Merge branch 'bug-893' into bug-1136
authorBenny Baumann <BenBE@geshi.org>
Mon, 22 Jul 2013 05:22:37 +0000 (07:22 +0200)
committerBenny Baumann <BenBE@geshi.org>
Mon, 22 Jul 2013 05:22:37 +0000 (07:22 +0200)
Conflicts:
includes/temp_functions.php
pages/account/43.php

1  2 
includes/account.php
includes/notary.inc.php
pages/account/43.php

Simple merge
        <p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p>
  <?
        }
+       //functions to do with recording user agreements
+       function write_user_agreement($memid, $document, $method, $comment, $active=1, $secmemid=0){
+       // write a new record to the table user_agreement
+               $query="insert into `user_agreements` set `memid`=".$memid.", `secmemid`=".$secmemid.
+                       ",`document`='".$document."',`date`=NOW(), `active`=".$active.",`method`='".$method."',`comment`='".$comment."'" ;
+               $res = mysql_query($query);
+       }
+       function get_user_agreement_status($memid, $type="CCA"){
+       //returns 0 - no user agreement, 1- at least one entry
+               $query="SELECT u.`document` FROM `user_agreements` u
+                       WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." or u.`secmemid`=".$memid.")" ;
+               $res = mysql_query($query);
+               if(mysql_num_rows($res) <=0){
+                       return 0;
+               }else{
+                       return 1;
+               }
+       }
+       function get_first_user_agreement($memid, $active=1, $type="CCA"){
+       //returns an array (`document`,`date`,`method`, `comment`,`active`)
+               if($active==1){
+                       $filter="u.`memid`=".$memid;
+               }else{
+                       $filter="u.`secmemid`=".$memid;
+               }
+               $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM `user_agreements` u
+                       WHERE u.`document` = '".$type."' AND ".$filter."
+                       ORDER BY u.`date` Limit 1;";
+               $res = mysql_query($query);
+               if(mysql_num_rows($res) >0){
+                       $row = mysql_fetch_assoc($res);
+                       $rec['document']= $row['document'];
+                       $rec['date']= $row['date'];
+                       $rec['method']= $row['method'];
+                       $rec['comment']= $row['comment'];
+                       $rec['active']= $row['active'];
+               }else{
+                       $rec=array();
+               }
+               return $rec;
+       }
+       function get_last_user_agreement($memid, $type="CCA"){
+       //returns an array (`document`,`date`,`method`, `comment`,`active`)
+               $query="(SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 1 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." ) order by `date` desc limit 1)
+  union
+  (SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 0 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND ( u.`secmemid`=".$memid.")) order by `date` desc limit 1" ;
+               $res = mysql_query($query);
+               if(mysql_num_rows($res) >0){
+                       $row = mysql_fetch_assoc($res);
+                       $rec['document']= $row['document'];
+                       $rec['date']= $row['date'];
+                       $rec['method']= $row['method'];
+                       $rec['comment']= $row['comment'];
+                       $rec['active']= $row['active'];
+               }else{
+                       $rec=array();
+               }
+               return $rec;
+       }
+       function delete_user_agreement($memid, $type="CCA"){
+       //deletes all entries to an user for the given type of user agreements
+               mysql_query("delete from `user_agreements` where `memid`='".$memid."'");
+               mysql_query("delete from `user_agreements` where `secmemid`='".$memid."'");
+       }
+       // functions for 6.php (assure somebody)
+       function AssureHead($confirmation,$checkname)
+       {
+ ?>
+ <form method="post" action="wot.php">
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="600">
+       <tr>
+               <td colspan="2" class="title"><?=$confirmation?></td>
+       </tr>
+       <tr>
+               <td class="DataTD" colspan="2" align="left"><?=$checkname?></td>
+       </tr>
+ <?
+       }
+       function AssureTextLine($field1,$field2)
+       {
  ?>
 -              $query = "select `emailcerts`.`id`
 -                      from `emaillink`,`emailcerts` where
 -                      `emailid`='$mailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and
 -                      `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0
 -                              group by `emailcerts`.`id`";
 -              $dres = mysql_query($query);
 -              while($drow = mysql_fetch_assoc($dres)){
 -                      mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01', `disablelogin`=1 where `id`='".$drow['id']."'");
 -              }
+       <tr>
+               <td class="DataTD"><?=$field1?>:</td>
+               <td class="DataTD"><?=$field2?></td>
+       </tr>
+ <?
+       }
+       function AssureCCABoxLine($type,$text)
+       {
+               return;
+               AssureBoxLine($type,$text);
+       }
+       function AssureBoxLine($type,$text,$checked)
+       {
+ ?>
+       <tr>
+               <td class="DataTD"><input type="checkbox" name="<?=$type?>" value="1" <?=$checked?"checked":""?>></td>
+               <td class="DataTD"><?=$text?></td>
+       </tr>
+ <?
+       }
+       function AssureMethodLine($text,$methods,$remark)
+       {
+               if (count($methods) != 1) {
+ ?>
+       <tr>
+               <td class="DataTD"><?=$text?></td>
+               <td class="DataTD">
+                       <select name="method">
+ <?
+                       foreach($methods as $val) {
+ ?>
+                               <option value="<?=$val?>"><?=$val?></option>
+ <?
+                       }
+ ?>
+                       </select>
+                       <br />
+                       <?=$remark?>
+               </td>
+       </tr>
+ <?
+               } else {
+ ?>
+       <input type="hidden" name="<?=$val?>" value="<?=$methods[0]?>" />
+ <?
+               }
+       }
+       function AssureInboxLine($type,$field,$value,$description)
+       {
+ ?>
+       <tr>
+               <td class="DataTD"><?=$field?>:</td>
+               <td class="DataTD"><input type="text" name="<?=$type?>" value="<?=$value?>"><?=$description?></td>
+       </tr>
+ <?
+       }
+       function AssureFoot($oldid,$confirm)
+       {
+ ?>
+       <tr>
+               <td class="DataTD" colspan="2">
+                       <input type="submit" name="process" value="<?=$confirm?>" />
+                       <input type="submit" name="cancel" value="<?=_("Cancel")?>" />
+               </td>
+       </tr>
+ </table>
+ <input type="hidden" name="pagehash" value="<?=$_SESSION['_config']['wothash']?>" />
+ <input type="hidden" name="oldid" value="<?=$oldid?>" />
+ </form>
+ <?
+       }
+       function account_email_delete($mailid){
+       //deletes an email entry from an acount
+       //revolkes all certifcates for that email address
+       //called from www/account.php if($process != "" && $oldid == 2)
+       //called from www/diputes.php if($type == "reallyemail") / if($action == "accept")
+       //called from account_delete
+               $mailid = intval($mailid);
 -              $query = "select distinct `domaincerts`.`id`
 -                      from `domaincerts`, `domlink`
 -                      where `domaincerts`.`domid` = '$domainid'
 -                      or (
 -                      `domaincerts`.`id` = `domlink`.`certid`
 -                      and `domlink`.`domid` = '$domainid')";
 -              $dres = mysql_query($query);
 -              while($drow = mysql_fetch_assoc($dres))
 -              {
 -                      mysql_query(
 -                              "update `domaincerts`
 -                              set `revoked`='1970-01-01 10:00:01'
 -                              where `id` = '".$drow['id']."'
 -                              and `revoked` = 0
 -                              and UNIX_TIMESTAMP(`expire`) -
 -                              UNIX_TIMESTAMP() > 0");
 -              }
++              revoke_all_client_cert($mailid);
+               $query = "update `email` set `deleted`=NOW() where `id`='$mailid'";
+               mysql_query($query);
+       }
+       function account_domain_delete($domainid){
+       //deletes an domain entry from an acount
+       //revolkes all certifcates for that domain address
+       //called from www/account.php if($process != "" && $oldid == 9)
+       //called from www/diputes.php if($type == "reallydomain") / if($action == "accept")
+       //called from account_delete
+               $domainid = intval($domainid);
 -              $query = "select 1 from `email` where `email`='$email' and `deleted`=0";
++              revoke_all_server_cert($domainid);
+               mysql_query(
+                       "update `domains`
+                       set `deleted`=NOW()
+                       where `id` = '$domainid'");
+       }
+       function account_delete($id, $arbno, $adminid){
+       //deletes an account following the deleted account routnie V3
+       // called from www/account.php if($oldid == 50 && $process != "")
+       //change password
+               $id = intval($id);
+               $arbno = mysql_real_escape_string($arbno);
+               $adminid = intval($adminid);
+               $pool = 'abcdefghijklmnopqrstuvwxyz';
+               $pool .= '0123456789!()ยง';
+               $pool .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
+               srand ((double)microtime()*1000000);
+               $password="";
+               for($index = 0; $index < 30; $index++)
+               {
+                       $password .= substr($pool,(rand()%(strlen ($pool))), 1);
+               }
+               mysql_query("update `users` set `password`=sha1('".$password."') where `id`='".$id."'");
+       //create new mail for arbitration number
+               $query = "insert into `email` set `email`='".$arbno."@cacert.org',`memid`='".$id."',`created`=NOW(),`modified`=NOW(), `attempts`=-1";
+               mysql_query($query);
+               $emailid = mysql_insert_id();
+       //set new mail as default
+               $query = "update `users` set `email`='".$arbno."@cacert.org' where `id`='".$id."'";
+               mysql_query($query);
+       //delete all other email address
+               $query = "select * from `email` where `memid`='".$id."' and `id`!='".$emailid."'" ;
+               $res=mysql_query($query);
+               while($row = mysql_fetch_assoc($res)){
+                       account_email_delete($row['id']);
+               }
+       //delete all domains
+               $query = "select * from `domains` where `memid`='".$id."'";
+               $res=mysql_query($query);
+               while($row = mysql_fetch_assoc($res)){
+                       account_domain_delete($row['id']);
+               }
+       //clear alert settings
+               mysql_query("update `alerts` set `general`='0' where `memid`='$id'");
+               mysql_query("update `alerts` set `country`='0' where `memid`='$id'");
+               mysql_query("update `alerts` set `regional`='0' where `memid`='$id'");
+               mysql_query("update `alerts` set `radius`='0' where `memid`='$id'");
+       //set default location
+               $query = "update `users` set `locid`='2256755', `regid`='243', `ccid`='12' where `id`='".$id."'";
+               mysql_query($query);
+       //clear listings
+               $query = "update `users` set `listme`=' ',`contactinfo`=' ' where `id`='".$id."'";
+               mysql_query($query);
+       //set lanuage to default
+               //set default language
+               mysql_query("update `users` set `language`='en_AU' where `id`='".$id."'");
+               //delete secondary langugaes
+               mysql_query("delete from `addlang` where `userid`='".$id."'");
+       //change secret questions
+               for($i=1;$i<=5;$i++){
+                       $q="";
+                       $a="";
+                       for($index = 0; $index < 30; $index++)
+                       {
+                               $q .= substr($pool,(rand()%(strlen ($pool))), 1);
+                               $a .= substr($pool,(rand()%(strlen ($pool))), 1);
+                       }
+                       $query = "update `users` set `Q$i`='$q', `A$i`='$a' where `id`='".$id."'";
+                       mysql_query($query);
+               }
+       //change personal information to arbitration number and DOB=1900-01-01
+               $query = "select `fname`,`mname`,`lname`,`suffix`,`dob` from `users` where `id`='$userid'";
+               $details = mysql_fetch_assoc(mysql_query($query));
+               $query = "insert into `adminlog` set `when`=NOW(),`old-lname`='${details['lname']}',`old-dob`='${details['dob']}',
+                       `new-lname`='$arbno',`new-dob`='1900-01-01',`uid`='$id',`adminid`='".$adminid."'";
+               mysql_query($query);
+               $query = "update `users` set `fname`='".$arbno."',
+                       `mname`='".$arbno."',
+                       `lname`='".$arbno."',
+                       `suffix`='".$arbno."',
+                       `dob`='1900-01-01'
+                       where `id`='".$id."'";
+               mysql_query($query);
+       //clear all admin and board flags
+               mysql_query("update `users` set `assurer`='0' where `id`='$id'");
+               mysql_query("update `users` set `assurer_blocked`='0' where `id`='$id'");
+               mysql_query("update `users` set `codesign`='0' where `id`='$id'");
+               mysql_query("update `users` set `orgadmin`='0' where `id`='$id'");
+               mysql_query("update `users` set `ttpadmin`='0' where `id`='$id'");
+               mysql_query("update `users` set `locadmin`='0' where `id`='$id'");
+               mysql_query("update `users` set `admin`='0' where `id`='$id'");
+               mysql_query("update `users` set `adadmin`='0' where `id`='$id'");
+               mysql_query("update `users` set `tverify`='0' where `id`='$id'");
+               mysql_query("update `users` set `board`='0' where `id`='$id'");
+       //block account
+               mysql_query("update `users` set `locked`='1' where `id`='$id'");  //, `deleted`=Now()
+       }
+       function check_email_exists($email){
+       // called from includes/account.php if($process != "" && $oldid == 1)
+       // called from includes/account.php     if($oldid == 50 && $process != "")
+               $email = mysql_real_escape_string($email);
 -                      $query = "select 1 from `gpg` where `memid`='$uid' and `expire`>NOW()";
++              $query = "select * from `email` where `email`='$email' and `deleted`=0";
+               $res = mysql_query($query);
+               return mysql_num_rows($res) > 0;
+       }
+       function check_gpg_cert_running($uid,$cca=0){
+               //if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed
+               // called from includes/account.php     if($oldid == 50 && $process != "")
+               $uid = intval($uid);
+               if (0==$cca) {
 -                      $query = "select 1 from `gpg` where `memid`='$uid' and `expire`>(NOW()-90*86400)";
++                      $query = "select * from `gpg` where `memid`='$uid' and `expire`>NOW()";
+               }else{
 -                      $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>NOW()";
 -                      $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>NOW()";
++                      $query = "select * from `gpg` where `memid`='$uid' and `expire`>NOW()+90*86400";
+               }
+               $res = mysql_query($query);
+               return mysql_num_rows($res) > 0;
+       }
+       function check_client_cert_running($uid,$cca=0){
+               //if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed
+               // called from includes/account.php     if($oldid == 50 && $process != "")
+               $uid = intval($uid);
+               if (0==$cca) {
 -                      $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>(NOW()-90*86400)  and `revoked`<`created`";
 -                      $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>(NOW()-90*86400)";
++                      $query1 = "select 1 from `domiancerts` where `memid`='$uid' and `expire`>NOW()";
++                      $query2 = "select 1 from `domiancerts` where `memid`='$uid' and `revoked`>NOW()";
+               }else{
 -                      $query1 = "select 1 from `domaincerts` where `memid`='$uid' and `expire`>NOW()";
 -                      $query2 = "select 1 from `domaincerts` where `memid`='$uid' and `revoked`>NOW()";
++                      $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>NOW()+90*86400";
++                      $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>NOW()+90*86400";
+               }
+               $res = mysql_query($query1);
+               $r1 = mysql_num_rows($res)>0;
+               $res = mysql_query($query2);
+               $r2 = mysql_num_rows($res)>0;
+               return !!($r1 || $r2);
+       }
+       function check_server_cert_running($uid,$cca=0){
+               //if $cca =0 if just expired, =1 if CCA retention +3 month should be obeyed
+               // called from includes/account.php     if($oldid == 50 && $process != "")
+               $uid = intval($uid);
+               if (0==$cca) {
 -                      $query1 = "select 1 from `domaincerts` where `memid`='$uid' and `expire`>(NOW()-90*86400)  and `revoked`<`created`";
 -                      $query2 = "select 1 from `domaincerts` where `memid`='$uid' and `revoked`>(NOW()-90*86400)";
++                      $query1 = "select 1 from `domiancerts` where `memid`='$uid' and `expire`>NOW()";
++                      $query2 = "select 1 from `domiancerts` where `memid`='$uid' and `revoked`>NOW()";
+               }else{
 -              $query = "select 1 from `org` where `memid`='$uid' and `deleted`=0";
++                      $query1 = "select 1 from `domiancerts` where `memid`='$uid' and `expire`>NOW()+90*86400";
++                      $query2 = "select 1 from `domiancerts` where `memid`='$uid' and `revoked`>NOW()+90*86400";
+               }
+               $res = mysql_query($query1);
+               $r1 = mysql_num_rows($res)>0;
+               $res = mysql_query($query2);
+               $r2 = mysql_num_rows($res)>0;
+               return !!($r1 || $r2);
+       }
+       function check_is_orgadmin($uid){
+               // called from includes/account.php     if($oldid == 50 && $process != "")
+               $uid = intval($uid);
++              $query = "select * from `org` where `memid`='$uid' and `deleted`=0";
+               $res = mysql_query($query);
+               return mysql_num_rows($res) > 0;
+       }
++
++
++      // revokation of certificates
++      function revoke_all_client_cert($mailid){
++              //revokes all client certificates for an email address
++              $mailid = intval($mailid);
++              $query = "select `emailcerts`.`id`
++                      from `emaillink`,`emailcerts` where
++                      `emailid`='$mailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and `revoked`=0
++                      group by `emailcerts`.`id`";
++              $dres = mysql_query($query);
++              while($drow = mysql_fetch_assoc($dres)){
++                      mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01', `disablelogin`=1 where `id`='".$drow['id']."'");
++              }
++      }
++
++      function revoke_all_server_cert($domainid){
++              //revokes all server certs for an domain
++              $domainid = intval($domainid);
++              $query = "select distinct `domaincerts`.`id`
++                      from `domaincerts`, `domlink`
++                      where `domaincerts`.`domid` = '$domainid'
++                      or (
++                      `domaincerts`.`id` = `domlink`.`certid`
++                      and `domlink`.`domid` = '$domainid')";
++              $dres = mysql_query($query);
++              while($drow = mysql_fetch_assoc($dres))
++              {
++                      mysql_query(
++                      "update `domaincerts`
++                              set `revoked`='1970-01-01 10:00:01'
++                              where `id` = '".$drow['id']."'
++                              and `revoked` = 0");
++              }
++      }
++
++      function revoke_all_private_cert($uid){
++              //revokes all certificates linked to a personal accounts
++              //gpg revokation needs to be added to a later point
++              $uid=intval($uid);
++              $query = "select `id` from `email` where `memid`='".$uid."'";
++              $res=mysql_query($query);
++              while($row = mysql_fetch_assoc($res)){
++                      revoke_all_client_cert($row['id']);
++              }
++
++
++              $query = "select `id` from `domains` where `memid`='".$uid."'";
++              $res=mysql_query($query);
++              while($row = mysql_fetch_assoc($res)){
++                      revoke_all_server_cert($row['id']);
++              }
++
++      }
Simple merge