Source code taken from cacert-20110820.tar.bz2
authorMichael Tänzer <neo@nhng.de>
Sun, 21 Aug 2011 00:07:40 +0000 (02:07 +0200)
committerMichael Tänzer <neo@nhng.de>
Sun, 21 Aug 2011 00:07:40 +0000 (02:07 +0200)
14 files changed:
CommModule/client.pl
includes/account.php
includes/general.php
includes/lib/account.php [new file with mode: 0644]
includes/loggedin.php
includes/wot.inc.php [new file with mode: 0644]
pages/account/14.php
pages/index/1.php
pages/index/6.php
pages/wot/15.php [new file with mode: 0644]
scripts/assurer.php
www/cats/cats_import.php
www/index.php
www/wot.php

index 4e09c46..323ee27 100755 (executable)
@@ -540,7 +540,7 @@ sub OpenPGPextractExpiryDate ($)
     print OUT $_;
     unless ($r) 
     {
-      if ( /^\s*version \d+, created (\d+), md5len 0, sigclass \d+\s*$/ ) 
+      if ( /^\s*version \d+, created (\d+), md5len 0, sigclass (?:0x[0-9a-fA-F]+|\d+)\s*$/ )
       {
         SysLog "Detected CTS: $1\n";
         $cts = int($1);
index 14702b9..24c61d8 100644 (file)
                showheader(_("My CAcert.org Account!"));
                if($_SESSION['_config']['user']['pword1'] == "" || $_SESSION['_config']['user']['pword1'] != $_SESSION['_config']['user']['pword2'])
                {
+                       echo '<h3 style="color:red">', _("Failure: Pass Phrase not Changed"),
+                               '</h3>', "\n";
                        echo _("New Pass Phrases specified don't match or were blank.");
                } else {
                        $score = checkpw($_SESSION['_config']['user']['pword1'], $_SESSION['profile']['email'], $_SESSION['profile']['fname'],
                        }
 
                        if(strlen($_SESSION['_config']['user']['pword1']) < 6) {
+                               echo '<h3 style="color:red">',
+                                       _("Failure: Pass Phrase not Changed"), '</h3>', "\n";
                                echo _("The Pass Phrase you submitted was too short.");
                        } else if($score < 3) {
+                               echo '<h3 style="color:red">',
+                                       _("Failure: Pass Phrase not Changed"), '</h3>', "\n";
                                printf(_("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored %s points out of 6."), $score);
                        } else if($rc <= 0) {
+                               echo '<h3 style="color:red">',
+                                       _("Failure: Pass Phrase not Changed"), '</h3>', "\n";
                                echo _("You failed to correctly enter your current Pass Phrase.");
                        } else {
                                mysql_query("update `users` set `password`=sha1('".$_SESSION['_config']['user']['pword1']."')
                                                where `id`='".$_SESSION['profile']['id']."'");
+                               echo '<h3>', _("Pass Phrase Changed Successfully"), '</h3>', "\n";
                                echo _("Your Pass Phrase has been updated and your primary email account has been notified of the change.");
                                $body  = sprintf(_("Hi %s,"),$_SESSION['profile']['fname'])."\n";
                                $body .= _("You are receiving this email because you or someone else")."\n";
index 16b75e4..ebdf20e 100644 (file)
@@ -38,6 +38,7 @@
        $_SESSION['_config']['filepath'] = "/www";
 
        require_once($_SESSION['_config']['filepath']."/includes/mysql.php");
+       require_once($_SESSION['_config']['filepath'].'/includes/lib/account.php');
 
        if(array_key_exists('HTTP_HOST',$_SERVER) &&
                        $_SERVER['HTTP_HOST'] != $_SESSION['_config']['normalhostname'] &&
                }
        }
 
-       function checkpw($pwd, $email, $fname, $mname, $lname, $suffix)
-       {
+       function checkpwlight($pwd) {
                $points = 0;
 
                if(strlen($pwd) > 15)
                        $points++;
 
                //echo "Points due to length and charset: $points<br/>";
+               
+               // check for historical password proposal
+               if ($pwd === "Fr3d Sm|7h") {
+                       return 0;
+               }
+               
+               return $points;
+       }
 
+       function checkpw($pwd, $email, $fname, $mname, $lname, $suffix)
+       {
+               $points = checkpwlight($pwd);
+               
                if(@strstr(strtolower($pwd), strtolower($email)))
                        $points--;
 
                $text=preg_replace("/[^\w-.@]/","",$text);
                return($text);
        }
-
-       function fix_assurer_flag($userID)
-       {
-               // Update Assurer-Flag on users table if 100 points. Should the number of points be SUM(points) or SUM(awarded)?
-               $query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 1 WHERE `u`.`id` = \''.(int)intval($userID).
-                        '\' AND EXISTS(SELECT 1 FROM `cats_passed` AS `tp`, `cats_variant` AS `cv` WHERE `tp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 AND `tp`.`user_id` = `u`.`id`)'.
-                        ' AND (SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` AND `expire` < now()) >= 100'); // Challenge has been passed and non-expired points >= 100
-        
-               // Reset flag if requirements are not met
-               $query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 0 WHERE `u`.`id` = \''.(int)intval($userID).
-                       '\' AND (NOT EXISTS(SELECT 1 FROM `cats_passed` AS `tp`, `cats_variant` AS `cv` WHERE `tp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 AND `tp`.`user_id` = `u`.`id`)'.
-                        ' OR (SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` AND `n`.`expire` < now()) < 100)');
-       }
        
        // returns 0 if $userID is an Assurer
        // Otherwise :
diff --git a/includes/lib/account.php b/includes/lib/account.php
new file mode 100644 (file)
index 0000000..f7a24fa
--- /dev/null
@@ -0,0 +1,51 @@
+<?php
+/*
+    LibreSSL - CAcert web application
+    Copyright (C) 2004-2008  CAcert Inc.
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; version 2 of the License.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+*/
+
+function fix_assurer_flag($userID)
+{
+       // Update Assurer-Flag on users table if 100 points.
+       // Should the number of points be SUM(points) or SUM(awarded)?
+       $query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 1 WHERE '.
+               '`u`.`id` = \''.(int)intval($userID).'\' AND '.
+               'EXISTS(SELECT 1 FROM `cats_passed` AS `cp`, `cats_variant` AS `cv` '.
+                       'WHERE `cp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 AND '.
+                       '`cp`.`user_id` = `u`.`id`) AND '.
+               '(SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` '.
+                       'AND (`n`.`expire` > now() OR `n`.`expire` IS NULL)) >= 100');
+       // Challenge has been passed and non-expired points >= 100
+       
+       if (!$query) {
+               return false;
+       }
+       // Reset flag if requirements are not met
+       $query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 0 WHERE '.
+               '`u`.`id` = \''.(int)intval($userID).'\' AND '.
+               '(NOT EXISTS(SELECT 1 FROM `cats_passed` AS `cp`, `cats_variant` AS '.
+                       '`cv` WHERE `cp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 '.
+                       'AND `cp`.`user_id` = `u`.`id`) OR '.
+               '(SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` '.
+                       'AND (`n`.`expire` > now() OR `n`.`expire` IS NULL)) < 100)');
+       
+       if (!$query) {
+               return false;
+       }
+       
+       return true;
+}
\ No newline at end of file
index 355527f..640bc6c 100644 (file)
                $normalhost=$_SESSION['_config']['normalhostname'];
                $_SESSION['profile']['loggedin'] = 0;
                $_SESSION['profile'] = "";
-               foreach($_SESSION as $key)
+               foreach($_SESSION as $key => $value)
                {
                        unset($_SESSION[$key]);
                        unset($$key);
                        session_unregister($key);
                }
-                unset($_SESSION);
 
                header("location: https://".$normalhost."/index.php");
                exit;
diff --git a/includes/wot.inc.php b/includes/wot.inc.php
new file mode 100644 (file)
index 0000000..ce35ed6
--- /dev/null
@@ -0,0 +1,509 @@
+<? /*
+    LibreSSL - CAcert web application
+    Copyright (C) 2004-2011  CAcert Inc.
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; version 2 of the License.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+*/
+
+       function query_init ($query)
+       {
+               return mysql_query($query);
+       }
+
+       function query_getnextrow ($res)
+       {
+               $row1 = mysql_fetch_assoc($res);
+               return $row1;
+       }
+
+       function query_get_number_of_rows ($resultset)
+       {
+               return intval(mysql_num_rows($resultset));
+       }
+
+       function get_number_of_assurances ($userid)
+       {
+               $res = query_init ("SELECT count(*) AS `list` FROM `notary`
+                       WHERE `notary`.`from` != `notary`.`to` AND `notary`.`from`='".intval($userid)."'");
+               $row = query_getnextrow($res);
+
+               return intval($row['list']);
+       }
+
+       function get_number_of_assurees ($userid)
+       {
+               $res = query_init ("SELECT count(*) AS `list` FROM `notary`
+                       WHERE `notary`.`from` != `notary`.`to` AND `notary`.`to`='".intval($userid)."'");
+               $row = query_getnextrow($res);
+
+               return intval($row['list']);
+       }
+
+       function get_top_assurer_position ($no_of_assurances)
+       {
+               $res = query_init ("SELECT count(*) AS `list` FROM `notary`
+                       GROUP BY `notary`.`from` HAVING count(*) > '".intval($no_of_assurances)."'");
+               return intval(query_get_number_of_rows($res)+1);
+       }
+
+       function get_top_assuree_position ($no_of_assurees)
+       {
+               $res = query_init ("SELECT count(*) AS `list` FROM `notary`
+                       GROUP BY `notary`.`to` HAVING count(*) > '".intval($no_of_assurees)."'");
+               return intval(query_get_number_of_rows($res)+1);
+       }
+
+       function get_given_assurances ($userid)
+       {
+               $res = query_init ("select * from `notary` where `notary`.`from`='".intval($userid)."' and `notary`.`from` != `to` order by `notary`.`id` asc");
+               return $res;
+       }
+
+       function get_received_assurances ($userid)
+       {
+               $res = query_init ("select * from `notary` where `notary`.`to`='".intval($userid)."' and `notary`.`from` != `notary`.`to` order by `notary`.`id` asc ");
+               return $res;
+       }
+
+       function get_given_assurances_summary ($userid)
+       {
+               $res = query_init ("select count(*) as number,points,awarded,method from notary where `notary`.`from`='".intval($userid)."' group by points,awarded,method");
+               return $res;
+       }
+
+       function get_received_assurances_summary ($userid)
+       {
+               $res = query_init ("select count(*) as number,points,awarded,method from notary where `notary`.`to`='".intval($userid)."' group by points,awarded,method");
+               return $res;
+       }
+
+       function get_user ($userid)
+       {
+               $res = query_init ("select * from `users` where `id`='".intval($userid)."'");
+               return mysql_fetch_assoc($res);
+       }
+
+       function get_cats_state ($userid)
+       {
+
+               $res = query_init ("select * from `cats_passed` inner join `cats_variant` on `cats_passed`.`variant_id` = `cats_variant`.`id` and `cats_variant`.`type_id` = 1
+                       WHERE `cats_passed`.`user_id` = '".intval($userid)."'");
+               return mysql_num_rows($res);
+       }
+
+       function calc_experience ($row,&$points,&$experience,&$sum_experience)
+       {
+               $points += $row['awarded'];
+               $experience = "&nbsp;";
+               if ($row['method'] == "Face to Face Meeting")
+               {
+                       $sum_experience = $sum_experience +2;
+                       $experience = "2";
+               }
+               return $row['awarded'];
+       }
+
+       function calc_assurances ($row,&$points,&$experience,&$sumexperience,&$awarded)
+       {
+               $awarded = calc_points($row);
+
+               if ($awarded > 100)
+               {
+                       $experience = $awarded - 100;           // needs to be fixed in the future (limit 50 pts and/or no experience if pts > 100)
+                       $awarded = 100;
+               }
+               else
+                       $experience = 0;
+
+               switch ($row['method'])
+               {
+                       case 'Thawte Points Transfer':
+                       case 'CT Magazine - Germany':
+                       case 'Temporary Increase':            // Current usage of 'Temporary Increase' may break audit aspects, needs to be reimplemented
+                               $awarded=sprintf("<strong style='color: red'>%s</strong>",_("Revoked"));
+                               $experience=0;
+                               break;
+                       default:
+                               $points += $awarded;
+               }
+               $sumexperience = $sumexperience + $experience;
+       }
+
+
+       function show_user_link ($name,$userid)
+       {
+               $name = trim($name);
+               if($name == "")
+                       $name = _("Deleted before Verification");
+               else
+                       $name = "<a href='wot.php?id=9&amp;userid=".intval($userid)."'>$name</a>";
+               return $name;
+       }
+
+       function get_assurer_ranking($userid,&$num_of_assurances,&$rank_of_assurer)
+       {
+               $num_of_assurances = get_number_of_assurances (intval($userid));
+               $rank_of_assurer = get_top_assurer_position($num_of_assurances);
+       }
+
+       function get_assuree_ranking($userid,&$num_of_assurees,&$rank_of_assuree)
+       {
+               $num_of_assurees = get_number_of_assurees (intval($userid));
+               $rank_of_assuree = get_top_assuree_position($num_of_assurees);
+       }
+
+
+// ************* html table definitions ******************
+
+       function output_ranking($userid)
+       {
+               get_assurer_ranking($userid,$num_of_assurances,$rank_of_assurer);
+               get_assuree_ranking($userid,$num_of_assurees,$rank_of_assuree);
+
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+    <tr>
+       <td class="title"><?=_("Assurer Ranking")?></td>
+    </tr>
+    <tr>
+       <td class="DataTD"><?=sprintf(_("You have made %s assurances which ranks you as the #%s top assurer."), intval($num_of_assurances), intval($rank_of_assurer) )?></td>
+    </tr>
+    <tr>
+       <td class="DataTD"><?=sprintf(_("You have received %s assurances which ranks you as the #%s top assuree."), intval($num_of_assurees), intval($rank_of_assuree) )?></td>
+    </tr>
+</table>
+<br/>
+<?
+       }
+
+       function output_assurances_header($title)
+       {
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+    <tr>
+       <td colspan="7" class="title"><?=$title?></td>
+    </tr>
+    <tr>
+       <td class="DataTD"><strong><?=_("ID")?></strong></td>
+       <td class="DataTD"><strong><?=_("Date")?></strong></td>
+       <td class="DataTD"><strong><?=_("Who")?></strong></td>
+       <td class="DataTD"><strong><?=_("Points")?></strong></td>
+       <td class="DataTD"><strong><?=_("Location")?></strong></td>
+       <td class="DataTD"><strong><?=_("Method")?></strong></td>
+       <td class="DataTD"><strong><?=_("Experience Points")?></strong></td>
+    </tr>
+<?
+       }
+
+       function output_assurances_footer($points_txt,$points,$experience_txt,$sumexperience)
+       {
+?>
+    <tr>
+       <td class="DataTD" colspan="3"><strong><?=$points_txt?>:</strong></td>
+       <td class="DataTD"><?=$points?></td>
+       <td class="DataTD">&nbsp;</td>
+       <td class="DataTD"><strong><?=$experience_txt?>:</strong></td>
+       <td class="DataTD"><?=$sumexperience?></td>
+    </tr>
+</table>
+<br/>
+<?
+       }
+
+       function output_assurances_row($assuranceid,$date,$name,$points,$location,$method,$experience)
+       {
+?>
+    <tr>
+       <td class="DataTD"><?=$assuranceid?></td>
+       <td class="DataTD"><?=$date?></td>
+       <td class="DataTD"><?=$name?></td>
+       <td class="DataTD"><?=$points?></td>
+       <td class="DataTD"><?=$location?></td>
+       <td class="DataTD"><?=$method?></td>
+       <td class="DataTD"><?=$experience?></td>
+    </tr>
+<?
+       }
+
+       function output_summary_header()
+       {
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+    <tr>
+       <td colspan="4" class="title"><?=_("Summary of your Points")?></td>
+    </tr>
+    <tr>
+       <td class="DataTD"><strong><?=_("Description")?></strong></td>
+       <td class="DataTD"><strong><?=_("Points")?></strong></td>
+       <td class="DataTD"><strong><?=_("Countable Points")?></strong></td>
+       <td class="DataTD"><strong><?=_("Remark")?></strong></td>
+    </tr>
+<?
+       }
+
+       function output_summary_footer()
+       {
+?>
+</table>
+<br/>
+<?
+       }
+
+       function output_summary_row($title,$points,$points_countable,$remark)
+       {
+?>
+    <tr>
+       <td class="DataTD"><strong><?=$title?></strong></td>
+       <td class="DataTD"><?=$points?></td>
+       <td class="DataTD"><?=$points_countable?></td>
+       <td class="DataTD"><?=$remark?></td>
+    </tr>
+<?
+       }
+
+       function output_cats_needed()
+       {
+?>
+    <tr>
+       <td class="DataTD" colspan=4><strong style='color: red'><?=_("You have to pass the CAcert Assurer Challenge (CATS-Test) to be an Assurer")?></strong></td>
+    </tr>
+<?
+       }
+
+
+// ************* output given assurances ******************
+
+       function output_given_assurances_content($userid,&$points,&$sum_experience)
+       {
+               $points = 0;
+               $sumexperience = 0;
+               $res = get_given_assurances(intval($userid));
+               while($row = mysql_fetch_assoc($res))
+               {
+                       $fromuser = get_user (intval($row['to']));
+                       calc_experience ($row,$points,$experience,$sum_experience);
+                       $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['to']));
+                       output_assurances_row (intval($row['id']),$row['date'],$name,intval($row['awarded']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience);
+               }
+       }
+
+// ************* output received assurances ******************
+
+       function output_received_assurances_content($userid,&$points,&$sum_experience)
+       {
+               $points = 0;
+               $sumexperience = 0;
+               $res = get_received_assurances(intval($userid));
+               while($row = mysql_fetch_assoc($res))
+               {
+                       $fromuser = get_user (intval($row['from']));
+                       calc_assurances ($row,$points,$experience,$sum_experience,$awarded);
+                       $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['to']));
+                       output_assurances_row (intval($row['id']),$row['date'],$name,$awarded,$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience);
+               }
+       }
+
+// ************* output summary table ******************
+
+       function check_date_limit ($userid,$age)
+       {
+               $dob = date("Y-m-d", mktime(0,0,0,date("m"),date("d"),date("Y")-$age));
+               $res = query_init ("select id from `users` where `id`='".$userid."' and `dob` < '$dob'");
+               return intval(query_get_number_of_rows($res));
+       }
+
+       function calc_points($row)
+       {
+               if (intval($row['points']) < intval($row['awarded']))
+                       $points = intval($row['awarded']);      // if 'sum of added points' > 100, awarded shows correct value
+               else
+                       $points = intval($row['points']);       // on very old assurances, awarded is '0' instead of correct value
+               switch ($row['method'])
+               {
+                       case 'Thawte Points Transfer':    // revoke all Thawte-points     (as per arbitration)
+                       case 'CT Magazine - Germany':      // revoke c't                   (only one test-entry)
+                       case 'Temporary Increase':            // revoke 'temporary increase'  (Current usage breaks audit aspects, needs to be reimplemented)
+                               $points = 0;
+                               break;
+                       case 'Administrative Increase':  // ignore AI with 2 points or less (historical for experiance points, now other calculation)
+                               if ($points <= 2)              // maybe limit to 35/50 pts in the future?
+                                       $points = 0;
+                               break;
+                       case 'unknown':                  // to be revoked in the future? limit to max 50 pts?
+                       case 'Trusted 3rd Parties':          // to be revoked in the future? limit to max 35 pts?
+                       case '':                                // to be revoked in the future? limit to max 50 pts?
+                       case 'Face to Face Meeting':        // normal assurances, limit to 35/50 pts in the future?
+                               break;
+                       default:                                // should never happen ... ;-)
+                               $points = 0;
+               }
+               if ($points < 0)                                // ignore negative points (bug needs to be fixed)
+                       $points = 0;
+               return $points;
+       }
+
+       function max_points($userid)
+       {
+               return output_summary_content ($userid,0);
+       }
+
+       function output_summary_content($userid,$display_output)
+       {
+               $sum_points = 0;
+               $sum_experience = 0;
+               $sum_experience_other = 0;
+               $max_points = 100;
+               $max_experience = 50;
+
+               $experience_limit_reached_txt = _("Limit reached");
+
+               if (check_date_limit($userid,18) != 1)
+               {
+                       $max_experience = 10;
+                       $experience_limit_reached_txt = _("Limit given by PoJAM reached");
+               }
+               if (check_date_limit($userid,14) != 1)
+               {
+                       $max_experience = 0;
+                       $experience_limit_reached_txt = _("Limit given by PoJAM reached");
+               }
+
+               $res = get_received_assurances_summary($userid);
+               while($row = mysql_fetch_assoc($res))
+               {
+                       $points = calc_points ($row);
+
+                       if ($points > $max_points)                      // limit to 100 points, above is experience (needs to be fixed)
+                       {
+                               $sum_experience_other = $sum_experience_other+($points-$max_points)*intval($row['number']);
+                               $points = $max_points;
+                       }
+                       $sum_points += $points*intval($row['number']);
+               }
+
+               $res = get_given_assurances_summary($userid);
+               while($row = mysql_fetch_assoc($res))
+               {
+                       switch ($row['method'])
+                       {
+                               case 'Face to Face Meeting':                    // count Face to Face only
+                                       $sum_experience += 2*intval($row['number']);
+                                       break;
+                       }
+
+               }
+
+               if ($sum_points > $max_points)
+                       {
+                       $sum_points_countable = $max_points;
+                       $remark_points = _("Limit reached");
+                       }
+               else
+                       {
+                       $sum_points_countable = $sum_points;
+                       $remark_points = "&nbsp";
+                       }
+               if ($sum_experience > $max_experience)
+                       {
+                       $sum_experience_countable = $max_experience;
+                       $remark_experience = $experience_limit_reached_txt;
+                       }
+               else
+                       {
+                       $sum_experience_countable = $sum_experience;
+                       $remark_experience = "&nbsp;";
+                       }
+
+               if ($sum_experience_countable + $sum_experience_other > $max_experience)
+                       {
+                       $sum_experience_other_countable = $max_experience-$sum_experience_countable;
+                       $remark_experience_other = $experience_limit_reached_txt;
+                       }
+               else
+                       {
+                       $sum_experience_other_countable = $sum_experience_other;
+                       $remark_experience_other = "&nbsp;";
+                       }
+
+               if ($sum_points_countable < $max_points)
+                       {
+                       if ($sum_experience_countable != 0)
+                               $remark_experience = $points_on_hold_txt;_("Points on hold due to less assurance points");
+                       $sum_experience_countable = 0;
+                       if ($sum_experience_other_countable != 0)
+                               $remark_experience_other = _("Points on hold due to less assurance points");
+                       $sum_experience_other_countable = 0;
+                       }
+
+               $issue_points = 0;
+               $cats_test_passed = get_cats_state ($userid);
+               if ($cats_test_passed == 0)
+                       $issue_points_txt = "<strong style='color: red'>"._("You have to pass the CAcert Assurer Challenge (CATS-Test) to be an Assurer")."</strong>";
+               else
+               {
+                       $experience_total = $sum_experience_countable+$sum_experience_other_countable;
+                       $issue_points_txt = "";
+                       if ($sum_points_countable == $max_points)
+                               $issue_points = 10;
+                       if ($experience_total >= 10)
+                               $issue_points = 15;
+                       if ($experience_total >= 20)
+                               $issue_points = 20;
+                       if ($experience_total >= 30)
+                               $issue_points = 25;
+                       if ($experience_total >= 40)
+                               $issue_points = 30;
+                       if ($experience_total >= 50)
+                               $issue_points = 35;
+                       if ($issue_points != 0)
+                               $issue_points_txt = sprintf(_("You may issue up to %s points"),$issue_points);
+               }
+               if ($display_output)
+               {
+                       output_summary_row (_("Assurance Points you received"),$sum_points,$sum_points_countable,$remark_points);
+                       output_summary_row (_("Total Experience Points by Assurance"),$sum_experience,$sum_experience_countable,$remark_experience);
+                       output_summary_row (_("Total Experience Points (other ways)"),$sum_experience_other,$sum_experience_other_countable,$remark_experience_other);
+                       output_summary_row (_("Total Points"),"&nbsp;",$sum_points_countable + $sum_experience_countable + $sum_experience_other_countable,$issue_points_txt);
+               }
+               return $issue_points;
+       }
+
+       function output_given_assurances($userid)
+       {
+               output_assurances_header(_("Assurance Points You Issued"));
+               output_given_assurances_content($userid,$points,$sum_experience);
+               output_assurances_footer(_("Total Points Issued"),$points,_("Total Experience Points"),$sum_experience);
+       }
+
+       function output_received_assurances($userid)
+       {
+               output_assurances_header(_("Your Assurance Points"));
+               output_received_assurances_content($userid,$points,$sum_experience);
+               output_assurances_footer(_("Total Assurance Points"),$points,_("Total Experience Points"),$sum_experience);
+       }
+
+       function output_summary($userid)
+       {
+               output_summary_header();
+               output_summary_content($userid,1);
+               output_summary_footer();
+       }
+
+       function output_end_of_page()
+       {
+?>
+       <p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p>
+<?
+       }
+?>
index 342ab46..29aeb21 100644 (file)
     along with this program; if not, write to the Free Software
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */ ?>
+<?
+       if (intval($_REQUEST['force']) === 1)
+{
+?>
+
+<p style="border:dotted 1px #900;padding:0.3em;bold;color:#ffffff;background-color:#ff0000;"><strong><center>
+<?=_("For your own security you should change your pass phrase immediately!"); ?></center></strong>
+</p>
+<?}?>
+
 <form method="post" action="account.php">
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400">
   <tr>
index d9ce8a8..f4343e7 100644 (file)
@@ -18,9 +18,7 @@
 <p><?=_("By joining CAcert and becoming a Member, you agree to the CAcert Community Agreement. Please take a moment now to read that and agree to it; this will be required to complete the process of joining.")?></p>
 <p><?=_("Warning! This site requires cookies to be enabled to ensure your privacy and security. This site uses session cookies to store temporary values to prevent people from copying and pasting the session ID to someone else exposing their account, personal details and identity theft as a result.")?></p>
 <p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;">
-<b><?=_("In light of the number of people having issues with making up a password we have the following suggestions:")?></b><br><br>
-<?=_("To get a password that will work, we suggest the following example")?>: Fr3d Sm|7h<br><br>
-<?=_("This wouldn't match your name or email at all, it contains at least 1 lower case letter, 1 upper case letter, a number, white space and a misc symbol. You get additional security for being over 15 characters and a second additional point for having it over 30. The system starts reducing security if you include any section of your name, or password or email address or if it matches a word from the english dictionary...")?><br><br>
+<?=_("A proper password wouldn't match your name or email at all, it contains at least 1 lower case letter, 1 upper case letter, a number, white space and a misc symbol. You get additional security for being over 15 characters and a second additional point for having it over 30. The system starts reducing security if you include any section of your name, or password or email address or if it matches a word from the english dictionary...")?><br><br>
 <b><?=_("Note: White spaces at the beginning and end of a password will be removed.")?></b>
 </p>
 
index 8eefa44..fe57d81 100644 (file)
@@ -16,9 +16,7 @@
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */ ?>
 <p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;">
-<b><?=_("In light of the number of people having issues with making up a password we have the following suggestions:")?></b><br><br>
-<?=_("To get a password that will work, we suggest the following example")?>: Fr3d Sm|7h<br><br>
-<?=_("This wouldn't match your name or email at all, it contains at least 1 lower case letter, 1 upper case letter, a number, white space and a misc symbol. You get additional security for being over 15 characters and a second additional point for having it over 30. The system starts reducing security if you include any section of your name, or password or email address or if it matches a word from the english dictionary...")?>
+<?=_("A proper password wouldn't match your name or email at all, it contains at least 1 lower case letter, 1 upper case letter, a number, white space and a misc symbol. You get additional security for being over 15 characters and a second additional point for having it over 30. The system starts reducing security if you include any section of your name, or password or email address or if it matches a word from the english dictionary...")?>
 </p>
 
 <form method="post" action="index.php" autocomplete="off">
diff --git a/pages/wot/15.php b/pages/wot/15.php
new file mode 100644 (file)
index 0000000..8579588
--- /dev/null
@@ -0,0 +1,29 @@
+<? /*
+    LibreSSL - CAcert web application
+    Copyright (C) 2004-2011  CAcert Inc.
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; version 2 of the License.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+*/ 
+
+       include_once($_SESSION['_config']['filepath']."/includes/wot.inc.php");
+
+       $userid = intval($_SESSION['profile']['id']);
+
+       output_ranking($userid);
+       output_summary($userid);
+       output_given_assurances($userid);
+       output_received_assurances($userid);
+
+       output_end_of_page();
+?>
index c649fbf..d85a2a6 100644 (file)
@@ -30,7 +30,7 @@
        $query = "
 select u.email, fname, lname, sum(n.points) from users u, notary n
  where n.to=u.id
-   and not exists(select 1 from cats_passed cp where cp.user_id=u.id)
+   and not EXISTS(SELECT 1 FROM `cats_passed` AS `tp`, `cats_variant` AS `cv` WHERE `tp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 AND `tp`.`user_id` = `u`.`id`)
    and exists(select 1 from notary n2 where n2.from=u.id and year(n2.`when`)>2007)
    and (select count(*) from notary n3 where n3.from=u.id) > 1
  group by email, fname, lname
index 6d77a75..56dd0cf 100644 (file)
@@ -24,6 +24,8 @@
    API for CATS to import passed tests into main CAcert database.
 */
 
+require_once('../../includes/lib/account.php');
+
 function sanitize_string($buffer) {
  return htmlentities(utf8_decode($buffer), (int)ENQ_QUOTES);
 }
@@ -154,8 +156,7 @@ if (!$query) {
 }
 
 // Update Assurer-Flag on users table if 100 points. Should the number of points be SUM(points) or SUM(awarded)?
-$query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 1 WHERE `u`.`id` = \''.(int)intval($userID).'\' AND EXISTS(SELECT 1 FROM `cats_passed` AS `tp` WHERE `tp`.`user_id` = `u`.`id`) AND (SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` AND `expire` < now()) >= 100;'); // Challenge has been passed and non-expired points >= 100
-if (!$query) {
+if (!fix_assurer_flag($userID)) {
   echo 'Invalid query'."\r\n";
   trigger_error('Invalid query', E_USER_ERROR);
   exit();
index 13e8dc6..7330877 100644 (file)
                                $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."<br>";
                                $_SESSION['_config']['oldlocation'] = "account.php?id=13";
                        }
+                       if (checkpwlight($pword) < 3)
+                               $_SESSION['_config']['oldlocation'] = "account.php?id=14&force=1";
                        if($_SESSION['_config']['oldlocation'] != "")
                                header("location: https://".$_SERVER['HTTP_HOST']."/".$_SESSION['_config']['oldlocation']);
                        else
index 2bd4622..7fa572f 100644 (file)
        if($oldid == 6)
        {
                $max =  maxpoints();
-               $awarded = $newpoints = intval($_POST['points']);
-               if($newpoints > $max)
-                       $newpoints = $max;
+               
+               if (intval($_POST['points']) > $max) {
+                       $awarded = $newpoints = $max;
+               } elseif (intval($_POST['points']) < 0) {
+                       $awarded = $newpoints = 0;
+               } else {
+                       $awarded = $newpoints = intval($_POST['points']);
+               }
+               
                $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`";
                $res = mysql_query($query);
                $drow = mysql_fetch_assoc($res);