;
                if($newpoints < 0)
                        $newpoints = $awarded = 0;
-               
-               $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`";
+
+               $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' and `deleted` = 0 group by `to`";
                $res = mysql_query($query);
                $drow = mysql_fetch_assoc($res);
 
@@ -260,19 +344,20 @@ $iecho= "c";
                        $newpoints = $max - $drow['total'];
                if($newpoints < 0)
                        $newpoints = 0;
-               
+
                if(mysql_escape_string(stripslashes($_POST['date'])) == "")
                        $_POST['date'] = date("Y-m-d H:i:s");
 
                $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' AND
                                                `to`='".$_SESSION['_config']['notarise']['id']."' AND
-                                               `awarded`='$awarded' AND 
+                                               `awarded`='$awarded' AND
                                                `location`='".mysql_escape_string(stripslashes($_POST['location']))."' AND
-                                               `date`='".mysql_escape_string(stripslashes($_POST['date']))."'";
+                                               `date`='".mysql_escape_string(stripslashes($_POST['date']))."' AND
+                                               `deleted`=0";
                $res = mysql_query($query);
                if(mysql_num_rows($res) > 0)
                {
-                        show_page("VerifyEmail","",_("Identical Assurance attempted, will not continue."));
+                       show_page("VerifyEmail","",_("Identical Assurance attempted, will not continue."));
                        exit;
                }
        }
@@ -285,19 +370,18 @@ $iecho= "c";
                                                `location`='".mysql_escape_string(stripslashes($_POST['location']))."',
                                                `date`='".mysql_escape_string(stripslashes($_POST['date']))."',
                                                `when`=NOW()";
-               if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
-               {
-                       $query .= ",\n`method`='Temporary Increase'";
-                       $query .= ",\n`expire`=DATE_ADD(NOW(), INTERVAL '".intval($_POST['expire'])."' DAY)";
-                       $query .= ",\n`sponsor`='".intval($_POST['sponsor'])."'";
-               } else if($_SESSION['profile']['board'] == 1) {
-                       $query .= ",\n`method`='".mysql_escape_string(stripslashes($_POST['method']))."'";
-               } else if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) {
+               //record active acceptance by Assurer
+               if (check_date_format(trim($_REQUEST['date']),2010)) {
+                       write_user_agreement($_SESSION['profile']['id'], "CCA", "assurance", "Assuring", 1, $_SESSION['_config']['notarise']['id']);
+                       write_user_agreement($_SESSION['_config']['notarise']['id'], "CCA", "assurance", "Being assured", 0, $_SESSION['profile']['id']);
+               }
+               if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) {
                        $query .= ",\n`method`='TTP-Assisted'";
                }
                mysql_query($query);
                fix_assurer_flag($_SESSION['_config']['notarise']['id']);
-               
+               include_once("../includes/notary.inc.php");
+
                if($_SESSION['profile']['points'] < 150)
                {
                        $addpoints = 0;
@@ -313,13 +397,14 @@ $iecho= "c";
                                                        `method`='Administrative Increase',
                                                        `when`=NOW()";
                        mysql_query($query);
+
                        // No need to fix_assurer_flag here, this should only happen for assurers...
                        $_SESSION['profile']['points'] += $addpoints;
                }
 
                $my_translation = L10n::get_translation();
                L10n::set_translation($_SESSION['_config']['notarise']['language']);
-               
+
                $body  = sprintf(_("You are receiving this email because you have been assured by %s %s (%s)."), $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'])."\n\n";
                if($_POST['points'] != $newpoints)
                        $body .= sprintf(_("You were issued %s points however the system has rounded this down to %s and you now have %s points in total."), $_POST['points'], $newpoints, ($newpoints + $drow['total']))."\n\n";
@@ -333,22 +418,13 @@ $iecho= "c";
 
                if(($drow['total'] + $newpoints) >= 100 && $newpoints > 0)
                {
-                       $body .= _("You have at least 100 Assurance Points. If you want ".
-                                       "to become an assurer try the Assurer Challenge").
-                                       " ( https://cats.cacert.org ).\n\n";
-                       $body .= _("To make it easier for others in your area to find ".
-                                       "you, it's helpful to list yourself as an assurer (this ".
-                                       "is voluntary), as well as a physical location where you ".
-                                       "live or work the most. You can flag your account to be ".
-                                       "listed, and add a comment to the display by going to:")."\n";
+                       $body .= _("You have at least 100 Assurance Points, if you want to become an assurer try the Assurer Challenge")." ( https://cats.cacert.org )\n\n";
+                       $body .= _("To make it easier for others in your area to find you, it's helpful to list yourself as an assurer (this is voluntary), as well as a physical location where you live or work the most. You can flag your account to be listed, and add a comment to the display by going to:")."\n";
                        $body .= "https://www.cacert.org/wot.php?id=8\n\n";
                        $body .= _("You can list your location by going to:")."\n";
                        $body .= "https://www.cacert.org/wot.php?id=13\n\n";
                }
 
-               if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
-                       $body .= sprintf(_("Please Note: this is a temporary increase for %s days only. After that time your points will be reduced to 150 points."), intval($_POST['expire']))."\n\n";
-
                $body .= _("Best regards")."\n";
                $body .= _("CAcert Support Team");
 
@@ -362,34 +438,25 @@ $iecho= "c";
                else
                        $body .= sprintf(_("You issued %s points and they now have %s points in total."), $newpoints, ($newpoints + $drow['total']))."\n\n";
 
-               if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
-                       $body .= sprintf(_("Please Note: this is a temporary increase for %s days only. After that time their points will be reduced to 150 points."), intval($_POST['expire']))."\n\n";
                $body .= _("Best regards")."\n";
                $body .= _("CAcert Support Team");
 
                sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("You've Assured Another Member."), $body, "support@cacert.org", "", "", "CAcert Support");
 
-               if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
-               {
-                       $body  = sprintf("%s %s (%s) has issued a temporary increase to 200 points for %s %s (%s) for %s days. This action was sponsored by %s %s (%s).", $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'], $_SESSION['_config']['notarise']['fname'], $_SESSION['_config']['notarise']['lname'], $_SESSION['_config']['notarise']['email'], intval($_POST['expire']), $sponsor['fname'], $sponsor['lname'], $sponsor['email'])."\n\n";
-
-                       sendmail("cacert-board@lists.cacert.org", "[CAcert.org] Temporary Increase Issued.", $body, "website@cacert.org", "", "", "CAcert Website");
-               }
-
                showheader(_("My CAcert.org Account!"));
                echo "<p>"._("Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this.")."</p>";
 ?><form method="post" action="wot.php">
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
-  <tr>
-    <td colspan="2" class="title"><?=_("Assure Someone")?></td>
-  </tr>
-  <tr>
-    <td class="DataTD"><?=_("Email")?>:</td>
-    <td class="DataTD"><input type="text" name="email" id="email" value=""></td>
-  </tr>
-  <tr>
-    <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
-  </tr>
+       <tr>
+               <td colspan="2" class="title"><?=_("Assure Someone")?></td>
+       </tr>
+       <tr>
+               <td class="DataTD"><?=_("Email")?>:</td>
+               <td class="DataTD"><input type="text" name="email" id="email" value=""></td>
+       </tr>
+       <tr>
+               <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
+       </tr>
 </table>
 <input type="hidden" name="oldid" value="5">
 </form>
@@ -442,16 +509,16 @@ $iecho= "c";
                        $subject = $_REQUEST['subject'];
                        $userid = intval($_REQUEST['userid']);
                        $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$userid' and `listme`=1"));
-                       $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
-                                               where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0"));
+                       $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
+                                               where `to`='".$user['id']."' and `deleted` = 0 group by `to` HAVING SUM(`points`) > 0"));
                        if($points > 0)
                        {
                                $my_translation = L10n::get_translation();
                                L10n::set_translation($user['language']);
-                               
+
                                $subject = "[CAcert.org] ".sprintf(_("Message from %s"),
                                                $_SESSION['profile']['fname']);
-                               
+
                                $body  = sprintf(_("Hi %s,"), $user['fname'])."\n\n";
                                $body .= sprintf(_("%s %s has sent you a message via the ".
                                                "contact an Assurer form on CAcert.org."),
@@ -467,16 +534,16 @@ $iecho= "c";
                                                "abused, please write to support@cacert.org")."\n\n";
                                $body .= _("Best regards")."\n";
                                $body .= _("Your CAcert Community");
-                               
+
                                sendmail($user['email'], $subject, $body,
                                                $_SESSION['profile']['email'], //from
                                                "", //replyto
                                                "", //toname
                                                $_SESSION['profile']['fname']." ".
                                                        $_SESSION['profile']['lname']); //fromname
-                               
+
                                L10n::set_translation($my_translation);
-                               
+
                                showheader(_("My CAcert.org Account!"));?>
                                <p>
                                        <? printf(_("Your email has been sent to %s."), $user['fname']); ?>
@@ -489,10 +556,10 @@ $iecho= "c";
                                show_page(0,"",_("Sorry, I was unable to locate that user."));
                                exit;
                        }
-               
+
                }
-       } 
-       if($oldid == 9) 
+       }
+       if($oldid == 9)
        {
                $oldid=0;
                $id = 9;