Merge branch 'bug-1176' into release
authorBenny Baumann <BenBE@geshi.org>
Fri, 12 Jul 2013 19:16:37 +0000 (21:16 +0200)
committerBenny Baumann <BenBE@geshi.org>
Fri, 12 Jul 2013 19:16:37 +0000 (21:16 +0200)
includes/account.php
includes/general.php
includes/notary.inc.php
pages/account/43.php
pages/account/57.php [new file with mode: 0644]
pages/account/58.php [new file with mode: 0644]
pages/index/10.php
scripts/cron/removedead.php
scripts/cron/warning.php
www/index.php
www/wot.php

index 05b07a7..4aed5ed 100644 (file)
                                        echo $row['domain']."<br>\n";
 
                                        $dres = mysql_query(
-                                               "select distinct `domaincerts`.`id`
-                                                       from `domaincerts`, `domlink`
+                                               "select `domaincerts`.`id`
+                                                       from `domaincerts`
                                                        where `domaincerts`.`domid` = '$id'
-                                                       or (
-                                                               `domaincerts`.`id` = `domlink`.`certid`
-                                                               and `domlink`.`domid` = '$id'
-                                                               )");
+                                               union distinct
+                                               select `domaincerts`.`id`
+                                                       from `domaincerts`, `domlink`
+                                                       where `domaincerts`.`id` = `domlink`.`certid`
+                                                       and `domlink`.`domid` = '$id'");
                                        while($drow = mysql_fetch_assoc($dres))
                                        {
                                                mysql_query(
index 96ad4a8..6e1faa9 100644 (file)
                return $res;
        }
 
+
 ?>
index cc0e0eb..d6f86a8 100644 (file)
@@ -14,7 +14,7 @@
     You should have received a copy of the GNU General Public License
     along with this program; if not, write to the Free Software
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/ 
+*/
 
        function query_init ($query)
        {
@@ -52,8 +52,8 @@
 
        function get_top_assurer_position ($no_of_assurances)
        {
-               $res = query_init ("SELECT count(*) AS `list` FROM `notary` 
-                       WHERE `method` = 'Face to Face Meeting' 
+               $res = query_init ("SELECT count(*) AS `list` FROM `notary`
+                       WHERE `method` = 'Face to Face Meeting'
                        GROUP BY `from` HAVING count(*) > '".intval($no_of_assurances)."'");
                return intval(query_get_number_of_rows($res)+1);
        }
@@ -83,7 +83,7 @@
                $res = query_init ("select count(*) as number,points,awarded,method from notary where `from`='".intval($userid)."' group by points,awarded,method");
                return $res;
        }
-       
+
        function get_received_assurances_summary ($userid)
        {
                $res = query_init ("select count(*) as number,points,awarded,method from notary where `to`='".intval($userid)."' group by points,awarded,method");
                        $awarded = 100;
                }
                else
-                       $experience = 0;        
+                       $experience = 0;
 
                switch ($row['method'])
                {
 ?>
                <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$when?><?=$emclose?></td>
                <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$email?><?=$emclose?></td>
-<?     } 
+<?     }
 ?>
        <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td>
        <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$awarded?><?=$emclose?></td>
                        <td class="DataTD" <?=$tdstyle?>>&nbsp;</td>
 <?             } else {
 ?>
-                       <td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&amp;userid=<?=intval($userid)?>&amp;assurance=<?=intval($assuranceid)?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a><?=$emclose?></td>
+                       <td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&amp;userid=<?=intval($userid)?>&amp;assurance=<?=intval($assuranceid)?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$assuranceid)?>');"><?=_("Revoke")?></a><?=$emclose?></td>
 <?
                }
        }
                $res = get_given_assurances(intval($userid));
                while($row = mysql_fetch_assoc($res))
                {
-                       $fromuser = get_user (intval($row['to'])); 
+                       $fromuser = get_user (intval($row['to']));
                        $apoints = calc_experience ($row,$points,$experience,$sum_experience,$revoked);
                        $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['to']));
                        $email = show_email_link ($fromuser['email'],intval($row['to']));
        <p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p>
 <?
        }
+       
+       //functions to do with recording user agreements
+       function write_user_agreement($memid, $document, $method, $comment, $active=1, $secmemid=0){
+       // write a new record to the table user_agreement
+               $query="insert into `user_agreements` set `memid`=".$memid.", `secmemid`=".$secmemid.
+                       ",`document`='".$document."',`date`=NOW(), `active`=".$active.",`method`='".$method."',`comment`='".$comment."'" ;
+               $res = mysql_query($query);
+       }
+       
+       function get_user_agreement_status($memid, $type="CCA"){
+       //returns 0 - no user agreement, 1- at least one entry
+               $query="SELECT u.`document` FROM `user_agreements` u 
+                       WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." or u.`secmemid`=".$memid.")" ;
+               $res = mysql_query($query);
+               if(mysql_num_rows($res) <=0){
+                       return 0;
+               }else{
+                       return 1;
+               }
+       }
+
+       function get_first_user_agreement($memid, $active=1, $type="CCA"){
+       //returns an array (`document`,`date`,`method`, `comment`,`active`)
+               if($active==1){
+                       $filter="u.`memid`=".$memid;
+               }else{
+                       $filter="u.`secmemid`=".$memid;
+               }
+               $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM `user_agreements` u
+                       WHERE u.`document` = '".$type."' AND ".$filter."
+                       ORDER BY u.`date` Limit 1;";
+               $res = mysql_query($query);
+               if(mysql_num_rows($res) >0){
+                       $row = mysql_fetch_assoc($res);
+                       $rec['document']= $row['document'];
+                       $rec['date']= $row['date'];
+                       $rec['method']= $row['method'];
+                       $rec['comment']= $row['comment'];
+                       $rec['active']= $row['active'];
+               }else{
+                       $rec=array();
+               }
+               return $rec;
+       }
+
+       function get_last_user_agreement($memid, $type="CCA"){
+       //returns an array (`document`,`date`,`method`, `comment`,`active`)
+               $query="(SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 1 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." ) order by `date` desc limit 1)
+ union
+ (SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 0 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND ( u.`secmemid`=".$memid.")) order by `date` desc limit 1" ;
+               $res = mysql_query($query);
+               if(mysql_num_rows($res) >0){
+                       $row = mysql_fetch_assoc($res);
+                       $rec['document']= $row['document'];
+                       $rec['date']= $row['date'];
+                       $rec['method']= $row['method'];
+                       $rec['comment']= $row['comment'];
+                       $rec['active']= $row['active'];
+               }else{
+                       $rec=array();
+               }
+               return $rec;
+}
+
+       function delete_user_agreement($memid, $type="CCA"){
+       //deletes all entries to an user for the given type of user agreements
+               mysql_query("delete from `user_agreements` where `memid`='".$memid."'");
+               mysql_query("delete from `user_agreements` where `secmemid`='".$memid."'");
+       }
+
 ?>
index ca11f03..234e01a 100644 (file)
@@ -55,14 +55,14 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
     } else {
       // $email contains non-digits ==> search for mail addresses
       // Be defensive here (outer join) if primary mail is not listed in email table
-      $query = "select `users`.`id` as `id`, `email`.`email` as `email` 
+      $query = "select `users`.`id` as `id`, `email`.`email` as `email`
           from `users` left outer join `email` on (`users`.`id`=`email`.`memid`)
-          where (`email`.`email` like '$emailsearch' 
+          where (`email`.`email` like '$emailsearch'
                  or `users`.`email` like '$emailsearch')
             and `users`.`deleted`=0
           group by `users`.`id` limit 100";
     }
-    // bug-975 ted+uli changes --- end 
+    // bug-975 ted+uli changes --- end
     $res = mysql_query($query);
     if(mysql_num_rows($res) > 1) { ?>
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
@@ -175,6 +175,10 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
     <input type="submit" value="Go"></form></nobr></td>
   </tr>
   <tr>
+    <td class="DataTD"><?=_("CCA accepted")?>:</td>
+    <td class="DataTD"><a href="account.php?id=57&amp;userid=<?=intval($row['id'])?>"><?=intval(get_user_agreement_status($row['id'])) ? _("Yes") : _("No") ?></a></td>
+  </tr>
+  <tr>
     <td class="DataTD"><?=_("Trainings")?>:</td>
     <td class="DataTD"><a href="account.php?id=55&amp;userid=<?=intval($row['id'])?>">show</a></td>
   </tr>
@@ -340,7 +344,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
     <td colspan="2" class="title"><?=_("Account State")?></td>
   </tr>
 
-<?  
+<?
   // ---  bug-975 begin ---
   //  potential db inconsistency like in a20110804.1
   //    Admin console -> don't list user account
@@ -361,7 +365,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
        4.  email.email = primary-email       (???) or'd
       not covered by admin console find user routine, but may block users login
        5.  users.verified = 0|1
-      further "special settings"   
+      further "special settings"
        6.  users.locked  (setting displayed in display form)
        7.  users.assurer_blocked   (setting displayed in display form)
 
@@ -372,7 +376,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
        1. users.verified = 1
        2. users.deleted = 0
        3. users.locked = 0
-       4. users.email = primary-email                          
+       4. users.email = primary-email
 
     --- Assurer, assure someone find user query
     select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."'
@@ -386,11 +390,11 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
        1.  email.hash = ''            Yes        No           No
        2.  email.deleted = 0          Yes        No           No
        3.  users.deleted = 0          Yes        Yes          Yes
-       4.  users.verified = 1         No         Yes          No       
+       4.  users.verified = 1         No         Yes          No
        5.  users.locked = 0           No         Yes          No
        6.  users.email = prim-email   No         Yes          Yes
        7.  email.email = prim-email   Yes        No           No
-                 
+
     full usable account needs all 7 requirements fulfilled
     so if one setting isn't set/cleared there is an inconsistency either way
     if eg email.email is not avail, admin console cannot open user info
@@ -434,7 +438,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
     $dres = mysql_query($query);
     $drow = mysql_fetch_assoc($dres);
   }
-  
+
   if ($drow) {
     $eemail    = $drow['eemail'];
     $edeleted  = $drow['edeleted'];
@@ -453,11 +457,11 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
     }
     if ($edeleted!=0) {
       $inconsistency += 8;
-      $inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted");    
+      $inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted");
     }
     if ($ehash!='') {
       $inconsistency += 16;
-      $inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset");        
+      $inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset");
     }
   } else {
     $inconsistency = 32;
@@ -476,14 +480,14 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
       "operations and needs to be fixed manually through arbitration/critical ".
       "team.")?>
      </td>
-  </tr>  
+  </tr>
 <? }
 
   // ---  bug-975 end ---
 ?>
 </table>
 <br>
-<?    
+<?
  //  End - Debug infos
 ?>
 
@@ -512,12 +516,12 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
        $dres = mysql_query($query);
        $drow = mysql_fetch_assoc($dres);
        $total = $drow['total'];
-       
+
        $maxexpire = "0000-00-00 00:00:00";
        if ($drow['maxexpire']) {
                $maxexpire = $drow['maxexpire'];
        }
-       
+
        if($total > 0) {
                $query = "select COUNT(*) as `valid`
                          from `domains` inner join `domaincerts`
@@ -528,7 +532,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
                $dres = mysql_query($query);
                $drow = mysql_fetch_assoc($dres);
                $valid = $drow['valid'];
-               
+
                $query = "select COUNT(*) as `expired`
                          from `domains` inner join `domaincerts`
                               on `domains`.`id` = `domaincerts`.`domid`
@@ -537,7 +541,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
                $dres = mysql_query($query);
                $drow = mysql_fetch_assoc($dres);
                $expired = $drow['expired'];
-               
+
                $query = "select COUNT(*) as `revoked`
                          from `domains` inner join `domaincerts`
                               on `domains`.`id` = `domaincerts`.`domid`
@@ -570,12 +574,12 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
        $dres = mysql_query($query);
        $drow = mysql_fetch_assoc($dres);
        $total = $drow['total'];
-       
+
        $maxexpire = "0000-00-00 00:00:00";
        if ($drow['maxexpire']) {
                $maxexpire = $drow['maxexpire'];
        }
-       
+
        if($total > 0) {
                $query = "select COUNT(*) as `valid`
                          from `emailcerts`
@@ -585,7 +589,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
                $dres = mysql_query($query);
                $drow = mysql_fetch_assoc($dres);
                $valid = $drow['valid'];
-               
+
                $query = "select COUNT(*) as `expired`
                          from `emailcerts`
                          where `memid` = '".intval($row['id'])."'
@@ -593,7 +597,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
                $dres = mysql_query($query);
                $drow = mysql_fetch_assoc($dres);
                $expired = $drow['expired'];
-               
+
                $query = "select COUNT(*) as `revoked`
                          from `emailcerts`
                          where `memid` = '".intval($row['id'])."'
@@ -625,12 +629,12 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
        $dres = mysql_query($query);
        $drow = mysql_fetch_assoc($dres);
        $total = $drow['total'];
-       
+
        $maxexpire = "0000-00-00 00:00:00";
        if ($drow['maxexpire']) {
                $maxexpire = $drow['maxexpire'];
        }
-       
+
        if($total > 0) {
                $query = "select COUNT(*) as `valid`
                          from `gpg`
@@ -639,7 +643,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
                $dres = mysql_query($query);
                $drow = mysql_fetch_assoc($dres);
                $valid = $drow['valid'];
-               
+
                $query = "select COUNT(*) as `expired`
                          from `emailcerts`
                          where `memid` = '".intval($row['id'])."'
@@ -647,7 +651,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
                $dres = mysql_query($query);
                $drow = mysql_fetch_assoc($dres);
                $expired = $drow['expired'];
-               
+
                ?>
                <td class="DataTD"><?=intval($total)?></td>
                <td class="DataTD"><?=intval($valid)?></td>
@@ -664,7 +668,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
        </tr>
 
        <tr>
-               <td class="DataTD"><?=_("Org Server")?>:</td>
+               <td class="DataTD"><a href="account.php?id=58&amp;userid=<?=intval($row['id'])?>"><?=_("Org Server")?></a>:</td>
        <?
        $query = "select COUNT(*) as `total`,
                         MAX(`orgcerts`.`expire`) as `maxexpire`
@@ -674,12 +678,12 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
        $dres = mysql_query($query);
        $drow = mysql_fetch_assoc($dres);
        $total = $drow['total'];
-       
+
        $maxexpire = "0000-00-00 00:00:00";
        if ($drow['maxexpire']) {
                $maxexpire = $drow['maxexpire'];
        }
-       
+
        if($total > 0) {
                $query = "select COUNT(*) as `valid`
                          from `orgdomaincerts` as `orgcerts` inner join `org`
@@ -690,7 +694,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
                $dres = mysql_query($query);
                $drow = mysql_fetch_assoc($dres);
                $valid = $drow['valid'];
-               
+
                $query = "select COUNT(*) as `expired`
                          from `orgdomaincerts` as `orgcerts` inner join `org`
                                   on `orgcerts`.`orgid` = `org`.`orgid`
@@ -699,7 +703,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
                $dres = mysql_query($query);
                $drow = mysql_fetch_assoc($dres);
                $expired = $drow['expired'];
-               
+
                $query = "select COUNT(*) as `revoked`
                          from `orgdomaincerts` as `orgcerts` inner join `org`
                                   on `orgcerts`.`orgid` = `org`.`orgid`
@@ -734,12 +738,12 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
        $dres = mysql_query($query);
        $drow = mysql_fetch_assoc($dres);
        $total = $drow['total'];
-       
+
        $maxexpire = "0000-00-00 00:00:00";
        if ($drow['maxexpire']) {
                $maxexpire = $drow['maxexpire'];
        }
-       
+
        if($total > 0) {
                $query = "select COUNT(*) as `valid`
                          from `orgemailcerts` as `orgcerts` inner join `org`
@@ -750,7 +754,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
                $dres = mysql_query($query);
                $drow = mysql_fetch_assoc($dres);
                $valid = $drow['valid'];
-               
+
                $query = "select COUNT(*) as `expired`
                          from `orgemailcerts` as `orgcerts` inner join `org`
                                   on `orgcerts`.`orgid` = `org`.`orgid`
@@ -759,7 +763,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
                $dres = mysql_query($query);
                $drow = mysql_fetch_assoc($dres);
                $expired = $drow['expired'];
-               
+
                $query = "select COUNT(*) as `revoked`
                          from `orgemailcerts` as `orgcerts` inner join `org`
                                   on `orgcerts`.`orgid` = `org`.`orgid`
@@ -829,7 +833,7 @@ function showassuredto()
     <td class="DataTD"><?=intval($drow['points'])?></td>
     <td class="DataTD"><?=sanitizeHTML($drow['location'])?></td>
     <td class="DataTD"><?=sanitizeHTML($drow['method'])?></td>
-    <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>&amp;assurance=<?=intval($drow['id'])?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a></td>
+    <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>&amp;assurance=<?=intval($drow['id'])?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$drow['id'])?>');"><?=_("Revoke")?></a></td>
   </tr>
 <? } ?>
   <tr>
@@ -875,7 +879,7 @@ function showassuredby()
     <td class="DataTD"><?=$drow['points']?></td>
     <td class="DataTD"><?=$drow['location']?></td>
     <td class="DataTD"><?=$drow['method']?></td>
-    <td class="DataTD"><a href="account.php?id=43&userid=<?=$drow['from']?>&assurance=<?=$drow['id']?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a></td>
+    <td class="DataTD"><a href="account.php?id=43&userid=<?=$drow['from']?>&assurance=<?=$drow['id']?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$drow['id'])?>');"><?=_("Revoke")?></a></td>
   </tr>
 <? } ?>
   <tr>
@@ -886,7 +890,7 @@ function showassuredby()
 </table>
 <? } ?>
 <br><br>
-<? } } 
+<? } }
 
 if(isset($_GET['shownotary'])) {
     switch($_GET['shownotary']) {
diff --git a/pages/account/57.php b/pages/account/57.php
new file mode 100644 (file)
index 0000000..76eee27
--- /dev/null
@@ -0,0 +1,107 @@
+<? /*
+    LibreSSL - CAcert web application
+    Copyright (C) 2004-2008  CAcert Inc.
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; version 2 of the License.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+*/ ?>
+<?
+  include_once($_SESSION['_config']['filepath'].'/includes/notary.inc.php');
+  
+  if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST) || intval($_REQUEST['userid']) < 1) {
+
+  echo _('You do not have access to this page');
+
+  } else {  
+    $user_id = intval($_REQUEST['userid']);
+    $query = "select * from `users` where `id`='$user_id' and `users`.`deleted`=0";
+    $res = mysql_query($query);
+    if(mysql_num_rows($res) <= 0)
+    {
+      echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
+    } else {
+      $row = mysql_fetch_assoc($res);
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+  <tr>
+    <td colspan="5" class="title"><?=_('CCA agreement of').' '.sanitizeHTML($row['fname']).' '.sanitizeHTML($row['mname']).' '.sanitizeHTML($row['lname'])?></td>
+  </tr>
+</table>
+
+  
+<br>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+  <tr>
+    <td class="DataTD"><b><?=_('CCA type')?></b></td>
+    <td class="DataTD"><b><?=_('Date')?></b></td>
+    <td class="DataTD"><b><?=_('Method')?></b></td>
+    <td class="DataTD"><b><?=_('Type')?></b></td>
+  </tr>
+<?
+  $data=get_first_user_agreement($user_id,1);
+  if (!isset($data['active'])){
+      $type='';
+    }else{
+      $type=_('active');
+    }
+?>
+  <tr>
+    <td class="DataTD"><?=_('First active CCA')?></td>
+    <td class="DataTD"><?=$data['date']?></td>
+    <td class="DataTD"><?=$data['method']?></td>
+    <td class="DataTD"><?=$type?></td>
+  </tr>
+<?
+  $data=get_first_user_agreement($user_id,0);
+  if (!isset($data['active'])){
+      $type="";
+    }else{
+      $type=_('passive');
+    }
+?>
+  <tr>
+    <td class="DataTD"><?=_('First passive CCA')?></td>
+    <td class="DataTD"><?=$data['date']?></td>
+    <td class="DataTD"><?=$data['method']?></td>
+    <td class="DataTD"><?=$type?></td>
+  </tr>
+<?
+  $data=get_last_user_agreement($user_id);
+  if (!isset($data['active'])){
+      $type="";
+    }elseif($data['active']==1){
+      $type=_('active');
+    }else{
+      $type=_('passive');
+    }
+?>
+  <tr>
+    <td class="DataTD"><?=_('Last CCA')?></td>
+    <td class="DataTD"><?=$data['date']?></td>
+    <td class="DataTD"><?=$data['method']?></td>
+    <td class="DataTD"><?=$type?></td>
+  </tr>
+</table>
+<br>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+  <tr> 
+<?
+      if ($_SESSION['profile']['admin'] == 1 && array_key_exists('userid',$_REQUEST) && intval($_REQUEST['userid']) > 0) {
+?>
+    <tr><td colspan="3" class="DataTD"><a href="account.php?id=43&amp;userid=<?=$user_id ?>">back</a></td></tr>
+<?    } 
+?>  </table>
+<?
+  }
+}
+?>
diff --git a/pages/account/58.php b/pages/account/58.php
new file mode 100644 (file)
index 0000000..1f6b1a0
--- /dev/null
@@ -0,0 +1,61 @@
+<? /*
+    LibreSSL - CAcert web application
+    Copyright (C) 2004-2008  CAcert Inc.
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; version 2 of the License.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+*/
+
+if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST) || intval($_REQUEST['userid']) < 1) {
+       echo _('You do not have access to this page');
+} else {
+       $user_id = intval($_REQUEST['userid']);
+       $query = "select `users`.`fname`, `users`.`mname`, `users`.`lname` from `users` where `id`='$user_id' and `users`.`deleted`=0";
+       $res = mysql_query($query);
+       if(mysql_num_rows($res) != 1){
+               echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
+       } else {
+               if ($row = mysql_fetch_assoc($res)){
+                       $username=sanitizeHTML($row['fname']).' '.sanitizeHTML($row['mname']).' '.sanitizeHTML($row['lname']);
+                       $query = "select `orginfo`.`o`, `org`.`masteracc`
+                               FROM `orginfo`, `org`
+                               WHERE `orginfo`.`id` = `org`.`orgid`
+                               AND `org`.`memid`='$user_id' order by `orginfo`.`o`";
+                       $res1 = mysql_query($query);?>
+                       <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"><?
+                       if (mysql_num_rows($res1) <= 0) {?>
+                               <tr>
+                                       <td colspan="2" class="title"><?=sprintf(_('%s is not listed as Organisation Administrator'), $username)?></td>
+                               </tr>
+                       <?}else{?>
+                               <tr>
+                                       <td colspan="2" class="title"><?=sprintf(_('%s is listed as Organisation Administrator for:'), $username)?></td>
+                               </tr>
+                               <tr>
+                                       <td class="DataTD"><b><?=_('Organisation')?></b></td>
+                                       <td class="DataTD"><b><?=_('Masteraccount')?></b></td>
+                               </tr><?
+                               while($drow = mysql_fetch_assoc($res1)){?>
+                                       <tr>
+                                               <td class="DataTD"><?=$drow['o']?></td>
+                                               <td class="DataTD"><?=$drow['masteracc'] ? _("Yes") : _("No") ?></td>
+                                       </tr>
+                               <?}
+                       }
+                       ?></table>
+<?             }else{
+                               echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
+               }
+       }
+}
+?>
index 9e09bb8..7280e09 100644 (file)
     You should have received a copy of the GNU General Public License
     along with this program; if not, write to the Free Software
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/ ?>
-<p style="background-color: #FF8080; font-size: 150%">
-<?
-printf(_('This page has been moved to the %spolicy directory%s. Please update '.
-               'your bookmarks and report any broken links.'),
-       '<a href="/policy/PrivacyPolicy.html">', '</a>');
-?>
-</p>
+*/
+
+    header('HTTP/1.0 301 Moved Permanently');
+    header('Location: http://www.cacert.org/policy/CertificationPracticeStatement.php');
+    exit();
index aadda81..2257dc8 100755 (executable)
@@ -19,7 +19,8 @@
 
        require_once(dirname(__FILE__).'/../../includes/mysql.php');
        require_once(dirname(__FILE__).'/../../includes/lib/l10n.php');
-
+       require_once(dirname(__FILE__).'/../../includes/notary.inc.php');
+       
        $query = "select * from `users` where `users`.`verified`=0 and
                        (UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(`users`.`created`)) >= 172800";
        $res = mysql_query($query);
@@ -27,6 +28,7 @@
        {
                mysql_query("delete from `email` where `memid`='".$row['id']."'");
                mysql_query("delete from `users` where `id`='".$row['id']."'");
+               delete_user_agreement($row['id']);
        }
 
        $query = "delete from `domains` where `hash`!='' and
index 5cf7c31..0c97ba2 100755 (executable)
@@ -72,32 +72,37 @@ echo $row['fname']." ".$row['lname']." <".$row['email']."> (memid: ".$row['memid
 
        foreach($days as $day => $warning)
        {
-               $query = 
-                       "SELECT DISTINCT `domaincerts`.`id`,
+               $select_clause =
+                                       "`domaincerts`.`id`,
                                        `users`.`fname`, `users`.`lname`, `users`.`email`,
                                        `domains`.`memid`,
                                        `domaincerts`.`subject`, `domaincerts`.`crt_name`,
                                        `domaincerts`.`CN`,
                                        `domaincerts`.`serial`,
-                                       (UNIX_TIMESTAMP(`domaincerts`.`expire`) - 
-                                               UNIX_TIMESTAMP(NOW())) / 86400 AS `daysleft`
-                                       
-                               FROM `users`, `domaincerts`, `domlink`, `domains`
-                               WHERE UNIX_TIMESTAMP(`domaincerts`.`expire`) -
+                                       (UNIX_TIMESTAMP(`domaincerts`.`expire`) -
+                                               UNIX_TIMESTAMP(NOW())) / 86400 AS `daysleft`";
+               $where_clause =
+                                       "UNIX_TIMESTAMP(`domaincerts`.`expire`) -
                                                UNIX_TIMESTAMP(NOW()) > -7 * 86400
-                               AND UNIX_TIMESTAMP(`domaincerts`.`expire`) -
+                                       AND UNIX_TIMESTAMP(`domaincerts`.`expire`) -
                                                UNIX_TIMESTAMP(NOW()) < $day * 86400
-                               AND `domaincerts`.`renewed` = 0
-                               AND `domaincerts`.`warning` <= '$warning'
-                               AND `domaincerts`.`revoked` = 0
-                               AND (
-                                       `domaincerts`.`domid` = `domains`.`id`
-                                       OR (
-                                               `domaincerts`.`id` = `domlink`.`certid`
-                                               AND `domlink`.`domid` = `domains`.`id`
-                                               )
-                                       )
-                               AND `domains`.`memid` = `users`.`id`";
+                                       AND `domaincerts`.`renewed` = 0
+                                       AND `domaincerts`.`warning` <= '$warning'
+                                       AND `domaincerts`.`revoked` = 0
+                                       AND `domains`.`memid` = `users`.`id`";
+               $query =
+                       "SELECT $select_clause
+                               FROM `users`, `domaincerts`, `domains`
+                               WHERE $where_clause
+                               AND `domaincerts`.`domid` = `domains`.`id`
+                       UNION DISTINCT
+                       SELECT $select_clause
+                               FROM `users`,
+                                       `domaincerts` LEFT JOIN `domlink` ON
+                                               (`domaincerts`.`id` = `domlink`.`certid`),
+                                       `domains`
+                               WHERE $where_clause
+                               AND `domlink`.`domid` = `domains`.`id`";
                $res = mysql_query($query);
                while($row = mysql_fetch_assoc($res))
                {
index 35d22d7..c7cc03e 100644 (file)
@@ -18,6 +18,7 @@
 
 require_once('../includes/lib/l10n.php');
 
+
         $id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']);
         $oldid = 0; if(array_key_exists("oldid",$_REQUEST)) $oldid=intval($_REQUEST['oldid']);
         $process = ""; if(array_key_exists("process",$_REQUEST)) $process=$_REQUEST['process'];
@@ -544,6 +545,8 @@ require_once('../includes/lib/l10n.php');
                                                `regional`='".$_SESSION['signup']['regional']."',
                                                `radius`='".$_SESSION['signup']['radius']."'";
                        mysql_query($query);
+                       include_once("../includes/notary.inc.php");
+                       write_user_agreement($memid, "CCA", "account creation", "", 1);
 
                        $body = _("Thanks for signing up with CAcert.org, below is the link you need to open to verify your account. Once your account is verified you will be able to start issuing certificates till your hearts' content!")."\n\n";
                        $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n";
index 59eec4a..858f81b 100644 (file)
@@ -328,18 +328,16 @@ $iecho= "c";
                                                `location`='".mysql_escape_string(stripslashes($_POST['location']))."',
                                                `date`='".mysql_escape_string(stripslashes($_POST['date']))."',
                                                `when`=NOW()";
-               if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
-               {
-                       $query .= ",\n`method`='Temporary Increase'";
-                       $query .= ",\n`expire`=DATE_ADD(NOW(), INTERVAL '".intval($_POST['expire'])."' DAY)";
-                       $query .= ",\n`sponsor`='".intval($_POST['sponsor'])."'";
-               } else if($_SESSION['profile']['board'] == 1) {
-                       $query .= ",\n`method`='".mysql_escape_string(stripslashes($_POST['method']))."'";
-               } else if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) {
+               if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) {
                        $query .= ",\n`method`='TTP-Assisted'";
                }
                mysql_query($query);
                fix_assurer_flag($_SESSION['_config']['notarise']['id']);
+               include_once("../includes/notary.inc.php");
+/*to be activated after CCA accept option is implemented in form
+               write_user_agreement($_SESSION['profile']['id'], "CCA", "assurance", "Assuring", 1, $_SESSION['_config']['notarise']['id']);}*/
+/* to be activated after the CCA recording is announced
+               write_user_agreement($_SESSION['_config']['notarise']['id'], "CCA", "assurance", "Being assured", 0, $_SESSION['profile']['id']); */
 
                if($_SESSION['profile']['points'] < 150)
                {
@@ -356,6 +354,7 @@ $iecho= "c";
                                                        `method`='Administrative Increase',
                                                        `when`=NOW()";
                        mysql_query($query);
+
                        // No need to fix_assurer_flag here, this should only happen for assurers...
                        $_SESSION['profile']['points'] += $addpoints;
                }
@@ -383,9 +382,6 @@ $iecho= "c";
                        $body .= "https://www.cacert.org/wot.php?id=13\n\n";
                }
 
-               if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
-                       $body .= sprintf(_("Please Note: this is a temporary increase for %s days only. After that time your points will be reduced to 150 points."), intval($_POST['expire']))."\n\n";
-
                $body .= _("Best regards")."\n";
                $body .= _("CAcert Support Team");
 
@@ -399,20 +395,11 @@ $iecho= "c";
                else
                        $body .= sprintf(_("You issued %s points and they now have %s points in total."), $newpoints, ($newpoints + $drow['total']))."\n\n";
 
-               if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
-                       $body .= sprintf(_("Please Note: this is a temporary increase for %s days only. After that time their points will be reduced to 150 points."), intval($_POST['expire']))."\n\n";
                $body .= _("Best regards")."\n";
                $body .= _("CAcert Support Team");
 
                sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("You've Assured Another Member."), $body, "support@cacert.org", "", "", "CAcert Support");
 
-               if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
-               {
-                       $body  = sprintf("%s %s (%s) has issued a temporary increase to 200 points for %s %s (%s) for %s days. This action was sponsored by %s %s (%s).", $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'], $_SESSION['_config']['notarise']['fname'], $_SESSION['_config']['notarise']['lname'], $_SESSION['_config']['notarise']['email'], intval($_POST['expire']), $sponsor['fname'], $sponsor['lname'], $sponsor['email'])."\n\n";
-
-                       sendmail("cacert-board@lists.cacert.org", "[CAcert.org] Temporary Increase Issued.", $body, "website@cacert.org", "", "", "CAcert Website");
-               }
-
                showheader(_("My CAcert.org Account!"));
                echo "<p>"._("Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this.")."</p>";
 ?><form method="post" action="wot.php">