Source code taken from cacert-20110820.tar.bz2
[cacert.git] / www / wot.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */ ?>
18 <?
19 require_once("../includes/loggedin.php");
20
21 loadem("account");
22
23 if(array_key_exists('date',$_POST) && $_POST['date'] != "")
24 $_SESSION['_config']['date'] = $_POST['date'];
25
26 if(array_key_exists('location',$_POST) && $_POST['location'] != "")
27 $_SESSION['_config']['location'] = $_POST['location'];
28
29 $oldid=array_key_exists('oldid',$_REQUEST)?intval($_REQUEST['oldid']):0;
30
31 if($oldid == 12)
32 {
33 $id = $oldid;
34 }
35
36 if(($id == 5 || $oldid == 5 || $id == 6 || $oldid == 6))
37 {
38 if (!is_assurer($_SESSION['profile']['id'])) {
39 showheader(_("My CAcert.org Account!"));
40 echo "<p>".get_assurer_reason($_SESSION['profile']['id'])."</p>";
41 showfooter();
42 exit;
43 }
44 }
45
46 if($oldid == 6 && intval($_SESSION['_config']['notarise']['id']) <= 0)
47 {
48 $oldid=0;
49 $id = 5;
50 }
51
52 if($oldid == 5 && array_key_exists('reminder',$_POST) && $_POST['reminder'] != "")
53 {
54 $body = "";
55 if($_POST['reminder-lang'] != "" && $_POST['reminder-lang'] != "en_AU")
56 {
57 $userlang = $_POST['reminder-lang'];
58 $_SESSION['_config']['reminder-lang'] = $_POST['reminder-lang'];
59 putenv("LANG=".$userlang);
60 setlocale(LC_ALL, $userlang);
61
62 $body .= $_SESSION['_config']['translations'][$userlang].":\n\n";
63 $body .= sprintf(_("This is a short reminder that you filled out forms to become trusted with CAcert.org, and %s has attempted to issue you points. Please create your account at %s as soon as possible and then notify %s so that the points can be issued."), $_SESSION['profile']['fname']." (".$_SESSION['profile']['email'].")", "http://www.cacert.org", $_SESSION['profile']['fname'])."\n\n";
64 $body .= _("Best regards")."\n";
65 $body .= _("CAcert Support Team");
66
67 $body .= "\n\nEnglish:\n\n";
68 }
69
70 $body .= sprintf("This is a short reminder that you filled out forms to become trusted with CAcert.org, and %s has attempted to issue you points. Please create your account at %s as soon as possible and then notify %s so that the points can be issued.", $_SESSION['profile']['fname']." (".$_SESSION['profile']['email'].")", "http://www.cacert.org", $_SESSION['profile']['fname'])."\n\n";
71 $body .= "Best regards"."\n";
72 $body .= "CAcert Support Team";
73
74 sendmail($_POST['email'], "[CAcert.org] "._("Reminder Notice"), $body, $_SESSION['profile']['email'], "", "", $_SESSION['profile']['fname']);
75
76 if($_POST['reminder-lang'] != "" && $_POST['reminder-lang'] != "en_AU")
77 {
78 $userlang = $_SESSION['profile']['language'];
79 putenv("LANG=".$userlang);
80 setlocale(LC_ALL, $userlang);
81 }
82
83 $_SESSION['_config']['remindersent'] = 1;
84 $_SESSION['_config']['error'] = _("A reminder notice has been sent.");
85
86 $id = $oldid;
87 $oldid=0;
88 }
89
90 if($oldid == 5)
91 {
92 $_SESSION['_config']['noemailfound'] = 0;
93 $query = "select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' and `deleted`=0";
94 $res = mysql_query($query);
95 if(mysql_num_rows($res) != 1)
96 {
97 $id = $oldid;
98 $oldid=0;
99 $_SESSION['_config']['error'] = _("I'm sorry, there was no email matching what you entered in the system. Please double check your information.");
100 $_SESSION['_config']['noemailfound'] = 1;
101 } else {
102 $_SESSION['_config']['notarise'] = mysql_fetch_assoc($res);
103 }
104 }
105
106 if($oldid == 5 || $oldid == 6)
107 {
108 if(array_key_exists('cancel',$_REQUEST) && $_REQUEST['cancel'] != "")
109 {
110 header("location: wot.php");
111 exit;
112 }
113
114 if($_SESSION['_config']['notarise']['id'] == $_SESSION['profile']['id'])
115 {
116 $id = 5;
117 $oldid=0;
118 $_SESSION['_config']['error'] = _("You are never allowed to Assure yourself!");
119 }
120 }
121
122 if($oldid == 5 || $oldid == 6)
123 {
124 $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' and
125 `to`='".$_SESSION['_config']['notarise']['id']."'";
126 $_SESSION['_config']['alreadydone'] = 0;
127 $res = mysql_query($query);
128 if(mysql_num_rows($res) > 0 && $_SESSION['profile']['points'] < 200)
129 {
130 $id = 5;
131 $oldid=0;
132 $_SESSION['_config']['error'] = _("You are only allowed to Assure someone once!");
133 } elseif($oldid == 5) {
134 $id = 6;
135 }
136 if($id == 6 && mysql_num_rows($res) > 0)
137 {
138 $_SESSION['_config']['alreadydone'] = 1;
139 }
140 unset($_SESSION['_config']['pointsalready']);
141 if($id == 6 && $_SESSION['profile']['points'] >= 100)
142 {
143 $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`";
144 $res = mysql_query($query);
145 $drow = mysql_fetch_assoc($res);
146 $_SESSION['_config']['pointsalready'] = $drow['total'];
147 }
148 unset($_SESSION['_config']['verified']);
149 if($id == 6 && $_SESSION['profile']['points'] >= 100)
150 {
151 $query = "select `verified` from `users` where `id`='".$_SESSION['_config']['notarise']['id']."'";
152 $res = mysql_query($query);
153 $drow = mysql_fetch_assoc($res);
154 $_SESSION['_config']['verified'] = $drow['verified'];
155 }
156 }
157
158 if($oldid == 6)
159 {
160 if(!array_key_exists('assertion',$_POST) || $_POST['assertion'] != 1 || !array_key_exists('rules',$_POST) || $_POST['rules'] != 1)
161 {
162 $id = $oldid;
163 $oldid=6;
164 $_SESSION['_config']['error'] = _("You failed to check all boxes to validate your adherence to the rules and policies of CAcert");
165 }
166
167 if((!array_key_exists('certify',$_POST) || $_POST['certify'] != 1 ) && $_SESSION['profile']['ttpadmin'] != 1)
168 {
169 $id = $oldid;
170 $oldid=6;
171 $_SESSION['_config']['error'] = _("You failed to check all boxes to validate your adherence to the rules and policies of CAcert");
172 }
173 }
174
175 if($oldid == 6 && $_SESSION['profile']['ttpadmin'] != 1)
176 {
177 if($_POST['location'] == "")
178 {
179 $id = $oldid;
180 $oldid=0;
181 $_SESSION['_config']['error'] = _("You failed to enter a location of your meeting.");
182 }
183 }
184
185 if($oldid == 6)
186 {
187 $query = "select * from `users` where `id`='".$_SESSION['_config']['notarise']['id']."'";
188 $res = mysql_query($query);
189 $row = mysql_fetch_assoc($res);
190 $name = $row['fname']." ".$row['mname']." ".$row['lname']." ".$row['suffix'];
191 if($_SESSION['_config']['wothash'] != md5($name."-".$row['dob']) || $_SESSION['_config']['wothash'] != $_REQUEST['pagehash'])
192 {
193 $id = $oldid;
194 $oldid=0;
195 $_SESSION['_config']['error'] = _("Race condition discovered, user altered details during assurance procedure. PLEASE MAKE SURE THE NEW DETAILS BELOW MATCH THE ID DOCUMENTS.");
196 }
197 }
198
199 if($oldid == 6 && $_REQUEST['points'] == "")
200 {
201 $id = $oldid;
202 $oldid=0;
203 $_SESSION['_config']['error'] = _("You must enter the number of points you wish to allocate to this person.");
204 }
205
206 if($oldid == 6)
207 {
208 $max = maxpoints();
209
210 if (intval($_POST['points']) > $max) {
211 $awarded = $newpoints = $max;
212 } elseif (intval($_POST['points']) < 0) {
213 $awarded = $newpoints = 0;
214 } else {
215 $awarded = $newpoints = intval($_POST['points']);
216 }
217
218 $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`";
219 $res = mysql_query($query);
220 $drow = mysql_fetch_assoc($res);
221
222 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0 && $drow['total'] > 150)
223 {
224 showheader(_("My CAcert.org Account!"));
225 echo "<p>"._("You tried to give a temporary points increase to someone that already has more then 150 points. Can't continue.")."</p>";
226 showfooter();
227 exit;
228 }
229
230 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0 && intval($_POST['sponsor']) <= 0)
231 {
232 showheader(_("My CAcert.org Account!"));
233 echo "<p>"._("You didn't list a valid sponsor for this action.")."</p>";
234 showfooter();
235 exit;
236 }
237
238 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0 && intval($_POST['sponsor']) > 0)
239 {
240 $resc = mysql_query("select * from `users` where `id`='".intval($_POST['sponsor'])."' and `board`='1'");
241 $rc = mysql_num_rows($resc);
242 $sponsor = mysql_fetch_assoc($resc);
243 if($rc <= 0)
244 {
245 showheader(_("My CAcert.org Account!"));
246 echo "<p>"._("You listed an invalid sponsor for this action.")."</p>";
247 showfooter();
248 exit;
249 }
250 }
251
252 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
253 {
254 $_POST['method'] = "Administrative Increase";
255 $newpoints = 200 - $drow['total'];
256 if(intval($_POST['expire']) > 45)
257 $_POST['expire'] = 45;
258 if(intval($_POST['expire']) <= 7)
259 $_POST['expire'] = 7;
260 } else {
261 $_POST['expire'] = 0;
262 if(($drow['total'] + $newpoints) > 100 && $max < 100)
263 $newpoints = 100 - $drow['total'];
264 if(($drow['total'] + $newpoints) > $max && $max >= 100)
265 $newpoints = $max - $drow['total'];
266 if($newpoints < 0)
267 $newpoints = 0;
268 }
269
270 if(mysql_escape_string(stripslashes($_POST['date'])) == "")
271 $_POST['date'] = date("Y-m-d H:i:s");
272
273 $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' AND
274 `to`='".$_SESSION['_config']['notarise']['id']."' AND
275 `awarded`='$awarded' AND
276 `location`='".mysql_escape_string(stripslashes($_POST['location']))."' AND
277 `date`='".mysql_escape_string(stripslashes($_POST['date']))."'";
278 $res = mysql_query($query);
279 if(mysql_num_rows($res) > 0)
280 {
281 $id = $oldid;
282 $oldid=0;
283 $_SESSION['_config']['error'] = _("Identical Assurance attempted, will not continue.");
284 }
285 }
286
287 if($oldid == 6)
288 {
289 $query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
290 `to`='".$_SESSION['_config']['notarise']['id']."',
291 `points`='$newpoints', `awarded`='$awarded',
292 `location`='".mysql_escape_string(stripslashes($_POST['location']))."',
293 `date`='".mysql_escape_string(stripslashes($_POST['date']))."',
294 `when`=NOW()";
295 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
296 {
297 $query .= ",\n`method`='Temporary Increase'";
298 $query .= ",\n`expire`=DATE_ADD(NOW(), INTERVAL '".intval($_POST['expire'])."' DAY)";
299 $query .= ",\n`sponsor`='".intval($_POST['sponsor'])."'";
300 } else if($_SESSION['profile']['board'] == 1) {
301 $query .= ",\n`method`='".mysql_escape_string(stripslashes($_POST['method']))."'";
302 } else if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted third Parties')) {
303 $query .= ",\n`method`='Trusted Third Parties'";
304 }
305 mysql_query($query);
306 fix_assurer_flag($_SESSION['_config']['notarise']['id']);
307
308 if($_SESSION['profile']['points'] < 150)
309 {
310 $addpoints = 0;
311 if($_SESSION['profile']['points'] < 149 && $_SESSION['profile']['points'] >= 100)
312 $addpoints = 2;
313 else if($_SESSION['profile']['points'] == 149 && $_SESSION['profile']['points'] >= 100)
314 $addpoints = 1;
315 $query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
316 `to`='".$_SESSION['profile']['id']."',
317 `points`='$addpoints', `awarded`='$addpoints',
318 `location`='".mysql_escape_string(stripslashes($_POST['location']))."',
319 `date`='".mysql_escape_string(stripslashes($_POST['date']))."',
320 `method`='Administrative Increase',
321 `when`=NOW()";
322 mysql_query($query);
323 // No need to fix_assurer_flag here, this should only happen for assurers...
324 $_SESSION['profile']['points'] += $addpoints;
325 }
326
327 if($_SESSION['_config']['notarise']['language'] != "")
328 {
329 $userlang = $_SESSION['_config']['notarise']['language'];
330 putenv("LANG=".$userlang);
331 setlocale(LC_ALL, $userlang);
332 }
333
334 $body = sprintf(_("You are receiving this email because you have been assured by %s %s (%s)."), $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'])."\n\n";
335 if($_POST['points'] != $newpoints)
336 $body .= sprintf(_("You were issued %s points however the system has rounded this down to %s and you now have %s points in total."), $_POST['points'], $newpoints, ($newpoints + $drow['total']))."\n\n";
337 else
338 $body .= sprintf(_("You were issued %s points and you now have %s points in total."), $newpoints, ($newpoints + $drow['total']))."\n\n";
339
340 if(($drow['total'] + $newpoints) < 100 && ($drow['total'] + $newpoints) >= 50)
341 {
342 $body .= _("You now have over 50 points, and can now have your name added to client certificates, and issue server certificates for up to 2 years.")."\n\n";
343 }
344
345 if(($drow['total'] + $newpoints) >= 100 && $newpoints > 0)
346 {
347 // $body .= _("You now have over 100 points and can start assuring others.")."\n\n";
348 $body .= _("You have at least 100 Assurance Points, if you want to become an assurer try the")." ";
349 $body .= _("Assurer Challenge")." ( https://cats.cacert.org )\n\n";
350 $body .= _("To make it easier for others in your area to find you, it's helpful to list yourself as an assurer (this is voluntary), as well as a physical location where you live or work the most. You can flag your account to be listed, and add a comment to the display by going to:")."\n\n";
351 $body .= "https://www.cacert.org/wot.php?id=8\n\n";
352 $body .= _("You can list your location by going to:")."\n\n";
353 $body .= "https://www.cacert.org/wot.php?id=13\n\n";
354 }
355
356 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
357 $body .= sprintf(_("Please Note: this is a temporary increase for %s days only. After that time your points will be reduced to 150 points."), intval($_POST['expire']))."\n\n";
358
359 $body .= _("Best regards")."\n";
360 $body .= _("CAcert Support Team");
361
362 sendmail($_SESSION['_config']['notarise']['email'], "[CAcert.org] "._("You've been Assured."), $body, "support@cacert.org", "", "", "CAcert Website");
363
364 putenv("LANG=".$_SESSION['profile']['language']);
365 setlocale(LC_ALL, $_SESSION['profile']['language']);
366
367 $body = sprintf(_("You are receiving this email because you have assured %s %s (%s)."), $_SESSION['_config']['notarise']['fname'], $_SESSION['_config']['notarise']['lname'], $_SESSION['_config']['notarise']['email'])."\n\n";
368 if($_POST['points'] != $newpoints)
369 $body .= sprintf(_("You issued %s points however the system has rounded this down to %s and they now have %s points in total."), $_POST['points'], $newpoints, ($newpoints + $drow['total']))."\n\n";
370 else
371 $body .= sprintf(_("You issued %s points and they now have %s points in total."), $newpoints, ($newpoints + $drow['total']))."\n\n";
372
373 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
374 $body .= sprintf(_("Please Note: this is a temporary increase for %s days only. After that time their points will be reduced to 150 points."), intval($_POST['expire']))."\n\n";
375 $body .= _("Best regards")."\n";
376 $body .= _("CAcert Support Team");
377
378 sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("You've Assured Another Member."), $body, "support@cacert.org", "", "", "CAcert Support");
379
380 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
381 {
382 $body = sprintf("%s %s (%s) has issued a temporary increase to 200 points for %s %s (%s) for %s days. This action was sponsored by %s %s (%s).", $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'], $_SESSION['_config']['notarise']['fname'], $_SESSION['_config']['notarise']['lname'], $_SESSION['_config']['notarise']['email'], intval($_POST['expire']), $sponsor['fname'], $sponsor['lname'], $sponsor['email'])."\n\n";
383
384 sendmail("cacert-board@lists.cacert.org", "[CAcert.org] Temporary Increase Issued.", $body, "website@cacert.org", "", "", "CAcert Website");
385 }
386
387 showheader(_("My CAcert.org Account!"));
388 echo "<p>"._("Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this.")."</p>";
389 ?><form method="post" action="wot.php">
390 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
391 <tr>
392 <td colspan="2" class="title"><?=_("Assure Someone")?></td>
393 </tr>
394 <tr>
395 <td class="DataTD"><?=_("Email")?>:</td>
396 <td class="DataTD"><input type="text" name="email" id="email" value=""></td>
397 </tr>
398 <tr>
399 <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
400 </tr>
401 </table>
402 <input type="hidden" name="oldid" value="5">
403 </form>
404 <SCRIPT LANGUAGE="JavaScript">
405 //<![CDATA[
406 function my_init()
407 {
408 document.getElementById("email").focus();
409 }
410
411 window.onload = my_init();
412 //]]>
413 </script>
414 <?
415 showfooter();
416 exit;
417 }
418
419 if($oldid == 8)
420 {
421 csrf_check("chgcontact");
422
423 $info = mysql_escape_string(strip_tags(stripslashes($_POST['contactinfo'])));
424 $listme = intval($_POST['listme']);
425 if($listme < 0 || $listme > 1)
426 $listme = 0;
427
428 $_SESSION['profile']['listme'] = $listme;
429 $_SESSION['profile']['contactinfo'] = $info;
430
431 $query = "update `users` set `listme`='$listme',`contactinfo`='$info' where `id`='".$_SESSION['profile']['id']."'";
432 mysql_query($query);
433
434 showheader(_("My CAcert.org Account!"));
435 echo "<p>"._("Your account information has been updated.")."</p>";
436 showfooter();
437 exit;
438 }
439
440 if($oldid == 9 && $_REQUEST['userid'] > 0 && $_SESSION['profile']['id'] > 0)
441 {
442 if($_SESSION['_config']['pagehash'] != $_REQUEST['pageid'])
443 {
444 $oldid=0;
445 $id = 9;
446 $error = _("It looks like you were trying to contact multiple people, this isn't allowed due to data security reasons.");
447 } else {
448 $body = $_REQUEST['message'];
449 $subject = $_REQUEST['subject'];
450 $userid = intval($_REQUEST['userid']);
451 $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$userid' and `listme`=1"));
452 $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
453 where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0"));
454 if($points > 0)
455 {
456 sendmail($user['email'], "[CAcert.org] ".$_REQUEST['subject'], $_REQUEST['message'],
457 $_SESSION['profile']['email'], "", "", $_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']);
458 showheader(_("My CAcert.org Account!"));
459 echo "<p>"._("Your email has been sent to")." ".$user['fname'].".</p>";
460 echo "<p>[ <a href='javascript:history.go(-2)'>Go Back</a> ]</p>\n";
461 showfooter();
462 exit;
463 } else {
464 showheader(_("My CAcert.org Account!"));
465 echo _("Sorry, I was unable to locate that user.");
466 showfooter();
467 exit;
468 }
469 }
470 } elseif($oldid == 9) {
471 $oldid=0;
472 $error = _("There was an error and I couldn't proceed");
473 $id = 9;
474 }
475
476 showheader(_("My CAcert.org Account!"));
477 includeit($id, "wot");
478 showfooter();
479 ?>