Merge branch 'bug-1054' into bug-1042
authorBenny Baumann <BenBE@geshi.org>
Wed, 29 Apr 2015 22:18:16 +0000 (00:18 +0200)
committerBenny Baumann <BenBE@geshi.org>
Wed, 29 Apr 2015 22:18:16 +0000 (00:18 +0200)
19 files changed:
cgi-bin/siteseal.cgi [deleted file]
includes/account.php
includes/general.php
includes/lib/account.php
includes/loggedin.php
scripts/cron/refresh_stats.php
stamp/.htaccess [deleted file]
stamp/certdet.php [deleted file]
stamp/common.php [deleted file]
stamp/displogo.php [deleted file]
stamp/images/CAverify.png [deleted file]
stamp/index.php [deleted file]
stamp/old_showlogo.php.broken [deleted file]
stamp/report.php [deleted file]
stamp/showlogo.php [deleted file]
stamp/style.css [deleted file]
www/api/ccsr.php [deleted file]
www/api/cemails.php [deleted file]
www/wot.php

diff --git a/cgi-bin/siteseal.cgi b/cgi-bin/siteseal.cgi
deleted file mode 100755 (executable)
index ac28697..0000000
+++ /dev/null
@@ -1,92 +0,0 @@
-#!/usr/bin/php -q
-<?
-/**
- * check site seal
- *
- * @package org.cacert.framework
- * @author Duane Groth <duane@groth.net>
- * @copyright Copyright (C) 2003-2008, {@link http://www.cacert.org/ CAcert Inc.}
- * @license GPL Version 2
- * @version $Id: siteseal.cgi,v 1.4 2008-04-06 19:44:25 root Exp $
- */
-
-if($_SERVER["HTTPS"] == "on")
-  $http = "https";
-else
-  $http = "http";
-
-/* obfuscate var names */
-srand((double)microtime()*1000000);
-$var1 = "ca1-".md5(rand(0,9999999));
-$var2 = "ca2-".md5(rand(0,9999999));
-$var3 = "ca3-".md5(rand(0,9999999));
-$var4 = "ca4-".md5(rand(0,9999999));
-$var5 = "ca5-".md5(rand(0,9999999));
-$var6 = "ca6-".md5(rand(0,9999999));
-$var7 = "ca7-".md5(rand(0,9999999));
-$var8 = "ca8-".md5(rand(0,9999999));
-$var9 = "ca9-".md5(rand(0,9999999));
-$var10 = "caa-".md5(rand(0,9999999));
-$var11 = "cab-".md5(rand(0,9999999));
-
-header("Content-Type: text/javascript");
-header("Content-Disposition: inline; filename=\"siteseal.js\"");
-
-?>
-
-var <?=$var1?> = window.location.href;
-<? // var <?=$var2?> = '<?=$http?>://www.cacert.org/certdetails.php?referer=' + <?=$var1?>; ?>
-var <?=$var2?> = '<?=$http?>://www.cacert.org';
-var <?=$var3?> = (new Date()).getTimezoneOffset();
-
-var <?=$var4?> = navigator.userAgent.toLowerCase();
-var <?=$var5?> = false;
-if (<?=$var4?>.indexOf("msid") != 1) {
-  <?=$var5?> = (<?=$var4?>.indexOf("msie 5") == -1 && <?=$var4?>.indexOf("msie 6") == -1);
-}
-
-function <?=$var6?>(e) {
-  if (document.addEventListener) {
-    if (e.target.name == '<?=$var7?>') {
-      <?=$var8?>();
-      return false;
-    }
-  } else if (document.captureEvents) {
-    if (e.target.toString().indexOf('certdetails') != -1) {
-      <?=$var8?>();
-      return false;
-    }
-  }
-  return true;
-}
-
-function <?=$var9?>() {
-  if (event.button == 1) {
-    if (<?=$var5?>) {
-      return true;
-    } else {
-      <?=$var8?>();
-      return false;
-    }
-  } else if (event.button == 2) {
-    <?=$var8?>();
-    return false;
-  }
-}
-
-function <?=$var8?>() {
-  cacertWindow = window.open(<?=$var2?>, '<?=$var10?>', config='height=420,width=523,toolbar=no,menubar=no,scrollbars=no,resizable=no,location=no,directories=no,status=yes');
-  cacertWindow.focus();
-}
-
-if (document.addEventListener) {
-  document.addEventListener('mouseup', <?=$var6?>, true);
-} else {
-  if (document.layers) {
-    document.captureEvents(Event.MOUSEDOWN);
-    document.onmousedown=<?=$var6?>;
-  }
-}
-
-document.write("<a href='" + <?=$var2?> + "' target='<?=$var10?>'  tabindex='-1' onmousedown='<?=$var9?>(); return false;'><img name='<?=$var7?>' border='0' src='<?=$http?>://www.cacert.org/sealgen.php?cert=<?=$cert?>&referer=" + <?=$var1?> + "' alt='Click to verify' oncontextmenu='return false;' /></a>"); ?>
-
index 6dacf2d..843dbe6 100644 (file)
@@ -1275,10 +1275,7 @@ function buildSubjectFromSession() {
 
        if($oldid == 13 && $process != "")
        {
-               $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted` = 0 group by `to`";
-               $ddres = mysql_query($ddquery);
-               $ddrow = mysql_fetch_assoc($ddres);
-               $_SESSION['profile']['points'] = $ddrow['total'];
+               update_points_in_profile();
 
                if($_SESSION['profile']['points'] == 0)
                {
@@ -1337,10 +1334,7 @@ function buildSubjectFromSession() {
                $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
                $_SESSION['profile']['loggedin'] = 1;
 
-               $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted` = 0 group by `to`";
-               $ddres = mysql_query($ddquery);
-               $ddrow = mysql_fetch_assoc($ddres);
-               $_SESSION['profile']['points'] = $ddrow['total'];
+               update_points_in_profile();
 
 
                $id = 13;
index 45162c0..889b8d8 100644 (file)
@@ -47,8 +47,7 @@
        if(array_key_exists('HTTP_HOST',$_SERVER) &&
                        $_SERVER['HTTP_HOST'] != $_SESSION['_config']['normalhostname'] &&
                        $_SERVER['HTTP_HOST'] != $_SESSION['_config']['securehostname'] &&
-                       $_SERVER['HTTP_HOST'] != $_SESSION['_config']['tverify'] &&
-                       $_SERVER['HTTP_HOST'] != "stamp.cacert.org")
+                       $_SERVER['HTTP_HOST'] != $_SESSION['_config']['tverify'])
        {
                if(array_key_exists('HTTPS',$_SERVER) && $_SERVER['HTTPS'] == "on")
                        header("location: https://".$_SESSION['_config']['normalhostname']);
index dd8afd3..6e17dda 100644 (file)
@@ -48,8 +48,8 @@ function fix_assurer_flag($userID = NULL)
                                        AND `cp`.`user_id` = `u`.`id`
                        )
                        AND (
-                               SELECT SUM(`points`) FROM `notary` AS `n`
-                               WHERE `n`.`to` = `u`.`id`
+                               SELECT SUM(`awarded`) FROM `notary` AS `n`
+                               WHERE `n`.`to` = `u`.`id` AND `n`.`method` != 'Administrative Increase' AND `n`.`from` != `n`.`to`
                                        AND (`n`.`expire` > now()
                                             OR `n`.`expire` IS NULL)
                                        AND `n`.`deleted` = 0
@@ -81,8 +81,8 @@ function fix_assurer_flag($userID = NULL)
                                                AND `cp`.`user_id` = `u`.`id`
                                )
                                OR (
-                                       SELECT SUM(`points`) FROM `notary` AS `n`
-                                       WHERE `n`.`to` = `u`.`id`
+                                       SELECT SUM(`awarded`) FROM `notary` AS `n`
+                                       WHERE `n`.`to` = `u`.`id` AND `n`.`method` != 'Administrative Increase' AND `n`.`from` != `n`.`to`
                                                AND (
                                                        `n`.`expire` > now()
                                                        OR `n`.`expire` IS NULL
index c14f8c2..8a1dab3 100644 (file)
 
        if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] > 0)
        {
-               $query = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted` = 0 group by `to`";
-               $res = mysql_query($query);
-               $row = mysql_fetch_assoc($res);
-               $_SESSION['profile']['points'] = $row['total'];
+               update_points_in_profile();
 
-               if($_SESSION['profile']['language'] == "")
+               If($_SESSION['profile']['language'] == "")
                {
                        $query = "update `users` set `language`='".L10n::get_translation()."'
                                                        where `id`='".intval($_SESSION['profile']['id'])."'";
index 3b446ba..2d6b2de 100755 (executable)
@@ -122,24 +122,24 @@ function getDataFromLive() {
        $stats['users_1to49'] = number_format(tc(
                "select count(*) as `count` from (
                        select 1 from `notary`
-                               where `deleted` = 0
+                               where `deleted` = 0 AND `method` != 'Administrative Increase' AND `from` != `to`
                                group by `to`
-                               having sum(`points`) > 0 and sum(`points`) < 50
+                               having sum(`awarded`) > 0 and sum(`awarded`) < 50
                        ) as `low_points`"));
 
        $stats['users_50to99'] = number_format(tc(
                "select count(*) as `count` from (
                        select 1 from `notary`
-                               where `deleted` = 0
+                               where `deleted` = 0 AND `method` != 'Administrative Increase' AND `from` != `to`
                                group by `to`
-                               having sum(`points`) >= 50 and sum(`points`) < 100
+                               having sum(`awarded`) >= 50 and sum(`awarded`) < 100
                        ) as `high_points`"));
 
        $stats['assurer_candidates'] = number_format(tc(
                "select count(*) as `count` from `users`
                        where (
-                               select sum(`points`) from `notary`
-                                       where `to`=`users`.`id`
+                               select sum(`awarded`) from `notary`
+                                       where `to`=`users`.`id` AND `method` != 'Administrative Increase' AND `from` != `to`
                                        and `deleted` = 0
                                ) >= 100
                        and not exists(
@@ -153,8 +153,8 @@ function getDataFromLive() {
        $stats['aussurers_with_test'] = number_format(tc(
                "select count(*) as `count` from `users`
                        where (
-                               select sum(`points`) from `notary`
-                                       where `to`=`users`.`id`
+                               select sum(`awarded`) from `notary`
+                                       where `to`=`users`.`id` AND `method` != 'Administrative Increase' AND `from` != `to`
                                        and `deleted` = 0
                                ) >= 100
                        and exists(
@@ -194,7 +194,7 @@ function getDataFromLive() {
                                        where `when` >= '$first' and `when` < '$next_month'
                                        and `method`!='Administrative Increase'
                                        and `deleted` = 0
-                                       group by `to` having sum(`points`) >= 100
+                                       group by `to` having sum(`awarded`) >= 100
                                ) as `assurer_candidates`");
 
                $certs = tc(
@@ -257,7 +257,7 @@ function getDataFromLive() {
                                        where `when` >= '$first' and `when` < '$next_year'
                                        and `method`!='Administrative Increase'
                                        and `deleted` = 0
-                                       group by `to` having sum(`points`) >= 100
+                                       group by `to` having sum(`awarded`) >= 100
                                ) as `assurer_candidates`");
 
                $certs = tc(
diff --git a/stamp/.htaccess b/stamp/.htaccess
deleted file mode 100644 (file)
index 3ad2abb..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-php_value auto_prepend_file /www/stamp/common.php
-php_value output_buffering 1
-errordocument 404 /error404.php
-errordocument 403 /error403.php
-errordocument 401 /error401.php
diff --git a/stamp/certdet.php b/stamp/certdet.php
deleted file mode 100644 (file)
index a43d2a0..0000000
+++ /dev/null
@@ -1,86 +0,0 @@
-<? /*
-    LibreSSL - CAcert web application
-    Copyright (C) 2004-2008  CAcert Inc.
-
-    This program is free software; you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation; version 2 of the License.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License
-    along with this program; if not, write to the Free Software
-    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/
-       $org = $invalid = 0;
-       $tz = intval($_REQUEST['tz']);
-       $now = date("Y-m-d", gmmktime("U") + ($tz * 3600));
-
-       $arr = explode("//", mysql_real_escape_string(trim($_REQUEST['refer'])), 2);
-       $arr = explode("/", $arr['1'], 2);
-       $ref = $arr['0'];
-
-        $arr = explode("//", mysql_real_escape_string(trim($_SERVER['HTTP_REFERER'])), 2);
-        $arr = explode("/", $arr['1'], 2);
-        $siteref = $arr['0'];
-
-       if($siteref != "")
-               $siterefer = $_SERVER['HTTP_REFERER'];
-       else
-               $siterefer = $_REQUEST['refer'];
-
-        if($ref == "" || ($ref != $siteref && $siteref != ""))
-        {
-               $invalid = 2;
-        } else {
-               if($_SESSION['_stamp']['ref'] == "")
-                       $_SESSION['_stamp']['ref'] = $siterefer;
-               list($invalid, $info) = checkhostname($ref);
-       }
-?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<html>
-<head>
-<title>CAcert.org Certificate Details!</title>
-<link rel="stylesheet" href="style.css" type="text/css">
-</head>
-<body>
- <div id="pagecell1">
-  <div id="pageName"><br>
-    <h2><a href="http<? if($_SERVER['HTTPS']=="on") { echo "s"; } ?>://www.cacert.org">
-       <img src="http<? if($_SERVER['HTTPS']=="on") { echo "s"; } ?>://www.cacert.org/images/cacert3.png" border="0" alt="CAcert.org logo"></a></h2>
-<? if($_SERVER['HTTPS']!="on") { ?>
-<div id="googlead"><br><script type="text/javascript"><!--
-google_ad_client = "pub-0959373285729680";
-google_alternate_color = "ffffff";
-google_ad_width = 234;
-google_ad_height = 60;
-google_ad_format = "234x60_as";
-google_ad_type = "text";
-google_ad_channel = "";
-//--></script>
-<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script></div>
-<? } ?>
-  </div>
-  <div id="content">
-    <div class="story">
-      <h3>SSL Certificate Details for <?=$ref?></h3>
-<? if($invalid == 0) { ?>
-      <p>
-       Status: Valid<br />
-       Valid From: <?=$info['issued']?> GMT<br />
-       Valid To: <?=$info['expire']?> GMT<br />
-       Subject: <a href="#" title="<?=$info['subject']?>" onClick="return false;"><?=substr($info['subject'],0,80)?></a><br />
-       Organisation: <? if($info['org'] == 0) { ?>N/A<? } else { echo $info['O'].", ".$info['L']." ".$info['ST']." ".$info['C']; } ?><br />
-       Verification: <? if($info['points'] >= 50) { echo "Person had been assured at time of issue with at least 50 points."; } 
-               else if($info['org'] == 1) { ?>This organisation was assured at the time the certificate was issued.<? } ?></p>
-<? } else { ?>
-       <p style="color:red">This site has potentially abused CAcert logos and Copyrights, please report it so we may further investigate.</p>
-<? } ?>
-       <p><a href="report.php">Problem with this site? Please report it</a></p>
-    </div>
-   </div>
-</body>
-</html>
diff --git a/stamp/common.php b/stamp/common.php
deleted file mode 100644 (file)
index d99a23a..0000000
+++ /dev/null
@@ -1,151 +0,0 @@
-<? /*
-    LibreSSL - CAcert web application
-    Copyright (C) 2004-2008  CAcert Inc.
-
-    This program is free software; you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation; version 2 of the License.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License
-    along with this program; if not, write to the Free Software
-    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/
-
-       include_once("/www/includes/general.php");
-
-       function clean($key)
-       {
-               return(mysql_real_escape_string(strip_tags(trim($_REQUEST[$key]))));
-       }
-
-       function checkhostname($ref)
-       {
-               $ref = trim($ref);
-               if($ref[count($ref)-1] == "." || $ref[count($ref)-1] == ":")
-                       $ref = substr($ref, 0, -1);
-
-               $stampid = 0;
-               $query = "select * from `stampcache` where `hostname`='$ref'";
-               $res = mysql_query($query);
-               if(mysql_num_rows($res) > 0)
-               {
-                       $row = mysql_fetch_assoc($res);
-                       if($row['cacheexpire'] >= date("U"))
-                               return(array($row['valid'], $row));
-                       else {
-                               if($row['certid'] > 0)
-                               {
-                                       if($row['org'] == 0)
-                                               $query = "select * from `domaincerts` where `id`='".intval($row['certid'])."' and `expire`>NOW() and `revoked`=0";
-                                       else
-                                               $query = "select * from `orgdomaincerts` where `id`='".intval($row['certid'])."' and `expire`>NOW() and `revoked`=0";
-                                       if($_REQUEST['debug'] == 1)
-                                               echo $query."<br>\n";
-                                       $res = mysql_query($query);
-                                       if(mysql_num_rows($res) > 0)
-                                       {
-                                               $query = "update `stampcache` set `cacheexpire`='".(date("U")+600)."' where `id`='$row[id]'";
-                                               if($_REQUEST['debug'] == 1)
-                                                       echo $query."<br>\n";
-                                               mysql_query($query);
-                                               return(array($row['valid'], $row));
-                                       }
-                               }
-                               $stampid = $row['id'];
-                       }
-               }
-
-               $query = "select *,`domaincerts`.`id` as `certid`,`domaincerts`.`created` as `issued` from `domlink`,`domains`,`domaincerts`
-                               where `domlink`.`domid`=`domains`.`id` and `domlink`.`certid`=`domaincerts`.`id` and
-                               `domaincerts`.`revoked`=0 and `domaincerts`.`expire` > NOW() and
-                               (`domaincerts`.`subject` like '%=DNS:$ref/%' OR `domaincerts`.`subject` like '%=$ref/%' OR
-                                       `domaincerts`.`subject` like '%=DNS:$ref' OR `domaincerts`.`subject` like '%=$ref')
-                               group by `domaincerts`.`id` order by `domaincerts`.`id`";
-               if($_REQUEST['debug'] == 1)
-                       echo $query."<br>\n";
-               $res = mysql_query($query);
-               if(mysql_num_rows($res) <= 0)
-               {
-                       $bits = explode(".", $ref);
-                       for($i = 1; $i < count($bits); $i++)
-                       {
-                               if($ref2 != "")
-                                       $ref2 .= ".";
-                               $ref2 .= $bits[$i];
-                       }
-                       $query = "select *,`domaincerts`.`id` as `certid`,`domaincerts`.`created` as `issued` from `domlink`,`domains`,`domaincerts`
-                                       where `domlink`.`domid`=`domains`.`id` and `domlink`.`certid`=`domaincerts`.`id` and
-                                       `domaincerts`.`revoked`=0 and `domaincerts`.`expire` > NOW() and
-                                       (`domaincerts`.`subject` like '%=DNS:$ref/%' or `domaincerts`.`subject` like '%=DNS:*.$ref2/%' OR
-                                       `domaincerts`.`subject` like '%=DNS:$ref' or `domaincerts`.`subject` like '%=DNS:*.$ref2' OR
-                                       `domaincerts`.`subject` like '%=$ref/%' or `domaincerts`.`subject` like '%=*.$ref2/%' OR
-                                       `domaincerts`.`subject` like '%=$ref' or `domaincerts`.`subject` like '%=*.$ref2')
-                                       group by `domaincerts`.`id` order by `domaincerts`.`id`";
-                       if($_REQUEST['debug'] == 1)
-                               echo $query."<br>\n";
-                       $res = mysql_query($query);
-                       if(mysql_num_rows($res) <= 0)
-                       {
-                               $query = "select *,`orgdomaincerts`.`id` as `certid`,`orgdomaincerts`.`created` as `issued` from `orgdomaincerts`,`orgdomlink`,`orgdomains` where
-                                               (`orgdomaincerts`.`subject` like '%=DNS:$ref/%' or `orgdomaincerts`.`subject` like '%=DNS:*.$ref2/%' OR
-                                               `orgdomaincerts`.`subject` like '%=DNS:$ref' or `orgdomaincerts`.`subject` like '%=DNS:*.$ref2' OR
-                                               `orgdomaincerts`.`subject` like '%=$ref/%' or `orgdomaincerts`.`subject` like '%=*.$ref2/%' OR
-                                               `orgdomaincerts`.`subject` like '%=$ref' or `orgdomaincerts`.`subject` like '%=*.$ref2') AND
-                                               `orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and `orgdomlink`.`orgdomid`=`orgdomains`.`id` and
-                                               `orgdomaincerts`.`revoked`=0 and `orgdomaincerts`.`expire` > NOW()
-                                               group by `orgdomaincerts`.`id` order by `orgdomaincerts`.`id`";
-                               if($_REQUEST['debug'] == 1)
-                                       echo $query."<br>\n";
-                               $res = mysql_query($query);
-                               if(mysql_num_rows($res) <= 0)
-                               {
-                                       $invalid = 1;
-                               } else {
-                                       $org = 1;
-                               }
-                       }
-               }
-
-               if($invalid == 0)
-               {
-                       $cert = mysql_fetch_assoc($res);
-                       if($org == 0)
-                       {
-                               $query = "SELECT *, sum(`points`) AS `total` FROM `users`, `notary` WHERE `users`.`id` = '$cert[memid]' AND
-                                               `notary`.`to` = `users`.`id` and `notary`.`when` <= '$cert[issued]' and `notary`.`deleted`=0 GROUP BY `notary`.`to`";
-                               $user = mysql_fetch_assoc(mysql_query($query));
-                       } else {
-                               $query = "select * from `orginfo` where `id`='$cert[orgid]'";
-                               $orgi = mysql_fetch_assoc(mysql_query($query));
-                       }
-
-                       if($stampid <= 0)
-                       {
-                               $query = "insert into `stampcache` set `certid`='$cert[certid]',`cacheexpire`='".(date("U")+600)."',`issued`='$cert[issued]',
-                                               `expire`='$cert[expire]',`subject`='$cert[subject]',`hostname`='$ref',`org`='$org',`points`='$user[total]',
-                                               `O`='$orgi[O]',`L`='$orgi[L]',`ST`='$orgi[ST]',`C`='$orgi[C]',`valid`='$invalid'";
-                       } else {
-                               $query = "update `stampcache` set `certid`='$cert[certid]',`cacheexpire`='".(date("U")+600)."',`issued`='$cert[issued]',
-                                               `expire`='$cert[expire]',`subject`='$cert[subject]',`hostname`='$ref',`org`='$org',`points`='$user[total]',
-                                               `O`='$orgi[O]',`L`='$orgi[L]',`ST`='$orgi[ST]',`C`='$orgi[C]',`valid`='$invalid' where `id`='$stampid'";
-                       }
-                       mysql_query($query);
-               } else if($stampid > 0) {
-                       mysql_query("update `stampcache` set `cacheexpire`='".(date("U")+600)."' where `id`='$stampid'");
-               } else {
-                       $query = "insert into `stampcache` set `cacheexpire`='".(date("U")+600)."',`hostname`='$ref',`valid`='$invalid'";
-                       mysql_query($query);
-               }
-
-               $arr = array("issued" => $cert['issued'], "expire" => $cert['expire'], "subject" => $cert['subject'], "hostname" => $ref,
-                               "org" => $org, "points" => $user['total'], "O" => $orgi['O'], "L" => $orgi['L'], "ST" => $orgi['ST'],
-                               "C" => $orgi['C']);
-
-               return(array($invalid, $arr));
-       }
-?>
diff --git a/stamp/displogo.php b/stamp/displogo.php
deleted file mode 100644 (file)
index 9c1f534..0000000
+++ /dev/null
@@ -1,59 +0,0 @@
-<? /*
-    LibreSSL - CAcert web application
-    Copyright (C) 2004-2008  CAcert Inc.
-
-    This program is free software; you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation; version 2 of the License.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License
-    along with this program; if not, write to the Free Software
-    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/
-       $img = "/www/stamp/images/CAverify.png";
-       $arr = explode("//", mysql_real_escape_string(trim($_REQUEST['refer'])), 2);
-       $arr = explode("/", $arr['1'], 2);
-       $ref = $arr['0'];
-
-       $arr = explode("//", mysql_real_escape_string(trim($_SERVER['HTTP_REFERER'])), 2);
-       $arr = explode("/", $arr['1'], 2);
-       $siteref = $arr['0'];
-
-       if($_REQUEST['debug'] != 1)
-               header('Content-type: image/png');
-       $im = imagecreatefrompng($img);
-
-       if($ref == "" || ($ref != $siteref && $siteref != ""))
-       {
-               $tc = imagecolorallocate ($im, 255, 0, 0);
-               imagestring ($im, 2, 1, 30, "INVALID DOMAIN", $tc);
-               imagestring ($im, 2, 1, 45, "Click to Report", $tc);
-               imagepng($im);
-               exit;   
-       }
-
-       list($invalid, $info) = checkhostname($ref);
-
-       if($invalid > 0)
-       {
-               $tc = imagecolorallocate ($im, 255, 0, 0);
-               imagestring ($im, 2, 1, 30, "INVALID DOMAIN", $tc);
-               imagestring ($im, 2, 1, 45, "Click to Report", $tc);
-               imagepng($im);
-               exit;
-       }
-
-       $tz = intval($_REQUEST['tz']);
-       $now = date("Y-m-d", gmmktime("U") + ($tz * 3600));
-
-       $tc = imagecolorallocate ($im, 0, 0, 0);
-       imagestring ($im, 4, 1, 27, "Valid Cert!", $tc);
-       imagestring ($im, 1, 7, 42, "Click to Verify", $tc);
-       imagestring ($im, 1, 20, 52, $now, $tc);
-       imagepng($im);
-?>
diff --git a/stamp/images/CAverify.png b/stamp/images/CAverify.png
deleted file mode 100644 (file)
index ab5c1ea..0000000
Binary files a/stamp/images/CAverify.png and /dev/null differ
diff --git a/stamp/index.php b/stamp/index.php
deleted file mode 100644 (file)
index 81a88db..0000000
+++ /dev/null
@@ -1,75 +0,0 @@
-<? /*
-    LibreSSL - CAcert web application
-    Copyright (C) 2004-2008  CAcert Inc.
-
-    This program is free software; you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation; version 2 of the License.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License
-    along with this program; if not, write to the Free Software
-    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/ ?>
-
-
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<html>
-<head>
-<title>CAcert.org Site Stamp DISCONTINUED!</title>
-<link rel="stylesheet" href="style.css" type="text/css">
-</head>
-<body>
- <div id="pagecell1">
-  <div id="pageName"><br>
-    <h2><a href="http<? if($_SERVER['HTTPS']=="on") { echo "s"; } ?>://www.cacert.org">
-       <img src="http<? if($_SERVER['HTTPS']=="on") { echo "s"; } ?>://www.cacert.org/images/cacert3.png" border="0" alt="CAcert.org logo"></a></h2>
-<? if($_SERVER['HTTPS']!="on") { ?>
-<div id="googlead"><br><script type="text/javascript"><!--
-google_ad_client = "pub-0959373285729680";
-google_alternate_color = "ffffff";
-google_ad_width = 234;
-google_ad_height = 60;
-google_ad_format = "234x60_as";
-google_ad_type = "text";
-google_ad_channel = "";
-//--></script>
-<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script></div>
-<? } ?>
-  </div>
-  <div id="content">
-    <div class="story">
-      <h3>CAcert.org Site Stamp DISCONTINUED!</h3>
-
-      The CAcert Site Stamp service is currently being discontinued. Please remove the stamps from your website.
-      <!--
-      <p>The CAcert Site Stamp Programme is a very useful tool for site owners everywhere, it allows you yet another option to prevent people
-               from stealing your content or making a fake site to pretend to be your site to carry out a phishing attack against your customers.</p>
-      <p>To add the CAcert logo to your site you need to register for a <a href="https://www.cacert.org">CAcert</a> server certificate, then add the
-               following line somewhere on your website:</p>
-      <p>&lt;script type="text/javascript"&gt;<br />
-       &lt;!- -<br />
-               document.write('&lt;');<br />
-               document.write('script type="text/javascript" src="'+location.protocol+'//stamp.cacert.org/showlogo.php"&gt;&lt;');<br />
-               document.write('/script&gt;');<br />
-       // - -&gt;<br />
-       &lt;/script&gt;</p>
-       < s c ript type="text/javascript">
-       < ! -<? ?> -
-               document.write('<');
-               document.write('script type="text/javascript" src="'+location.protocol+'//stamp.cacert.org/showlogo.php"><');
-               document.write('/script>');
-       //- ->
-       </script>
-       <br /><br /><br /><br />
-       -->
-    </div>
-    
-  </div>
- </div>
-</body>
-</html>
diff --git a/stamp/old_showlogo.php.broken b/stamp/old_showlogo.php.broken
deleted file mode 100644 (file)
index 7f9045c..0000000
+++ /dev/null
@@ -1,25 +0,0 @@
-try
-{
-       var URI = location.protocol+'//stamp.cacert.org';
-       var URL = encodeURIComponent(URI);
-       var curDateTime = new Date();
-       var tz = -(curDateTime.getTimezoneOffset()/60);
-       var rf = encodeURIComponent(parent==self ? window.document.referrer : top.document.referrer);
-       var ul = encodeURIComponent(navigator.appName=="Netscape" ? navigator.language : navigator.userLanguage);
-       if(typeof(screen)=="object")
-       {
-               var sr = encodeURIComponent(screen.width+","+screen.height);
-               var cd = encodeURIComponent(screen.colorDepth);
-               var jo = encodeURIComponent(navigator.javaEnabled()?"Yes":"No");
-       }
-
-       document.write("<script type='text/javascript'>function popup() { ");
-       document.write("window.open('"+URI+"/certdet.php?refer="+location.href+"&tz="+tz+"', 'CertInfo',");
-       document.write("'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=600,height=400,left=200,top=100'); } </script>");
-       document.write("<a href='#' onClick='popup(); return false;'>");
-       document.write("<img src='"+URI+"/displogo.php?refer="+location.href+"&tz="+tz+"&rf="+rf+"&ul="+ul+"&sr="+sr+"&cd="+cd+"&jo="+jo+"&URL="+URL+"' border='0' /></a>");
-}
-catch(e)
-{
-       document.write("<img src='http://stamp.cacert.org/javascript_is_broken.php'/>");
-}
diff --git a/stamp/report.php b/stamp/report.php
deleted file mode 100644 (file)
index 519aa3a..0000000
+++ /dev/null
@@ -1,121 +0,0 @@
-<? /*
-    LibreSSL - CAcert web application
-    Copyright (C) 2004-2008  CAcert Inc.
-
-    This program is free software; you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation; version 2 of the License.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License
-    along with this program; if not, write to the Free Software
-    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/
-       $arr = explode("//", mysql_real_escape_string(trim($_SESSION['_stamp']['ref'])), 2);
-       $arr = explode("/", $arr['1'], 2);
-       $ref = $arr['0'];
-
-       $refer = mysql_real_escape_string(strip_tags(trim($_SESSION['_stamp']['ref'])));
-       $name = clean('name');
-       $email = clean('email');
-       $comment = clean('comment');
-       $reason = clean('reason');
-       $process = clean('process');
-
-       if($process != "" && ($_POST['pagehash'] != $_SESSION['_stamp']['pagehash'] || $_SESSION['_stamp']['pagehash'] == ""))
-       {
-               $errmsg = "Your report seemed to be posted is a suspicious manner, please try to re-submit it, or contact support for further help.";
-               $process = "";
-       }
-
-       if($process != "" && ($name == "" || $email == "" || $comment == "" || $reason == ""))
-       {
-               $errmsg = "You must supply your name, a valid email address and comment.";
-               $process = "";
-       }
-
-       if($process != "")
-       {
-               $checkemail = checkEmail($email);
-               if($checkemail != "OK")
-               {
-                       $errmsg = $checkemail;
-                       $process = "";
-               }
-       } else {
-               $_SESSION['_stamp']['pagehash'] = $pagehash = md5(date("U").$ref);
-       }
-
-       if($process != "")
-       {
-               $IP = mysql_real_escape_string(trim($_SERVER['REMOTE_ADDR']));
-               $iplong = ip2long($IP);
-               mysql_query("insert into `abusereports` set `when`=NOW(), `IP`='$iplong', `url`='$refer', `name`='$name', `email`='$email',
-                               `comment`='$comment', `reason`='$reason'");
-               $id = mysql_insert_id();
-
-               $body  = "New Abuse Report has been lodged via the the Stamp Interface:\n\n";
-               $body .= "Reported ID: $id\n";
-               $body .= "Reported IP: $IP\n";
-               $body .= "From: $name <$email>\n";
-               $body .= "URL: $refer\n";
-               $body .= "Reason: $reason\n";
-               $body .= "Comment: $comment\n";
-
-               sendmail("cacert-abuse@lists.cacert.org", "[CAcert.org] Abuse Report.", $body, "website@cacert.org", "", "", "CAcert Website");
-       }
-
-?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<html>
-<head>
-<title>CAcert.org Abuse Report!</title>
-<link rel="stylesheet" href="style.css" type="text/css">
-</head>
-<body>
- <div id="pagecell1">
-  <div id="pageName"><br>
-    <h2><a href="http<? if($_SERVER['HTTPS']=="on") { echo "s"; } ?>://www.cacert.org">
-       <img src="http<? if($_SERVER['HTTPS']=="on") { echo "s"; } ?>://www.cacert.org/images/cacert3.png" border="0" alt="CAcert.org logo"></a></h2>
-<? if($_SERVER['HTTPS']!="on") { ?>
-<div id="googlead"><br><script type="text/javascript"><!--
-google_ad_client = "pub-0959373285729680";
-google_alternate_color = "ffffff";
-google_ad_width = 234;
-google_ad_height = 60;
-google_ad_format = "234x60_as";
-google_ad_type = "text";
-google_ad_channel = "";
-//--></script>
-<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script></div>
-<? } ?>
-  </div>
-  <div id="content">
-    <div class="story">
-      <h3>Report abuse for <?=$ref?></h3>
-<? if($process == "") { ?>
-<? if($errmsg != "") { ?><p style="color:red"><?=$errmsg?></p><? } else { ?><br /><? } ?>
-      <form method="post" action="report.php">
-       <label for="refer">URL: </label><input type="text" name="refer" value="<?=$refer?>" readonly="1" /><br />
-       <label for="name">Name: </label><input type="text" name="name" value="<?=$name?>" /><br />
-       <label for="email">Email: </label><input type="text" name="email" value="<?=$email?>" /><br />
-       <label for="reason">Reason: </label><select name="reason">
-               <option value='invalid'<? if($reason == "invalid") { echo " selected"; } ?>>Invalid Domain</option>
-               <option value='phishing'<? if($reason == "phishing") { echo " selected"; } ?>>Phishing Site</option>
-               <option value='spam'<? if($reason == "spam") { echo " selected"; } ?>>Spam</option>
-               <option value='other'<? if($reason == "other") { echo " selected"; } ?>>Other</option>
-               </select><br />
-       <label for="comment">Comment/Other: </label><input type="text" name="comment" value="<?=$comment?>" /><br /><br />
-       <label for="sub">&nbsp;</label><input type="submit" name="process" value="Report Site"><br />
-       <input type="hidden" name="pagehash" value="<?=$pagehash?>">
-      </form>
-<? } else { ?>
-      <p>We thank you for your attention to detail, your report has been accepted and we will tend to your report as soon as humanly possible.</p>
-<? } ?>
-    </div>
-   </div>
-</body>
-</html>
diff --git a/stamp/showlogo.php b/stamp/showlogo.php
deleted file mode 100644 (file)
index e69de29..0000000
diff --git a/stamp/style.css b/stamp/style.css
deleted file mode 100644 (file)
index c00a4c7..0000000
+++ /dev/null
@@ -1,620 +0,0 @@
-/***********************************************/
-/* emx_nav_right.css                           */
-/* Use with template Halo_rightNav.html        */
-/***********************************************/
-
-/***********************************************/
-/* HTML tag styles                             */
-/***********************************************/
-body {
-       font-family: Arial,sans-serif;
-       color: #333333;
-       line-height: 1.166;
-       margin: 0px;
-       padding: 0px;
-       background: #cccccc;
-/*      url("/siteimages/bg_grad.jpg") fixed;   */
-}
-
-
-/******* hyperlink and anchor tag styles *******/
-
-a:link, a:visited {
-       color: #005FA9;
-       text-decoration: none;
-}
-
-a:hover {
-       text-decoration: underline;
-}
-
-/************** header tag styles **************/
-
-h1 {
-       font: bold 120% Arial,sans-serif;
-       color: #334d55;
-       margin: 0px;
-       padding: 0px;
-}
-
-h2 {
-       font: bold 114% Arial,sans-serif;
-       color: #006699;
-       margin: 0px;
-       padding: 0px;
-}
-
-h3 {
-       font: bold 100% Arial,sans-serif;
-       color: #334d55;
-       margin: 0px;
-       padding: 0px;
-       cursor: pointer;
-       /* cursor: hand; */
-}
-
-h4 {
-       font: bold 100% Arial,sans-serif;
-       color: #333333;
-       margin: 0px;
-       padding: 0px;
-}
-
-h5 {
-       font: 100% Arial,sans-serif;
-       color: #334d55;
-       margin: 0px;
-       padding: 0px;
-}
-
-
-/*************** list tag styles ***************/
-
-ul.menu {
-       list-style: none;
-       margin :0px 0px 0px 15px;
-       padding-left: 5px;
-       border-left: 1px dotted #000;
-}
-
-ul.top {
-       list-style: none;
-       margin: 0px 0px 0px 15px;
-       padding-left: 5px;
-       border-left: 0px;
-}
-
-ul {
-       list-style: none;
-       margin: 0px 0px 0px 15px;
-       padding-left: 5px;
-       border-left: 1px dotted #000;
-}
-
-/***********************************************/
-/* Layout Divs                                 */
-/***********************************************/
-#pagecell1 {
-       position:absolute;
-       top: 2%;
-       left: 2%;
-       right: 2%;
-       width: 96%;
-       background-color: #ffffff;
-}
-
-#tl {
-       position:absolute;
-       top: -1px;
-       left: -1px;
-       margin: 0px;
-       padding: 0px;
-       z-index: 100;
-}
-
-#tr {
-       position:absolute;
-       top: -1px;
-       right: -1px;
-       margin: 0px;
-       padding: 0px;
-       z-index: 100;
-}
-
-#masthead{
-       position: absolute;
-       top: 0px;
-       left: 2%;
-       right: 2%;
-       width:95.6%;
-       
-}
-
-#pageNav{
-       float: right;
-       width:178px;
-       padding: 0px;
-       background-color: #F5f7f7;
-       border-left: 1px solid #cccccc;
-       font: small Verdana,sans-serif;
-}
-
-#content{
-       padding: 0px 10px 0px 0px;
-       margin:0px 0px 0px 0px;
-}
-
-
-/***********************************************/
-/* Component Divs                              */
-/***********************************************/
-#siteName{
-       margin: 0px;
-       padding: 16px 0px 8px 0px;
-       color: #ffffff;
-       font-weight: normal;
-}
-
-/************** utility styles *****************/
-
-#utility{
-       font: 75% Verdana,sans-serif;
-       position: absolute;
-       top: 16px;
-       right: 0px;
-       color: #919999;
-}
-
-#utility a{
-       color: #ffffff;
-}
-
-#utility a:hover{
-       text-decoration: underline;
-}
-
-/************** pageName styles ****************/
-
-#pageName{
-       padding: 0px 0px 14px 10px;
-       margin: 0px;
-       border-bottom:1px solid #ccd2d2;
-}
-
-#pageName h2{
-       font: bold 175% Arial,sans-serif;
-       color: #000000;
-       margin:0px;
-       padding: 0px;
-}
-
-/************* globalNav styles ****************/
-
-#globalNav{
-position: relative;
-width: 100%;
-min-width: 640px;
-height: 32px;
-color: #cccccc;
-padding: 0px;
-margin: 0px;
-background-image:  url("siteimages/glbnav_background.gif");
-}
-
-#globalNav img{
-       margin-bottom: -4px;
-}
-
-#gnl {
-       position: absolute;
-       top: 0px;
-       left:0px;
-}
-
-#gnr {
-       position: absolute;
-       top: 0px;
-       right:0px;
-}
-
-#globalLink{
-       position: absolute;
-       top: 6px;
-       height: 22px;
-       min-width: 640px;
-       padding: 0px;
-       margin: 0px;
-       left: 10px;
-       z-index: 100;
-}
-
-
-a.glink, a.glink:visited{
-       font-size: small;
-       color: #000000;
-       font-weight: bold;
-       margin: 0px;
-       padding: 2px 5px 4px 5px;
-       border-right: 1px solid #8FB8BC;
-}
-
-a.glink:hover{
-       background-image:  url("siteimages/glblnav_selected.gif");
-       text-decoration: none;
-}
-
-.skipLinks {display: none;}
-
-/************ subglobalNav styles **************/
-
-.subglobalNav{
-       position: absolute;
-       top: 84px;
-       left: 0px;
-       /*width: 100%;*/
-       min-width: 640px;
-       height: 20px;
-       padding: 0px 0px 0px 10px;
-       visibility: hidden;
-       color: #ffffff;
-}
-
-.subglobalNav a:link, .subglobalNav a:visited {
-       font-size: 80%;
-       color: #ffffff;
-}
-
-.subglobalNav a:hover{
-       color: #cccccc;
-}
-
-/*************** search styles *****************/
-/*
-#listshow {
-       z-order: 101;
-}
-*/
-#search{
-       position: absolute;
-       top: 125px;
-       right: 0px;
-}
-
-#search form {
-       position: absolute;
-       top: 125px;
-       right: 300px;
-}
-#search input {
-       font-size: 11px;
-}
-
-#search1{
-       position: absolute;
-       top: 85px;
-       right: 300px;
-}
-
-#search2{
-       position: absolute;
-       top: 100px;
-       right: 300px;
-}
-
-#search3{
-       position: absolute;
-       top: 85px;
-       right: 240px;
-}
-
-#search4{
-       position: absolute;
-       top: 100px;
-       right: 226px;
-}
-
-#googlead{
-       position: absolute;
-       top: 5px;
-       right: 5px;
-       z-index: 101;
-}
-
-#search input{
-  font-size: 70%;
-  margin: 0px  0px 0px 10px;
- }
-#search a:link, #search a:visited {
-       font-size: 80%;
-       font-weight: bold;
-       
-}
-
-#search a:hover{
-       margin: 0px;
-}
-
-
-/************* breadCrumb styles ***************/
-
-#breadCrumb{
-       padding: 5px 0px 5px 10px;
-       font: small Verdana,sans-serif;
-       color: #AAAAAA;
-}
-
-#breadCrumb a{
-       color: #AAAAAA;
-}
-
-#breadCrumb a:hover{
-       color: #005FA9;
-       text-decoration: underline;
-}
-
-
-/************** feature styles *****************/
-
-.feature{
-       padding: 0px 0px 10px 10px;
-       font-size: 80%;
-       min-height: 200px;
-       height: 200px;
-}
-html>body .feature {height: auto;}
-
-.feature h3{
-       font: bold 175% Arial,sans-serif;
-       color: #000000;
-       padding: 30px 0px 5px 0px;
-}
-
-.feature img{
-       float: left;
-       padding: 0px 10px 0px 0px;
-}
-
-
-/*************** story styles ******************/
-
-.story {
-       padding: 10px 0px 0px 10px;
-       font-size: 80%;
-       min-height: 272px;
-}
-
-.story h3{
-       font: bold 125% Arial,sans-serif;
-       color: #000000;
-}
-
-.story p {
-       padding: 0px 0px 10px 0px;
-}
-
-.story a.capsule{
-       font: bold 1em Arial,sans-serif;
-       color: #005FA9;
-       display:block;
-       padding-bottom: 5px;
-}
-
-.story a.capsule:hover{
-       text-decoration: underline;
-}
-
-td.storyLeft{
-       padding-right: 12px;
-}
-
-
-/************** siteInfo styles ****************/
-
-#siteInfo{
-       clear: both;
-       border-top: 1px solid #cccccc;
-       font-size: small;
-       color: #cccccc;
-       padding: 10px 10px 10px 10px;
-}
-
-/************ sectionLinks styles **************/
-
-#sectionLinks{
-       margin: 0px;
-       padding: 0px;
-
-}
-
-#sectionLinks h3{
-       padding: 10px 0px 2px 10px;
-       border-bottom: 1px solid #cccccc;
-}
-
-#sectionLinks a:link, #sectionLinks a:visited {
-       display: block;
-       border-top: 1px solid #ffffff;
-       border-bottom: 1px solid #cccccc;
-       background-image:  url("siteimages/bg_nav.jpg");
-       font-weight: bold;
-       padding: 3px 0px 3px 10px;
-       color: #21536A;
-}
-
-#sectionLinks a:hover{
-       border-top: 1px solid #cccccc;
-       background-color: #DDEEFF;
-       background-image: none;
-       font-weight: bold;
-       text-decoration: none;
-}
-
-
-/************* relatedLinks styles **************/
-
-.relatedLinks{
-       margin: 0px;
-       padding: 0px 0px 10px 10px;
-       border-bottom: 1px solid #cccccc;
-}
-
-.relatedLinks h3{
-       padding: 10px 0px 2px 0px;
-}
-
-.relatedLinks a{
-       display: block; 
-}
-
-
-/**************** advert styles *****************/
-
-#advert{
-       padding: 10px;
-}
-
-#advert img{
-       display: block;
-}
-
-/********************* end **********************/
-
-.DataTD input, .DataTD textarea {
-       FONT-SIZE: 92%;
-}
-
-.DataTD select, .DataTD option {
-       FONT-SIZE: 92%;
-}
-
-.DataTD {
-       background-color: #E2E2E2;
-       border-style: inset;
-       border-width: 1px;
-       FONT-SIZE: 8pt;
-       COLOR: #000000;
-       FONT-FAMILY: Arial, Tahoma, Verdana, Helvetica, sans-serif;
-
-       background: #ffffff;
-       padding: 1px 5px 1px 5px;
-       border: 1px #CFCFCF solid;
-       border-left: 1px #CFCFCF dotted;
-       border-right: 1px #CFCFCF dotted;
-}
-
-.DataTDGrey {
-       background-color: #EFEDED;
-       border-style: inset;
-       border-width: 1px;
-       FONT-SIZE: 8pt;
-       COLOR: #000000;
-       FONT-FAMILY: Arial, Tahoma, Verdana, Helvetica, sans-serif;
-
-       padding: 1px 5px 1px 5px;
-       border: 1px #CFCFCF solid;
-       border-left: 1px #CFCFCF dotted;
-       border-right: 1px #CFCFCF dotted;
-}
-
-.DataTDNotDotted {
-       background-color: #E2E2E2;
-       border-style: inset;
-       border-width: 1px;
-       FONT-SIZE: 8pt;
-       COLOR: #000000;
-       FONT-FAMILY: Arial, Tahoma, Verdana, Helvetica, sans-serif;
-
-       background: #ffffff;
-       padding: 1px 5px 1px 5px;
-       border: 1px #CFCFCF solid;
-       border-left: 1px #CFCFCF solid;
-       border-right: 1px #CFCFCF solid;
-}
-
-.wrapper {
-       border-collapse: collapse;
-       font-family: verdana, sans-serif;
-       font-size: 11px;
-       text-align: center;
-}
-
-td.greytxt {
-       color: #CCCCCC;
-       font-size: smaller;
-       text-align: right;
-       vertical-align: bottom;
-}
-
-.title {
-       background: #E2E2E2;
-       font-weight:BOLD;
-       padding: 1px 5px 1px 5px;
-       border: 1px solid #CFCFCF;
-       border-bottom: 3px double #CFCFCF;
-       border-top: 1px solid #656565;
-       text-align: center;
-}
-
-.errmsg {
-       font-weight: BOLD;
-       color: #FF0000;
-}
-
-.ac_menu
-{
-        border:1px solid black
-}
-.ac_normal
-{
-       background-color:#ffffff;
-        cursor:pointer;
-}
-.ac_highlight
-{
-        background-color:#3366cc;
-       color:white;
-        cursor:pointer;
-}
-.ac_normal .a
-{
-        font-size:13px;
-        color:black;
-}
-.ac_highlight .a
-{
-       font-size:13px;
-}
-.ac_normal .d
-{
-       float:right;
-        font-size:10px;
-        color:green;
-}
-.ac_highlight .d
-{
-       float:right;
-        font-size:10px;
-}
-
-br {
-       clear: left;
-}
-
-label {
-       font-size: 90%;
-}
-
-label,input,select {
-       display: block;
-       width: 250px;
-       float: left;
-       margin-bottom: 10px;
-}
-
-label {
-       text-align: right;
-       width: 75px;
-       padding-right: 20px;
-}
diff --git a/www/api/ccsr.php b/www/api/ccsr.php
deleted file mode 100644 (file)
index 3bfe55a..0000000
+++ /dev/null
@@ -1,109 +0,0 @@
-<? /*
-    LibreSSL - CAcert web application
-    Copyright (C) 2004-2008  CAcert Inc.
-
-    This program is free software; you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation; version 2 of the License.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License
-    along with this program; if not, write to the Free Software
-    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/
-
-require_once '../../includes/lib/check_weak_key.php';
-
-       $username = mysql_real_escape_string($_REQUEST['username']);
-       $password = mysql_real_escape_string($_REQUEST['password']);
-
-       $query = "select * from `users` where `email`='$username' and (`password`=old_password('$password') or `password`=sha1('$password'))";
-       $res = mysql_query($query);
-       if(mysql_num_rows($res) != 1)
-               die("403,That username couldn't be found\n");
-       $user = mysql_fetch_assoc($res);
-       $memid = $user['id'];
-       $emails = array();
-       foreach($_REQUEST['email'] as $email)
-       {
-               $email = mysql_real_escape_string(trim($email));
-               $query = "select * from `email` where `memid`='".intval($memid)."' and `hash`='' and `deleted`=0 and `email`='$email'";
-               $res = mysql_query($query);
-               if(mysql_num_rows($res) > 0)
-               {
-                       $row = mysql_fetch_assoc($res);
-                       $id = $row['id'];
-                       $emails[$id] = $email;
-               }
-       }
-       if(count($emails) <= 0)
-               die("404,Wasn't able to match any emails sent against your account");
-       $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($memid)."' and `notary`.`deleted`=0 group by `to`";
-       $row = mysql_fetch_assoc(mysql_query($query));
-       $points = $row['points'];
-
-       $name = "CAcert WoT User\n";
-       $newname = mysql_real_escape_string(trim($_REQUEST['name']));
-       if($points >= 50)
-       {
-               if($newname == $user['fname']." ".$user['lname'] ||
-                       $newname == $user['fname']." ".$user['mname']." ".$user['lname'] ||
-                       $newname == $user['fname']." ".$user['lname']." ".$user['suffix'] ||
-                       $newname == $user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix'])
-                       $name = $newname;
-       }
-
-       $codesign = 0;
-       if($user['codesign'] == "1" && $_REQUEST['codesign'] == "1" && $points >= 100)
-               $codesign = 1;
-
-       $CSR = trim($_REQUEST['optionalCSR']);
-
-       if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
-       {
-               die("403, $weakKey");
-       }
-
-       $incsr = tempnam("/tmp", "ccsrIn");
-       $checkedcsr = tempnam("/tmp", "ccsrOut");
-       $fp = fopen($incsr, "w");
-       fputs($fp, $CSR);
-       fclose($fp);
-       $incsr_esc = escapeshellarg($incsr);
-       $checkedcsr_esc = escapeshellarg($checkedcsr);
-       $do = shell_exec("/usr/bin/openssl req -in $incsr_esc -out $checkedcsr_esc");
-       @unlink($incsr);
-       if(filesize($checkedcsr) <= 0)
-               die("404,Invalid or missing CSR");
-
-       $csrsubject = "/CN=$name";
-       foreach($emails as $id => $email)
-               $csrsubject .= "/emailAddress=".$email;
-
-       $query = "insert into `emailcerts` set `CN`='".mysql_real_escape_string($user['email'])."', `keytype`='MS',
-                               `memid`='".intval($user['id'])."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
-                               `subject`='".mysql_real_escape_string($csrsubject)."', `codesign`='".intval($codesign)."'";
-       mysql_query($query);
-       $certid = mysql_insert_id();
-       $CSRname = generatecertpath("csr","client",$certid);
-       rename($checkedcsr, $CSRname);
-
-       mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$certid'");
-
-       foreach($emails as $emailid => $email)
-               mysql_query("insert into `emaillink` set `emailcertsid`='$certid', `emailid`='".intval($emailid)."'");
-
-       $do = shell_exec("../../scripts/runclient");
-       sleep(10); // THIS IS BROKEN AND SHOULD BE FIXED
-       $query = "select * from `emailcerts` where `id`='$certid' and `crt_name` != ''";
-       $res = mysql_query($query);
-       if(mysql_num_rows($res) <= 0)
-               die("404,Your certificate request has failed. ID: ".intval($certid));
-       $cert = mysql_fetch_assoc($res);
-       echo "200,Authentication Ok\n";
-       readfile("../".$cert['crt_name']);
-?>
diff --git a/www/api/cemails.php b/www/api/cemails.php
deleted file mode 100644 (file)
index f937069..0000000
+++ /dev/null
@@ -1,48 +0,0 @@
-<? /*
-    LibreSSL - CAcert web application
-    Copyright (C) 2004-2008  CAcert Inc.
-
-    This program is free software; you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation; version 2 of the License.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License
-    along with this program; if not, write to the Free Software
-    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/
-       $username = mysql_escape_string($_REQUEST['username']);
-       $password = mysql_escape_string($_REQUEST['password']);
-
-       $query = "select * from `users` where `email`='$username' and (`password`=old_password('$password') or `password`=sha1('$password'))";
-       $res = mysql_query($query);
-       if(mysql_num_rows($res) != 1)
-               die("403,That username couldn't be found\n");
-       echo "200,Authentication Ok\n";
-       $user = mysql_fetch_assoc($res);
-       $memid = $user['id'];
-       $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($memid)."' and `notary`.`deleted`=0 group by `to`";
-       $row = mysql_fetch_assoc(mysql_query($query));
-       $points = $row['points'];
-       echo "CS=".intval($user['codesign'])."\n";
-       echo "NAME=CAcert WoT User\n";
-       if($points >= 50)
-       {
-               echo "NAME=".sanitizeHTML($user['fname'])." ".sanitizeHTML($user['lname'])."\n";
-               if($user['mname'] != "")
-                       echo "NAME=".sanitizeHTML($user['fname'])." ".sanitizeHTML($user['mname'])." ".sanitizeHTML($user['lname'])."\n";
-               if($user['suffix'] != "")
-                       echo "NAME=".sanitizeHTML($user['fname'])." ".sanitizeHTML($user['lname'])." ".sanitizeHTML($user['suffix'])."\n";
-               if($user['mname'] != "" && $user['suffix'] != "")
-                       echo "NAME=".sanitizeHTML($user['fname'])." ".sanitizeHTML($user['mname'])." ".sanitizeHTML($user['lname'])." ".sanitizeHTML($user['suffix'])."\n";
-       }
-       $query = "select * from `email` where `memid`='".intval($memid)."' and `hash`='' and `deleted`=0";
-       $res = mysql_query($query);
-       while($row = mysql_fetch_assoc($res)) {
-               echo "EMAIL=".sanitizeHTML($row['email'])."\n";
-       }
-?>
index 35dce1f..9560f39 100644 (file)
@@ -336,24 +336,13 @@ function send_reminder()
        {
                $max =  maxpoints();
 
-               $awarded = $newpoints = intval($_POST['points']);
-               if($newpoints > $max)
-                       $newpoints = $awarded = $max;
-               if($newpoints < 0)
-                       $newpoints = $awarded = 0;
+               $awarded = intval($_POST['points']);
+               if($awarded > $max)
+                       $awarded = $max;
+               if($awarded < 0)
+                       $awarded = 0;
 
-               $query = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['_config']['notarise']['id'])."' and `deleted` = 0 group by `to`";
-               $res = mysql_query($query);
-               $drow = mysql_fetch_assoc($res);
-
-               $_POST['expire'] = 0;
-
-               if(($drow['total'] + $newpoints) > 100 && $max < 100)
-                       $newpoints = 100 - $drow['total'];
-               if(($drow['total'] + $newpoints) > $max && $max >= 100)
-                       $newpoints = $max - $drow['total'];
-               if($newpoints < 0)
-                       $newpoints = 0;
+               $drow_points = get_received_total_points(intval($_SESSION['_config']['notarise']['id']));
 
                if(mysql_real_escape_string(stripslashes($_POST['date'])) == "")
                        $_POST['date'] = date("Y-m-d H:i:s");
@@ -376,7 +365,7 @@ function send_reminder()
        {
                $query = "insert into `notary` set `from`='".intval($_SESSION['profile']['id'])."',
                                                `to`='".intval($_SESSION['_config']['notarise']['id'])."',
-                                               `points`='".intval($newpoints)."', `awarded`='".intval($awarded)."',
+                                               `points`='0', `awarded`='".intval($awarded)."',
                                                `location`='".mysql_real_escape_string(stripslashes($_POST['location']))."',
                                                `date`='".mysql_real_escape_string(stripslashes($_POST['date']))."',
                                                `when`=NOW()";
@@ -416,17 +405,15 @@ function send_reminder()
                L10n::set_translation($_SESSION['_config']['notarise']['language']);
 
                $body  = sprintf(_("You are receiving this email because you have been assured by %s %s (%s)."), $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'])."\n\n";
-               if($_POST['points'] != $newpoints)
-                       $body .= sprintf(_("You were issued %s points however the system has rounded this down to %s and you now have %s points in total."), $_POST['points'], $newpoints, ($newpoints + $drow['total']))."\n\n";
-               else
-                       $body .= sprintf(_("You were issued %s points and you now have %s points in total."), $newpoints, ($newpoints + $drow['total']))."\n\n";
 
-               if(($drow['total'] + $newpoints) < 100 && ($drow['total'] + $newpoints) >= 50)
+               $body .= sprintf(_("You were issued %s assurance points and you now have %s assurance points in total."), $awarded, ($awarded + $drow_total))."\n\n";
+
+               if(($drow_total + $awarded) < 100 && ($drow_total + $awarded) >= 50)
                {
                        $body .= _("You now have over 50 points, and can now have your name added to client certificates, and issue server certificates for up to 2 years.")."\n\n";
                }
 
-               if(($drow['total'] + $newpoints) >= 100 && $newpoints > 0)
+               if(($drow_total + $awarded) >= 100 && $drow_total < 0 && !is_assurer(intval($_SESSION['_config']['notarise']['id'])) )
                {
                        $body .= _("You have at least 100 Assurance Points, if you want to become an assurer try the Assurer Challenge")." ( https://cats.cacert.org )\n\n";
                        $body .= _("To make it easier for others in your area to find you, it's helpful to list yourself as an assurer (this is voluntary), as well as a physical location where you live or work the most. You can flag your account to be listed, and add a comment to the display by going to:")."\n";
@@ -443,10 +430,7 @@ function send_reminder()
                L10n::set_translation($my_translation);
 
                $body  = sprintf(_("You are receiving this email because you have assured %s %s (%s)."), $_SESSION['_config']['notarise']['fname'], $_SESSION['_config']['notarise']['lname'], $_SESSION['_config']['notarise']['email'])."\n\n";
-               if($_POST['points'] != $newpoints)
-                       $body .= sprintf(_("You issued %s points however the system has rounded this down to %s and they now have %s points in total."), $_POST['points'], $newpoints, ($newpoints + $drow['total']))."\n\n";
-               else
-                       $body .= sprintf(_("You issued %s points and they now have %s points in total."), $newpoints, ($newpoints + $drow['total']))."\n\n";
+               $body .= sprintf(_("You issued %s assurance points and they now have %s assurance points in total."), $awarded, ($awarded + $drow['total']))."\n\n";
 
                $body .= _("Best regards")."\n";
                $body .= _("CAcert Support Team");
@@ -491,9 +475,7 @@ function send_reminder()
                        $subject = $_REQUEST['subject'];
                        $userid = intval($_REQUEST['userid']);
                        $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($userid)."' and `listme`=1"));
-                       $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
-                                               where `to`='".intval($user['id'])."' and `deleted` = 0 group by `to` HAVING SUM(`points`) > 0"));
-                       if($points > 0)
+                       if(is_assurer($userid) > 0)
                        {
                                $my_translation = L10n::get_translation();
                                L10n::set_translation($user['language']);