Source code taken from cacert-20111217.tar.bz2
[cacert.git] / www / wot.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */ ?>
18 <?
19
20 function show_page($target,$message,$error)
21 {
22 showheader(_("My CAcert.org Account!"));
23 if ($error != "")
24 $message=_("ERROR").": ".$error;
25 if ($message != "")
26 echo "<p><font color='orange' size='+1'>".$message."</font></p>";
27
28 switch ($target)
29 {
30 case '0':
31 case 'InfoPage': includeit(0, "wot");
32 break;
33 case '1':
34 case 'ListByCity': includeit(1, "wot");
35 break;
36 case '2':
37 case 'BecomeAssurer': includeit(2, "wot");
38 break;
39 case '3':
40 case 'TrustRules': includeit(3, "wot");
41 break;
42 case '4':
43 case 'ShowTTPInfo': includeit(4, "wot");
44 break;
45 case '5';
46 case 'EnterEmail': includeit(5, "wot");
47 break;
48 case '6':
49 case 'VerifyData': includeit(6, "wot");
50 break;
51 // case '7':
52 // case '???': includeit(7, "wot");
53 // break;
54 case '8':
55 case 'EnterMyInfo': includeit(8, "wot");
56 break;
57 case '9':
58 case 'ContactAssurer': includeit(9, "wot");
59 break;
60 case '10':
61 case 'MyPointsOld': includeit(10, "wot");
62 break;
63 // case '11':
64 // case 'OAInfo': includeit(11, "wot");
65 // break;
66 case '12':
67 case 'SearchAssurer': includeit(12, "wot");
68 break;
69 case '13':
70 case 'EnterMyCity': includeit(13, "wot");
71 break;
72 // case '14':
73 // case 'EnterEmail': includeit(14, "wot");
74 // break;
75 case '15':
76 case 'MyPointsNew': includeit(15, "wot");
77 break;
78 }
79
80 showfooter();
81 }
82
83 function send_reminder()
84 {
85 $body = "";
86 if($_POST['reminder-lang'] != "" && $_POST['reminder-lang'] != "en_AU")
87 {
88 $userlang = $_POST['reminder-lang'];
89 $_SESSION['_config']['reminder-lang'] = $_POST['reminder-lang'];
90 putenv("LANG=".$userlang);
91 setlocale(LC_ALL, $userlang);
92
93 $body .= $_SESSION['_config']['translations'][$userlang].":\n\n";
94 $body .= sprintf(_("This is a short reminder that you filled out forms to become trusted with CAcert.org, and %s has attempted to issue you points. Please create your account at %s as soon as possible and then notify %s so that the points can be issued."), $_SESSION['profile']['fname']." (".$_SESSION['profile']['email'].")", "http://www.cacert.org", $_SESSION['profile']['fname'])."\n\n";
95 $body .= _("Best regards")."\n";
96 $body .= _("CAcert Support Team");
97
98 $body .= "\n\nEnglish:\n\n";
99 }
100
101 $body .= sprintf("This is a short reminder that you filled out forms to become trusted with CAcert.org, and %s has attempted to issue you points. Please create your account at %s as soon as possible and then notify %s so that the points can be issued.", $_SESSION['profile']['fname']." (".$_SESSION['profile']['email'].")", "http://www.cacert.org", $_SESSION['profile']['fname'])."\n\n";
102 $body .= "Best regards"."\n";
103 $body .= "CAcert Support Team";
104
105 sendmail($_POST['email'], "[CAcert.org] "._("Reminder Notice"), $body, $_SESSION['profile']['email'], "", "", $_SESSION['profile']['fname']);
106
107 if($_POST['reminder-lang'] != "" && $_POST['reminder-lang'] != "en_AU")
108 {
109 $userlang = $_SESSION['profile']['language'];
110 putenv("LANG=".$userlang);
111 setlocale(LC_ALL, $userlang);
112 }
113
114 $_SESSION['_config']['remindersent'] = 1;
115 }
116
117
118
119
120
121 require_once("../includes/loggedin.php");
122
123 loadem("account");
124 if(array_key_exists('date',$_POST) && $_POST['date'] != "")
125 $_SESSION['_config']['date'] = $_POST['date'];
126
127 if(array_key_exists('location',$_POST) && $_POST['location'] != "")
128 $_SESSION['_config']['location'] = $_POST['location'];
129
130 $oldid=array_key_exists('oldid',$_REQUEST)?intval($_REQUEST['oldid']):0;
131
132 if($oldid == 12)
133 $id = $oldid;
134
135 if(($id == 5 || $oldid == 5 || $id == 6 || $oldid == 6))
136 if (!is_assurer($_SESSION['profile']['id']))
137 {
138 show_page ("Exit","",get_assurer_reason($_SESSION['profile']['id']));
139 exit;
140 }
141
142 if($oldid == 6 && intval($_SESSION['_config']['notarise']['id']) <= 0)
143 {
144 show_page ("EnterEmail","",_("Something went wrong. Please enter the email address again"));
145 exit;
146 }
147 if($oldid == 5 && array_key_exists('reminder',$_POST) && $_POST['reminder'] != "")
148 {
149 send_reminder();
150 show_page ("EnterEmail",_("A reminder notice has been sent."),"");
151 exit;
152 }
153
154 if($oldid == 5)
155 {
156 $query = "select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' and `deleted`=0";
157 $res = mysql_query($query);
158 if(mysql_num_rows($res) != 1)
159 {
160 $_SESSION['_config']['noemailfound'] = 1;
161 show_page("EnterEmail","",_("I'm sorry, there was no email matching what you entered in the system. Please double check your information."));
162 exit;
163 } else
164 {
165 $_SESSION['_config']['noemailfound'] = 0;
166 $_SESSION['_config']['notarise'] = mysql_fetch_assoc($res);
167 if ($_SESSION['_config']['notarise']['verified'] == 0)
168 {
169 show_page("EnterEmail","",_("User is not yet verified. Please try again in 24 hours!"));
170 exit;
171 }
172 }
173 }
174
175 if($oldid == 5 || $oldid == 6)
176 {
177 $id=6;
178 // $oldid=0;
179 if(array_key_exists('cancel',$_REQUEST) && $_REQUEST['cancel'] != "")
180 {
181 show_page("EnterEmail","","");
182 exit;
183 }
184 if($_SESSION['_config']['notarise']['id'] == $_SESSION['profile']['id'])
185 {
186 show_page("EnterEmail","",_("You are never allowed to Assure yourself!"));
187 exit;
188 }
189
190 $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' and
191 `to`='".$_SESSION['_config']['notarise']['id']."'";
192 $res = mysql_query($query);
193 if(mysql_num_rows($res) > 0)
194 {
195 show_page("EnterEmail","",_("You are only allowed to Assure someone once!"));
196 exit;
197 }
198 }
199
200 if($oldid == 6)
201 {
202 $iecho= "c";
203 if(!array_key_exists('assertion',$_POST) || $_POST['assertion'] != 1)
204 {
205 show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
206 exit;
207 }
208
209 /* if(!array_key_exists('rules',$_POST) || $_POST['rules'] != 1)
210 {
211 show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
212 exit;
213 }
214 */
215
216 if((!array_key_exists('certify',$_POST) || $_POST['certify'] != 1 ) && $_SESSION['profile']['ttpadmin'] != 1)
217 {
218 show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
219 exit;
220 }
221
222 if($_SESSION['profile']['ttpadmin'] != 1 && $_POST['location'] == "")
223 {
224 show_page("VerifyData","",_("You failed to enter a location of your meeting."));
225 exit;
226 }
227
228 if($_REQUEST['points'] == "")
229 {
230 show_page("VerifyData","",_("You must enter the number of points you wish to allocate to this person."));
231 exit;
232 }
233
234 $query = "select * from `users` where `id`='".$_SESSION['_config']['notarise']['id']."'";
235 $res = mysql_query($query);
236 $row = mysql_fetch_assoc($res);
237 $name = $row['fname']." ".$row['mname']." ".$row['lname']." ".$row['suffix'];
238 if($_SESSION['_config']['wothash'] != md5($name."-".$row['dob']) || $_SESSION['_config']['wothash'] != $_REQUEST['pagehash'])
239 {
240 show_page("VerifyData","",_("Race condition discovered, user altered details during assurance procedure. PLEASE MAKE SURE THE NEW DETAILS BELOW MATCH THE ID DOCUMENTS."));
241 exit;
242 }
243 }
244
245
246 if($oldid == 6)
247 {
248 $max = maxpoints();
249
250 $awarded = $newpoints = intval($_POST['points']);
251 if($newpoints > $max)
252 $newpoints = $awarded = $max;
253 if($newpoints < 0)
254 $newpoints = $awarded = 0;
255
256 $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`";
257 $res = mysql_query($query);
258 $drow = mysql_fetch_assoc($res);
259
260 $_POST['expire'] = 0;
261
262 if(($drow['total'] + $newpoints) > 100 && $max < 100)
263 $newpoints = 100 - $drow['total'];
264 if(($drow['total'] + $newpoints) > $max && $max >= 100)
265 $newpoints = $max - $drow['total'];
266 if($newpoints < 0)
267 $newpoints = 0;
268
269 if(mysql_escape_string(stripslashes($_POST['date'])) == "")
270 $_POST['date'] = date("Y-m-d H:i:s");
271
272 $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' AND
273 `to`='".$_SESSION['_config']['notarise']['id']."' AND
274 `awarded`='$awarded' AND
275 `location`='".mysql_escape_string(stripslashes($_POST['location']))."' AND
276 `date`='".mysql_escape_string(stripslashes($_POST['date']))."'";
277 $res = mysql_query($query);
278 if(mysql_num_rows($res) > 0)
279 {
280 show_page("VerifyEmail","",_("Identical Assurance attempted, will not continue."));
281 exit;
282 }
283 }
284
285 if($oldid == 6)
286 {
287 $query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
288 `to`='".$_SESSION['_config']['notarise']['id']."',
289 `points`='$newpoints', `awarded`='$awarded',
290 `location`='".mysql_escape_string(stripslashes($_POST['location']))."',
291 `date`='".mysql_escape_string(stripslashes($_POST['date']))."',
292 `when`=NOW()";
293 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
294 {
295 $query .= ",\n`method`='Temporary Increase'";
296 $query .= ",\n`expire`=DATE_ADD(NOW(), INTERVAL '".intval($_POST['expire'])."' DAY)";
297 $query .= ",\n`sponsor`='".intval($_POST['sponsor'])."'";
298 } else if($_SESSION['profile']['board'] == 1) {
299 $query .= ",\n`method`='".mysql_escape_string(stripslashes($_POST['method']))."'";
300 } else if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted third Parties')) {
301 $query .= ",\n`method`='Trusted Third Parties'";
302 }
303 mysql_query($query);
304 fix_assurer_flag($_SESSION['_config']['notarise']['id']);
305
306 if($_SESSION['profile']['points'] < 150)
307 {
308 $addpoints = 0;
309 if($_SESSION['profile']['points'] < 149 && $_SESSION['profile']['points'] >= 100)
310 $addpoints = 2;
311 else if($_SESSION['profile']['points'] == 149 && $_SESSION['profile']['points'] >= 100)
312 $addpoints = 1;
313 $query = "insert into `notary` set `from`='".$_SESSION['profile']['id']."',
314 `to`='".$_SESSION['profile']['id']."',
315 `points`='$addpoints', `awarded`='$addpoints',
316 `location`='".mysql_escape_string(stripslashes($_POST['location']))."',
317 `date`='".mysql_escape_string(stripslashes($_POST['date']))."',
318 `method`='Administrative Increase',
319 `when`=NOW()";
320 mysql_query($query);
321 // No need to fix_assurer_flag here, this should only happen for assurers...
322 $_SESSION['profile']['points'] += $addpoints;
323 }
324
325 if($_SESSION['_config']['notarise']['language'] != "")
326 {
327 $userlang = $_SESSION['_config']['notarise']['language'];
328 putenv("LANG=".$userlang);
329 setlocale(LC_ALL, $userlang);
330 }
331
332 $body = sprintf(_("You are receiving this email because you have been assured by %s %s (%s)."), $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'])."\n\n";
333 if($_POST['points'] != $newpoints)
334 $body .= sprintf(_("You were issued %s points however the system has rounded this down to %s and you now have %s points in total."), $_POST['points'], $newpoints, ($newpoints + $drow['total']))."\n\n";
335 else
336 $body .= sprintf(_("You were issued %s points and you now have %s points in total."), $newpoints, ($newpoints + $drow['total']))."\n\n";
337
338 if(($drow['total'] + $newpoints) < 100 && ($drow['total'] + $newpoints) >= 50)
339 {
340 $body .= _("You now have over 50 points, and can now have your name added to client certificates, and issue server certificates for up to 2 years.")."\n\n";
341 }
342
343 if(($drow['total'] + $newpoints) >= 100 && $newpoints > 0)
344 {
345 // $body .= _("You now have over 100 points and can start assuring others.")."\n\n";
346 $body .= _("You have at least 100 Assurance Points, if you want to become an assurer try the")." ";
347 $body .= _("Assurer Challenge")." ( https://cats.cacert.org )\n\n";
348 $body .= _("To make it easier for others in your area to find you, it's helpful to list yourself as an assurer (this is voluntary), as well as a physical location where you live or work the most. You can flag your account to be listed, and add a comment to the display by going to:")."\n\n";
349 $body .= "https://www.cacert.org/wot.php?id=8\n\n";
350 $body .= _("You can list your location by going to:")."\n\n";
351 $body .= "https://www.cacert.org/wot.php?id=13\n\n";
352 }
353
354 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
355 $body .= sprintf(_("Please Note: this is a temporary increase for %s days only. After that time your points will be reduced to 150 points."), intval($_POST['expire']))."\n\n";
356
357 $body .= _("Best regards")."\n";
358 $body .= _("CAcert Support Team");
359
360 sendmail($_SESSION['_config']['notarise']['email'], "[CAcert.org] "._("You've been Assured."), $body, "support@cacert.org", "", "", "CAcert Website");
361
362 putenv("LANG=".$_SESSION['profile']['language']);
363 setlocale(LC_ALL, $_SESSION['profile']['language']);
364
365 $body = sprintf(_("You are receiving this email because you have assured %s %s (%s)."), $_SESSION['_config']['notarise']['fname'], $_SESSION['_config']['notarise']['lname'], $_SESSION['_config']['notarise']['email'])."\n\n";
366 if($_POST['points'] != $newpoints)
367 $body .= sprintf(_("You issued %s points however the system has rounded this down to %s and they now have %s points in total."), $_POST['points'], $newpoints, ($newpoints + $drow['total']))."\n\n";
368 else
369 $body .= sprintf(_("You issued %s points and they now have %s points in total."), $newpoints, ($newpoints + $drow['total']))."\n\n";
370
371 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
372 $body .= sprintf(_("Please Note: this is a temporary increase for %s days only. After that time their points will be reduced to 150 points."), intval($_POST['expire']))."\n\n";
373 $body .= _("Best regards")."\n";
374 $body .= _("CAcert Support Team");
375
376 sendmail($_SESSION['profile']['email'], "[CAcert.org] "._("You've Assured Another Member."), $body, "support@cacert.org", "", "", "CAcert Support");
377
378 if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
379 {
380 $body = sprintf("%s %s (%s) has issued a temporary increase to 200 points for %s %s (%s) for %s days. This action was sponsored by %s %s (%s).", $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'], $_SESSION['_config']['notarise']['fname'], $_SESSION['_config']['notarise']['lname'], $_SESSION['_config']['notarise']['email'], intval($_POST['expire']), $sponsor['fname'], $sponsor['lname'], $sponsor['email'])."\n\n";
381
382 sendmail("cacert-board@lists.cacert.org", "[CAcert.org] Temporary Increase Issued.", $body, "website@cacert.org", "", "", "CAcert Website");
383 }
384
385 showheader(_("My CAcert.org Account!"));
386 echo "<p>"._("Shortly you and the person you were assuring will receive an email confirmation. There is no action on your behalf required to complete this.")."</p>";
387 ?><form method="post" action="wot.php">
388 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
389 <tr>
390 <td colspan="2" class="title"><?=_("Assure Someone")?></td>
391 </tr>
392 <tr>
393 <td class="DataTD"><?=_("Email")?>:</td>
394 <td class="DataTD"><input type="text" name="email" id="email" value=""></td>
395 </tr>
396 <tr>
397 <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
398 </tr>
399 </table>
400 <input type="hidden" name="oldid" value="5">
401 </form>
402 <SCRIPT LANGUAGE="JavaScript">
403 //<![CDATA[
404 function my_init()
405 {
406 document.getElementById("email").focus();
407 }
408
409 window.onload = my_init();
410 //]]>
411 </script>
412 <?
413 showfooter();
414 exit;
415 }
416
417 if($oldid == 8)
418 {
419 csrf_check("chgcontact");
420
421 $info = mysql_escape_string(strip_tags(stripslashes($_POST['contactinfo'])));
422 $listme = intval($_POST['listme']);
423 if($listme < 0 || $listme > 1)
424 $listme = 0;
425
426 $_SESSION['profile']['listme'] = $listme;
427 $_SESSION['profile']['contactinfo'] = $info;
428
429 $query = "update `users` set `listme`='$listme',`contactinfo`='$info' where `id`='".$_SESSION['profile']['id']."'";
430 mysql_query($query);
431
432 showheader(_("My CAcert.org Account!"));
433 echo "<p>"._("Your account information has been updated.")."</p>";
434 showfooter();
435 exit;
436 }
437
438 if($oldid == 9 && $_REQUEST['userid'] > 0 && $_SESSION['profile']['id'] > 0)
439 {
440 if($_SESSION['_config']['pagehash'] != $_REQUEST['pageid'])
441 {
442 $oldid=0;
443 $id = 9;
444 show_page("ContactAssurer","",_("It looks like you were trying to contact multiple people, this isn't allowed due to data security reasons."));
445 exit;
446 } else {
447 $body = $_REQUEST['message'];
448 $subject = $_REQUEST['subject'];
449 $userid = intval($_REQUEST['userid']);
450 $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$userid' and `listme`=1"));
451 $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
452 where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0"));
453 if($points > 0)
454 {
455 sendmail($user['email'], "[CAcert.org] ".$_REQUEST['subject'], $_REQUEST['message'],
456 $_SESSION['profile']['email'], "", "", $_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']);
457 show_page("ContactAssurer",_("Your email has been sent to")." ".$user['fname'].".<br />[ <a href='javascript:history.go(-2)'>"._("Go Back")."</a> ]","");
458 exit;
459 } else {
460 show_page(0,"",_("Sorry, I was unable to locate that user."));
461 exit;
462 }
463
464 }
465 }
466 if($oldid == 9)
467 {
468 $oldid=0;
469 $id = 9;
470 show_page("ContactAssurer","",_("There was an error and I couldn't proceed"));
471 exit;
472 }
473
474 // showheader(_("My CAcert.org Account!"));
475 // echo "ID now = ".$id."/".$oldid.">>".$iecho;
476 // includeit($id, "wot");
477 // showfooter();
478 show_page ($id,"","");
479 ?>