Directory includes

includes/.cvsignore

.cvsignore includes the parameters for CVS, which files to ignore by versioning

Note

CVS is long dead, is this still used?

includes/.gitignore

.gitignore contains file patterns to be ignored by Git.

includes/about_menu.php

links

”http://blog.cacert.org/”

”http://blog.CAcert.org/feed/”

”http://bugs.CAcert.org/”

”https://lists.cacert.org/wws”

”http://wiki.CAcert.org/”

”http://wiki.cacert.org/Board”

”http://wiki.cacert.org/FAQ/Privileges”

”www/policy/”

”www/src-lic.php”

about_menu.php is a part (<div>) of a PHP-Page, containing most of the CAcert-related links. It uses $_SESSION['mconn']

includes/account_stuff.php

uses

includes/about_menu.php

includes/account_stuff.php provides two procedures to be used for building the output of some HTML-pages.

It uses the global variables: $_REQUEST['id']

showheader($title = "CAcert.org", $title2 = "")

This function renders a page depending on the calling file. It uses the global variables: $_SERVER['PHP_SELF'], $_SESSION['_config']['header'], $_SESSION['_config']['normalhostname'], $_SESSION['profile']['adadmin'], $_SESSION['profile']['admin'], $_SESSION['profile']['assurer'], $_SESSION['profile']['dob'], $_SESSION['profile']['email'], $_SESSION['profile']['fname'], $_SESSION['profile']['id'], $_SESSION['profile']['lname'], $_SESSION['profile']['locadmin'], $_SESSION['profile']['mname'], $_SESSION['profile']['orgadmin'], $_SESSION['profile']['points'], $_SESSION['profile']['suff']

Parameters

• $title (string) –

• $title2 (string) –

Global

• (int) - $id:

Global

• (string) - $PHP_SELF:

showfooter()

This function renders a page-footer.

includes/account.php

Uses

• includes/lib/check_weak_key.php

• includes/lib/l10n.php

• includes/loggedin.php

• includes/notary.inc.php

includes/account.php first loads some more includefiles via loadem. It defines two functions and read the global variables $_REQUEST['id'], $_REQUEST['oldid'], $_REQUEST['process'], $_REQUEST['showdetails'], $_REQUEST['cert'], $_REQUEST['orgid'], $_REQUEST['memid'], $_REQUEST['domid'], $_REQUEST['action'], $_REQUEST['ticketno'], $_SESSION['mconn']

buildSubject(array $domains, $include_xmpp_addr = true)

Build a subject string as needed by the signer. This function uses account_domain_delete, account_email_delete, buildSubjectFromSession, check_client_cert_running, check_gpg_cert_running, check_is_orgadmin, check_server_cert_running, checkEmail, checkpw, checkWeakKeyCSR, checkWeakKeySPKAC, checkWeakKeyX509, clean_csr, HashAlgorithms::clean, csrf_check, extractit, generatecertpath, L10n::get_translation, getalt, getalt2, getcn, getcn2, make_hash, revoke_all_private_cert, runCommand, sanitizeHTML, sendmail, L10n::set_recipient_language, L10n::set_translation, showheader, showfooter, L10n::$translations, valid_ticket_number, waitForResult, write_se_log, write_user_agreement

Parameters

• $domains (array(string)) – First domain is used as CN and repeated in subjectAltName. Duplicates should already been removed

• $include_xmpp_addr (bool) – [default: true] Whether to include the XmppAddr in the subjectAltName. This is needed if the Jabber server is jabber.example.com but a Jabber ID on that server would be alice@example.com

Returns

• (string) - subject string as needed by the signer

buildSubjectFromSession()

Builds the subject string from the session variables $_SESSION[‘_config’][‘rows’] and $_SESSION[‘_config’][‘altrows’]

Returns

• (string) -

includes/general_stuff.php

Uses

• includes/lib/l10n.php

This process uses showbodycontent, showfooter, showheader

showbodycontent($title = "CAcert.org", $title2 = "")

includes/general.php

Uses

• includes/lib/account.php

• includes/lib/general.php

• includes/lib/l10n.php

• includes/mysql.php

includes/general.php is included by the file www/.htaccess that controls the behavior of the webserver.

Here the session is started/restarted with the name “cacert”. Then the raw HTTP header is sent.

$_SESSION['_config']['errmsg'] is set to empty string.

After that, the script only continues if $_SERVER['HTTP_HOST'] contains one of the values from $_SESSION['_config']['normalhostname'], $_SESSION['_config']['securehostname'], $_SESSION['_config']['tverify'] or “stamp.cacert.org” and also $_SERVER['HTTPS'] must have the value “on”.

Next the language is organized via L10n::detect_language and L10n::init_gettext.

Then it is checked in table users if the user whose userid is stored in $_SESSION['profile']['id'] is locked, else its total points are calculated from table notary and stored in $_SESSION['profile']['points'].

After that executable part of the script there are some functions defined

loadem($section = "index")

Depending on the content of section an additiv file will be included.

• ”account” includes $_SESSION['_config']['filepath'].”/includes/account_stuff.php”

• ”tverify” includes $_SESSION['_config']['filepath'].”/includes/tverify_stuff.php”

• ”index” includes $_SESSION['_config']['filepath'].”/includes/general_stuff.php”

• all other are handled like “index”

Parameters

• $section (string) –

  The section that is to handle. Allowed are

  • ”account”,

  • ”index”,

  • ”tverify”;

  • all other are handeled as “index”.

includeit($id = "0", $section = "index")

ipsum

checkpwlight($pwd)

ipsum

checkpw($pwd, $email, $fname, $mname, $lname, $suffix)

extractit()

getcn()

getalt()

getcn2()

getalt2()

checkownership($hostname)

maxpoints($id = 0)

gpg_hex2bin($data)

signmail($to, $subject, $message, $from, $replyto = "")

checkEmail($email)

waitForResult($table, $certid, $id = 0, $show = 1)

generateTicket()

sanitizeHTML($input)

make_hash()

csrf_check($nam, $show=1)

make_csrf($nam)

clean_gpgcsr($CSR)

sanitizeFilename($text)

no_assurer_text($Status)

is_assurer($userID)

get_assurer_reason($userID)

generatecertpath($type, $kind, $id)

mysql_timed_query($sql)

includes/keygen.php

includes/loggedin.php

Uses

• includes/lib/general.php

• includes/lib/l10n.php

• includes/mysql.php

• includes/notary.inc.php

Used by

• includes/account.php

Todo

analyze the module

includes/mysql.php

Used by

• CommModule/client.pl

• includes/general.php

• includes/loggedin.php

includes/mysql.php is not contained in the CAcert Git repository cacert-devel repository but is used by several other files. The file is copied from includes/mysql.php.sample and defines the database connection information.

This file is parsed directly by CommModule/client.pl format changes might break the CommModule code.

includes/mysql.php.sample

mysql.php.sample is a template for the database connection handling code that is meant to be copied to mysql.php.

The template defines the MySQL connection as a session variable $_SESSION['mconn'] while connecting to that database. It also defines the session variables $_SESSION['_config']['normalhostname'], $_SESSION['_config']['securehostname'] and $_SESSION['_config']['tverify'].

The template defines a function sendmail for sending mails.

sendmail($to, $subject, $message, $from, $replyto="", $toname="", $fromname="", $errorsto="returns@cacert.org", $use_utf8=true)

Send an email. The function reimplements functionality that is readily available in PHP. The function does not properly escape headers and sends raw SMTP commands.

Parameters

• $to (string) – recipient email address

• $subject (string) – subject

• $message (string) – email body

• $from (string) – from email address

• $replyto (string) – reply-to email address

• $fromname (string) – unused in the code

• $toname (string) – unused in the code

• $errorsto (string) – email address used for Sender and Errors-To headers

• $use_utf8 (bool) – decides whether the Content-Type header uses a charset parameter of utf-8 or iso-8859-1

Configuration and actual code are mixed. It would be better to have a separate file that just includes configuration.

includes/notary.inc.php

Used by

• includes/account.php

• includes/loggedin.php

includes/notary.inc.php defines the global constants NULL_DATETIME and THAWTE_REVOCATION_DATETIME. It also provides a set of funktions; here listed in the given order:

query_init($query)

Accesss the database to execute the passed query.

Parameters

• $query (string) – query to execute

Returns

• (resource) - result of the passed query.

query_getnextrow($res)

Return the next row of a previous received result of a database query.

Parameters

• $res (resource) – Result of a previous database query.

Returns

• (object) - next row in the passed resource

query_get_number_of_rows($resultset)

Return the number of rows of the passed $resource which has to be the result of a previous database query, select-statement

Parameters

• $resultset (resource) – Result of a previous database query

Returns

• (int) - number of rows in the passed resource

get_number_of_assurances($userid)

Returns the number of assurances the user with the passed userid has given. Uses query_init and query_getnextrow.

Parameters

• $userid (int) – userid of be controled

Returns

• (int) - number of given assurances

get_number_of_ttpassurances($userid)

Returns the number of TTP-assurances the user with the passed userid has received. Uses query_init and query_getnextrow.

Parameters

• $userid (int) – userid of be controled

Returns

• (int) - number of received TTP-assurances

get_number_of_assurees($userid)

Returns the number of assurances the user with the passed userid has received. Uses query_init and query_getnextrow.

Parameters

• $userid (int) – userid of be controled

Returns

• (int) - number of received assurances

get_top_assurer_position($no_of_assurances)

Returns the ranking of an assurer with the passed number of given assurances. Uses query_init and query_get_number_of_rows.

Parameters

• $no_of_assurances (int) – number of assurances

Returns

• (int) - position at the list of top assurers

get_top_assuree_position($no_of_assurees)

Returns the ranking of an assuree with the passed number of received assurances. Uses query_init and query_get_number_of_rows.

Parameters

• $no_of_assurances (int) – number of assurances

Returns

• (int) - position at the list of top assurees

get_given_assurances($userid, $log=0)

Get the list of assurances given by the user. Uses query_init.

Parameters

• $userid (int) – id of the assurer

• $log (int) – if set to 1 also includes deleted assurances

Returns

• (resource) - a MySQL result set

get_received_assurances($userid, $log=0)

Get the list of assurances received by the user. Uses query_init.

Parameters

• $userid (int) – id of the assuree

• $log (int) – if set to 1 also includes deleted assurances

Returns

• (resource) - a MySQL result set

get_given_assurances_summary($userid)

Get the count of given assurances of the user with the passed userid grouped by points, awarded, method. Uses query_init.

Parameters

• $userid (int) – id of the assurer

Returns

• (resource) - list of number of given assurances grouped by points, awarded, method

get_received_assurances_summary($userid)

Get the count of received assurances of the user with the passed userid grouped by points, awarded, method. Uses query_init.

Parameters

• $userid (int) – id of the assuree

Returns

• (resource) - list of number of received assurances grouped by points, awarded, method

get_user($userid)

Get data of user with the passed userid. Uses query_init.

Parameters

• $userid (int) – id of the user

Returns

• (resource) - data frum table users belonging to passed userid.

get_cats_state($userid)

Get the number of passed CATS for the given userid. Uses query_init.

Parameters

• $userid (int) – id of a user

Returns

• (int) - number of passed CATS

calc_awarded($row)

Calculate awarded points (corrects some issues like out of range points or points that were issued by means that have been deprecated)

Parameters

• $row (array) – associative array containing the data from the notary table

Returns

• (int) - the awarded points for this assurance

calc_experience(&$row, &$sum_points, &$sum_experience)

Calculate the experience points from a given Assurance. Uses calc_awarded.

Parameters

• $row (array) – [inout] associative array containing the data from the notary table, the keys ‘experience’ and ‘calc_awarded’ will be added

• $sum_points (int) – [inout] the sum of already counted assurance points the assurer issued

• $sum_experience (int) – [inout] the sum of already counted experience points that were awarded to the assurer

calc_assurances(&$row, &$sum_points, &$sum_experience)

Calculate the points received from a received Assurance. Uses calc_awarded.

Parameters

• $row (array) – [inout] associative array containing the data from the notary table, the keys ‘experience’ and ‘calc_awarded’ will be added

• $sum_points (int) – [inout] the sum of already counted assurance points the assuree received

• $sum_experience (int) – [inout] the sum of already counted experience points that were awarded to the assurer

show_user_link($user)

Generate a link to the support engineer page for the user with the name of the user as link text. Uses sanitizeHTML.

Parameters

• $user (array) – associative array containing the data from the user table

Returns

• (string) - name of the user with the passed userid or System or deleted

show_email_link($user)

Generate a link to the support engineer page for the user with the email address as link text. Uses sanitizeHTML.

Parameters

• $user (array) – associative array containing the data from the user table

Returns

• (string) - email-address

get_assurer_ranking($userid, &$num_of_assurances, &$rank_of_assurer)

Getting the number of given assurances and the rank of the user with the passed userid. Uses get_number_of_assurances and get_top_assurer_position.

Parameters

• $userid (int) – id of an user

• $num_of_assurances (int) – [inout] number of given assurances

• $rank_of_assurer (int) – [inout] rank in assurer-list

get_assuree_ranking($userid, &$num_of_assurees, &$rank_of_assuree)

Getting the number of received assurances and the rank of the user with the passed userid. Uses get_number_of_assurees and get_top_assuree_position.

Parameters

• $userid (int) – id of an user

• $num_of_assurees (int) – [inout] number of received assurances

• $rank_of_assuree (int) – [inout] rank in assuree-list

output_ranking($userid)

Generating HTML-code for showing the assurer/assuree data. Uses get_assurer_ranking and get_assuree_ranking.

Parameters

• $userid (int) – userid to build the page format

output_assurances_header($title, $support, $log)

Render header for the assurance table (same for given/received)

Parameters

• $title (string) – The title for the table

• $support (int) – set to 1 if the output is for the support interface

• $log (int) – if set to 1 also includes deleted assurances

output_assurances_footer($points_txt, $sumpoints, $experience_txt, $sumexperience, $support, $log)

Render footer for the assurance table (same for given/received)

Parameters

• $points_txt (string) – Description for sum of assurance points

• $sumpoints (int) – sum of assurance points

• $experience_txt (string) – Description for sum of experience points

• $sumexperience (int) – sum of experience points

• $support (int) – set to 1 if the output is for the support interface

• $log (int) – if set to 1 also includes deleted assurances

output_assurances_row($assurance, $userid, $other_user, $support, $ticketno, $log)

Render an assurance for a view. Uses show_email_link, show_user_link, sanitizeHTML and make_csrf.

Parameters

• $assurance (array) – associative array containing the data from the notary table

• $userid (int) – Id of the user whichs given/received assurances are displayed

• $other_user (array) – associative array containing the other users data from the users table

• $support (int) – set to 1 if the output is for the support interface

• $ticketno (string) – ticket number currently set in the support interface

• $log (int) – if set to 1 also includes deleted assurances

output_summary_header()

Render the header for the summary.

output_summary_footer()

Render the footer for the summary.

output_summary_row($title, $points, $points_countable, $remark)

Render a row of the summary of points

Parameters

• $title (string) – The description of the row

• $points (inf) –

• $points_countable (int) –

• $remark (string) –

Todo

check points and points_countable

output_given_assurances_content($userid, &$sum_points, &$sum_experience, $support, $ticketno, $log)

Helper function to render assurances given by the user. Uses get_given_assurances, get_user, calc_experience and output_assurances_row.

Parameters

• $userid (int) – id of a user

• &$sum_points (int) – [out] sum of given points

• &$sum_experience (int) – [out] sum of experience points gained

• $support (int) – set to 1 if the output is for the support interface

• $ticketno (string) – the ticket number set in the support interface

• $log (int) – if set to 1 also includes deleted assurances

output_received_assurances_content($userid, &$sum_points, &$sum_experience, $support, $ticketno, $log)

Helper function to render assurances received by the user. Uses get_received_assurances, get_user, calc_assurances and output_assurances_row.

Parameters

• $userid (int) – id of a user

• $sum_points (int&) – [out] sum of received points

• $sum_experience (int&) – [out] sum of experience points the assurers gained

• $support (int) – set to 1 if the output is for the support interface

• $ticketno (string) – the ticket number set in the support interface

• $log (int) – if set to 1 also includes deleted assurances

check_date_limit($userid, $age)

Checks if the user with the passed userid has reached a given age. Uses query_init, query_get_number_of_rows.

Parameters

• $userid (int) – id of a user

• $age (int) – the age to be checked against

Returns

• (int) - 1: if the given age is reached; 0 else

max_points($userid)

Determin, how many points the user can issue at most. Uses output_summary_content.

Parameters

• $userid (int) – id of a user

Returns

• (int) - max to issue points

output_summary_content($userid, $display_output)

Calculate points and render them for output. Uses check_date_limit, get_received_assurances_summary, calc_awarded, get_given_assurances_summary, get_cats_state, output_summary_row.

Parameters

• $userid (int) – id of a user

• $display_output (int) – flag if to display (1) or not (0)

Retur

• (int) - max to issue points

output_given_assurances($userid, $support=0, $ticketno='', $log=0)

Render assurances given by the user. Uses output_assurances_header, output_given_assurances_content, output_assurances_footer.

Parameters

• $userid (int) – id of a user

• $support (int) – set to 1 if the output is for the support interface

• $ticketno (string) – the ticket number set in the support interface

• $log (int) – if set to 1 also includes deleted assurances

output_received_assurances($userid, $support=0, $ticketno='', $log=0)

Render assurances received by the user. Uses output_assurances_header, output_received_assurances_content, output_assurances_footer.

Parameters

• $userid (int) – id of a user

• $support (int) – set to 1 if the output is for the support interface

• $ticketno (string) – the ticket number set in the support interface

• $log (int) – if set to 1 also includes deleted assurances

output_summary($userid)

Render the page output for a user. Uses output_summary_header, output_summary_content, output_summary_footer.

Parameters

• $userid (int) – id of a user

output_end_of_page()

Adds a goBack-button to the page.

write_user_agreement($memid, $document, $method, $comment, $active=1, $secmemid=0)

Writes a new record to the table user_agreement.

Parameters

• $memid (mixed) – id of a user

• $document (mixed) –

• $method (mixed) –

• $comment (mixed) –

• $active (integer) –

• $secmemid (integer) –

Returns

get_user_agreement_status($memid, $type="CCA")

Returns 1 if the user has an entry for the given type in user_agreement, 0 if no entry is recorded

Parameters

• $memid (mixed) – userid

• $type (string) – “CCA”

Returns

• (int) - 1 if the user has an entry for the given type in user_agreement, 0 if no entry is recorded

get_first_user_agreement($memid, $type=null, $active=null)

Get the first user_agreement entry of the requested type

Parameters

• $memid (int) –

• $type (string) – the type of user agreement, by default all agreements are listed

• $active (int) –

  whether to get active or passive agreements:

  • 0 := passive

  • 1 := active

  • null := both

Returns

• (array(string=>mixed)) - an associative array containing ‘document’, ‘date’, ‘method’, ‘comment’, ‘active’.

get_last_user_agreement($memid, $type=null, $active=null)

Get the last user_agreement entry of the requested type

Parameters

• $memid (int) –

• $type (string) – the type of user agreement, by default all agreements are listed

• $active (int) –

  whether to get active or passive agreements:

  • 0 := passive

  • 1 := active

  • null := both

Returns

• (array(string=>mixed)) - an associative array containing ‘document’, ‘date’, ‘method’, ‘comment’, ‘active’.

get_user_agreements($memid, $type=null, $active=null)

Get all user_agreement entrys of the requested type

Parameters

• $memid (int) –

• $type (string) – the type of user agreement, by default all agreements are listed

• $active (int) –

  whether to get active or passive agreements:

  • 0 := passive

  • 1 := active

  • null := both

Returns

• (resource) - a mysql result set containing all agreements

delete_user_agreement($memid, $type=false)

Deletes all entries for a given type from user_agreement of a given user, if type is not given, delete all all

Parameters

• $memid (mixed) – Member-id

• $type (string) – the type of user agreement ; if false all

AssureTextLine($field1, $field2)

Prepares a text line for assurance-page /pages/wot/6.php; two cells in a row

Parameters

• $field1 (string) – text string

• $field2 (string) – text string

AssureBoxLine($type, $text, $checked)

Prepares a box line for assurance-page /pages/wot/6.php; two cells in a row, a checkbox with stats and a text

Parameters

• $type (string) – type/name of checkbox

• $text (string) – text to present

• $checked (string) – status of the ceckbox

AssureMethodLine($text, $methods, $remark)

Prepares another row for assurance-page /pages/wot/6.php containing the methods of the assurance

Parameters

• $text$ (string) – text

• $methods (array(string)) – possible methods of assurance

• $remark (string) – a possible remark to the assurance

AssureInboxLine($type, $field, $value, $description)

Prepare an inBox line.

Parameters

• $type (string) – name of the information shown in line

• $field (string) – readable name of the information of the line

• $value (string) – value of the information

• $description (string) – description/remarks to displayed the information

AssureFoot($oldid, $confirm)

Prepares the footer of the assurance page /pages/wot/6.php.

Parameters

• $oldid (int) – field to hide containing the actual id of the dialog

• $confirm (string) – text for confirmation

account_email_delete($mailid)

Deletes an email entry from an acount, revolkes all certifcates for that email address. Uses revoke_all_client_cert.

Parameters

• $mailid (int) – Id of the email address to be deleted

account_domain_delete($domainid)

Deletes an domain entry from an acount, revolkes all certifcates for that domain address. Uses revoke_all_server_cert.

Parameters

• $domainid (int) – Id of the domain to be deleted

account_delete($id, $arbno, $adminid)

Deletes an account following the deleted account routnie V3 and change password (arbitration). Uses account_email_delete, account_domain_delete,

Parameters

• $id (int) – Id of the account to be deleted

• $arbno (string) – Arbitrationnumber that justifies the deletion.

• $adminid (int) – ID of the administrator who fullfilled the deletion

check_email_exists($email)

Checks if an email address exists.

Parameters

• $email (string) – Email address to be checked

Returns

• (bool): true if email exists; else false

check_gpg_cert_running($uid, $cca=0)

Checks if a non-expired gpg certificatation exists.

Parameters

• $uid (int) – account ID to be checked for gpg certification

• $cca (int) – 0 if just expired, =1 if CCA retention +3 month should be obeyed

Returns

• (bool) - true if a gpg certification exists; else false

check_client_cert_running($uid, $cca=0)

Checks if a non-expired, non-revoked client certificate exists for an account.

Parameters

• $uid (int) – account ID to be checked for client certificates

• $cca (int) – 0 if just expired, =1 if CCA retention +3 month should be obeyed

Returns

• (bool) - true if a client certificate exists; else false

check_server_cert_running($uid, $cca=0)

Checks if a non-expired, non-revoked server certificate exists for an account.

Parameters

• $uid (int) – account ID to be checked for server certificates

• $cca (int) – 0 if just expired, =1 if CCA retention +3 month should be obeyed

Returns

• (bool) - true if a server certificate exists; else false

check_is_orgadmin($uid)

Checks if a given account is an organisation administrator.

Parameters

• $uid (int) – account ID to be checked as organisation administrator

Returns

• (bool) - true if the account belongs to an organisation administrator; else false

revoke_all_client_cert($mailid)

Revokes all client certificates for a given email address.

Parameters

• $mailid (int) – ID of an email address.

function revoke_all_server_cert($domainid)

Revokes all server certs for an domain.

Parameters

• $domainid (int) – ID of an domain.

revoke_all_private_cert($uid)

Revokes all certificates linked to a personal accounts, gpg revokation needs to be added to a later point. Uses revoke_all_client_cert, revoke_all_server_cert.

Parameters

• $uid (int) – ID of the account whos certificates have to be rovoked

check_date_format($date, $year=2000)

Checks if the date is entered in the right date format YYYY-MM-DD and if the date is after the 1st January of the given year

Parameters

• $date (mixed) – Date to check

• $year (integer) – Year to check against

Returns

• (bool) - true if date is valid; false if not

check_date_difference($date, $diff=1)

Checks if the given date is less or equal then today plus a given time difference

Parameters

• $date (mixed) – Date to be checked

• $diff (integer) – difference in days (positive future, negative past) to add to the current date

Returns

• (bool) - returns false if the date is larger then today + time difference

write_se_log($uid, $adminid, $type, $info)

Records all support engineer actions changing a user account writing the information to the adminlog.

Parameters

• $uid (int) – id of the user account

• $adminid (int) – id of the admin

• $type (string) – the operation that was performed on the user account

• $info (string) – the ticket / arbitration number or other information

Returns

• (bool) - true := success, false := error

valid_ticket_number($ticketno)

Check if the entered information is a valid ticket or arbitration number.

Parameters

• $ticketno (string) –

Returns

• (bool) -

get_user_data($userid, $deleted=0)

Get all data of an account given by the id from the users table (function for handling account/43.php)

Parameters

• $userid (int) – account id

• $deleted (int) – states if deleted data should be visible , default = 0 - not visible

Returns

• (resource) - a mysql result set

get_alerts($userid)

Get the alert settings for a user (function for handling account/43.php)

Parameters

• $userid (int) – for the requested account

Returns

• (array) - associative array

get_email_addresses($userid, $exclude, $deleted=0)

Get all email addresses linked to the account (should be entered in account/2.php)

Parameters

• $userid (int) –

• $exclude (string) – if given the email address will be excluded

• $deleted (int) – states if deleted data should be visible, default = 0 - not visible

Returns

• (resource) - a mysql result set

get_domains($userid, $deleted=0)

Get all domains linked to the account (should be entered in account/9.php).

Parameters

• $userid (int) –

• $deleted (int) – states if deleted data should be visible, default = 0 - not visible

Returns

• (resource) - a mysql result set

get_training_results($userid)

Get all training results for the account (should be entered in account/55.php)

Parameters

• $userid (int) –

Returns

• (resource) - a mysql result set

get_se_log($userid)

Get all SE log entries for the account

Parameters

• $userid (int) –

Returns

• (resource) - a mysql result set

get_client_certs($userid, $viewall=0)

Get all client certificates linked to the account (add to account/5.php)

Parameters

• $userid (int) –

• $viewall (int) – states if expired certs should be visible, default = 0 - not visible

Returns

• (resource) - a mysql result set

get_server_certs($userid, $viewall=0)

Get all server certs linked to the account (add to account/12.php)

Parameters

• $userid (int) –

• $viewall (int) – states if expired certs should be visible, default = 0 - not visible

Returns

• (resource - a mysql result set)

get_gpg_certs($userid, $viewall=0)

Get all gpg certs linked to the account (add to gpg/2.php)

Parameters

• $userid (int) –

• $viewall (int) – states if expired certs should be visible, default = 0 - not visible

Returns

• (resource) - a mysql result set

output_log_email_header()

Show the table header to the email table for the admin log

output_log_email($row, $primary)

Show all email data for the admin log

Parameters

• $row (array) – associative array containing the column data

• $primary (string) – if given the primary address is highlighted

output_log_domains_header()

Show the table header to the domains table for the admin log.

output_log_domains($row)

Show the domain data for the admin log

Parameters

• $row (array) – associative array containing the column data

output_log_agreement_header()

Show the table header to the user agreement table for the admin log.

output_log_agreement($row)

Show the agreement data for the admin log.

Parameters

• $row (array) – associative array containing the column data

output_log_training_header()

Show the table header to the training table (should be entered in account/55.php).

output_log_training($row)

Show the training data (should be entered in account/55.php).

Parameters

• $row (array) – associative array containing the column data

output_log_se_header($support=0)

Show the table header to the SE log table for the admin log.

Parameters

• $support (int) – if support = 1 more information is visible

output_log_se($row, $support=0)

Show the SE log data for the admin log (should be entered in account/55.php)

Parameters

• $row (array) – associative array containing the column data

• $support (int) – if support = 1 more information is visible

output_client_cert_header($support=0, $readonly=true)

Shows the table header to the client cert table (should be added to account/5.php)

Parameters

• $support (int) – if support = 1 some columns ar not visible

• $readonly (bool) – whether elements to modify data should be hidden, default is true

output_client_cert($row, $support=0, $readonly=true)

Show the client cert data (should be entered in account/5.php)

Parameters

• $row (array) – associative array containing the column data

• $support (int) – if support = 1 some columns are not visible

• $readonly (bool) – whether elements to modify data should be hidden, default is true

output_server_certs_header($support=0, $readonly=true)

Show the table header to the server cert table (should be entered in account/12.php)

Parameters

• $support (int) – if support = 1 some columns ar not visible

• $readonly (bool) – whether elements to modify data should be hidden, default is true

output_server_certs($row, $support=0, $readonly=true)

Show the server cert data (should be entered in account/12.php)

Parameters

• $row (array) – associative array containing the column data

• $support (int) – if support = 1 some columns are not visible

• $readonly (bool) – whether elements to modify data should be hidden, default is true

output_gpg_certs_header($support=0, $readonly=true)

Show the table header to the gpg cert table.

Parameters

• $support (int) – if support = 1 some columns ar not visible

• $readonly (bool) – whether elements to modify data should be hidden, default is true ($readonly is currently ignored but kept for consistency)

output_gpg_certs($row, $support=0, $readonly=true)

Show the gpg cert data (should be entered in account/55.php)

Parameters

• $row (array) – associative array containing the column data

• $support (int) – if support = 1 some columns are not visible

• $readonly (bool) – whether elements to modify data should be hidden, default is true

includes/shutdown.php

includes/sponsorinfo.php

includes/tverify_stuff.php

Directory includes/lib

includes/lib/account.php

Used by

• includes/general.php

include/lib/account.php defines a function and a class for use by other precedures.

fix_assurer_flag($userID = NULL)

Function to recalculate the cached Assurer status. Update Assurer-Flag on users table if 100 points and CATS passed. We may have some performance issues here if no userID is given there are ~150k assurances and ~220k users currently but the exists-clause on cats_passed should be a good filter.

Parameters

• $userID (int) – if the user ID is not given the flag will be recalculated for all users

Returns

• (bool) - false if there was an error on fixing the flag. This does NOT return the new value of the flag

class HashAlgorithms

Supported hash algorithms for signing certificates.

property HashAlgorithms::$$default

Default hash algorithm identifier for signing

static HashAlgorithms::getInfo

Get display strings for the supported hash algorithms.

Returns

• (array(string=>array(‘name’=>string, ‘info’=>string)))

1. [$hash_identifier][‘name’] = Name that should be displayed in UI

2. [$hash_identifier][‘info’] = Additional information that can help with the selection of a suitable algorithm

static HashAlgorithms::clean($hash_identifier)

Check if the input is a supported hash algorithm identifier otherwise return the identifier of the default hash algorithm

Parameters

• $hash_identifier (string) –

Returns

• (string) - The cleaned identifier

includes/lib/check_weak_key.php

Used by

• includes/account.php

uses

includes/lib/general.php

includes/lib/check_weak_key.php does the checking of keys for vulnaribilities and therefore provides some functions to be used by other procedures.

checkWeakKeyCSR($csr, $encoding = "PEM")

Checks whether the given CSR contains a vulnerable key. This function uses: checkWeakKeyText, failWithId, runCommand

Parameters

• $csr (string) – The CSR to be checked

• $encoding (string [optional]) – The encoding the CSR is in (for the “-inform” parameter of OpenSSL, currently only “PEM” (default) or “DER” allowed)

Returns

• (string) - containing the reason if the key is considered weak, empty string otherwise

checkWeakKeyX509($cert, $encoding = "PEM")

Checks whether the given X509 certificate contains a vulnerable key. This function uses: checkWeakKeyText, failWithId, runCommand

Parameters

• $cert (string) – The X509 certificate to be checked

• $encoding (string [optional]) – The encoding the certificate is in (for the “-inform” parameter of OpenSSL, currently only “PEM” (default), “DER” or “NET” allowed)

Returns

• (string) - String containing the reason if the key is considered weak, empty string otherwise

checkWeakKeySPKAC($spkac, $spkacname = "SPKAC")

Checks whether the given SPKAC certificate contains a vulnerable key. This function uses: checkWeakKeyText, failWithId, runCommand

Parameters

• $spkac (string) – The SPKAC to be checked

• $spkacname (string [optional]) – The name of the variable that contains the SPKAC. The default is “SPKAC”

Returns

• (string) - String containing the reason if the key is considered weak, empty string otherwise

checkWeakKeyText($text)

Checks whether the given text representation of a CSR or a SPKAC contains a weak key. This function uses: checkDebianVulnerability, failWithId, runCommand

Parameters

• $text (string) – The text representation of a key as output by the “openssl <foo> -text -noout” commands

Returns

• (string) - String containing the reason if the key is considered weak, empty string otherwise

checkDebianVulnerability($text, $keysize = 0)

Reimplement the functionality of the openssl-vulnkey tool.

It triggers the exeptions: E_USER_NOTICE, E_USER_WARNING, E_USER_ERROR

Parameters

• $text (string) – The text representation of a key as output by the “openssl <foo> -text -noout” commands

• $keysize (int [optional]) – If the key size is already known it can be provided so it doesn’t have to be parsed again. This also skips the check whether the key is an RSA key => use wisely.

Returns

• (mixed) - TRUE if key is vulnerable, FALSE otherwise, NULL in case of error

includes/lib/general.php

Used by

• includes/general.php

• includes/loggedin.php

includes/lib/general.php provides the system with four functions.

get_user_id_from_cert($serial, $issuer_cn)

Checks if the user may log in and retrieve the user id. Usually called with $_SERVER[‘SSL_CLIENT_M_SERIAL’] and $_SERVER[‘SSL_CLIENT_I_DN_CN’]

Parameters

• $serial (string) – usually $_SERVER[‘SSL_CLIENT_M_SERIAL’]

• $issuer_cn (string) – usually $_SERVER[‘SSL_CLIENT_I_DN_CN’]

Returns

• (int) - the user id, -1 in case of error

failWithId($errormessage)

Produces a log entry with the error message with log level E_USER_WARN and a random ID an returns a message that can be displayed to the user including the generated ID

Parameters

• string ($errormessage) – The error message that should be logged

Returns

• (string) - containing the generated ID that can be displayed to the user

runCommand($command, $input = "", &$output = null, &$errors = true)

Runs a command on the shell and return it’s exit code and output

Parameters

• $command (string) – The command to run. Make sure that you escapeshellarg() any non-constant parts as this is executed on a shell!

• $input (string|bool) – The input that is passed to the command via STDIN, if true the real STDIN is passed through

• $output (string|bool) – The output the command wrote to STDOUT (this is passed as reference), if true the output will be written to the real STDOUT. Output is ignored by default

• $errors (string|bool) – The output the command wrote to STDERR (this is passed as reference), if true (default) the output will be written to the real STDERR

Returns

• (int|bool) - The exit code of the command, true if the execution of the command failed (true because then <code>if (runCommand(‘echo “foo”’)) handle_error();</code> will work)

get_assurer_status($userID)

Determine if the user with the passed userid is an assurer.

Parameters

• $userid (int) – id of the user to be checked.

Returns

• (int) - 0 if user is an assurer; 3,7,11,15 if 100 ssurance points not reached; 5,7,13,15 if assurer test is missing; 9,11,13,15 if not allowed to be an assurer.

includes/lib/l10n.php

Used by

• includes/account.php

• includes/general.php

• includes/general_stuff.php

• includes/loggedin.php

includes/lib/l10n.php defines the class L10n. Some methods use and manipulate the global variables:

$_SESSION['_config']['language']

$_SESSION['_config']['recode']

class L10n

property L10n::$$translations

An array of possible translations (“ISO-language code” => “native name of the language”). At the moment with values: “ar”, “bg”, “cs”, “da”, “de”, “el”, “en”, “es”, “fi”, “fr”, “hu”, “it”, “ja”, “lv”, “nl”, “pl”, “pt”, “pt-br”, “ru”, “sv”, “tr”, “zh-cn”, “zh-tw”.

property L10n::$$locales

An array of allowed locales. Values at the moment: “ar_JO”, “bg_BG”, “cs_CZ”, “da_DK”, “de_DE”, “el_GR”, “en_US”, “es_ES”, “fa_IR”, “fi_FI”, “fr_FR”, “he_IL”, “hr_HR”, “hu_HU”, “id_ID”, “is_IS”, “it_IT”, “ja_JP”, “ka_GE”, “ko_KR”, “lv_LV”, “nb_NO”, “nl_NL”, “pl_PL”, “pt_PT”, “pt_BR”, “ro_RO”, “ru_RU”, “sl_SI”, “sv_SE”, “th_TH”, “tr_TR”, “uk_UA”, “zh_CN”, “zh_TW”.

static L10n::detect_language

It auto-detects the language that should be used and sets it. Only works for HTTP, not in a command line script. Priority:

1. explicit parameter “lang” passed in HTTP (e.g. via GET)

2. existing setting in the session (stick to the setting we had before)

3. auto-detect via the HTTP Accept-Language header sent by the user agent

Uses the global variables $_REQUEST["lang"], $_SERVER['HTTP_ACCEPT_LANGUAGE'].

static L10n::normalise_translation($translation_code)

Normalise the translation code (e.g. from the old codes to the new)

Parameters

• $translation_code (string) – the translation code as specified in the keys of $translations

Returns

• (string) - a translation code or the empty string if it can’t be normalised

static L10n::get_translation

Get the set translation. The method uses $_SESSION['_config']['language']

Returns

• (string) - a translation code or the empty string if not set

static L10n::set_translation($translation_code)

Set the translation to use. Sets also the ENV LANG= and if run in a session $_SESSION['_config']['language'] and $_SESSION['_config']['recode'].

Parameters

• $translation_code (string) – the translation code as specified in the keys of {@link $translations}

Returns

• (bool) - true if the translation has been set successfully; false if the $translation_code was not contained in the white list or could not be set for other reasons (e.g. setlocale() failed because the locale has not been set up on the system - details will be logged)

static L10n::init_gettext($domain = 'messages')

Sets up the text domain used by gettext. Uses $_SESSION['_config']['filepath'] and appends ‘/locale’.

Parameters

• $domain (string) – the gettext domain that should be used, defaults to “messages”

static L10n::set_recipient_language($accountid)

Returns the language of a recipient to make sure that the language is correct

Parameters

• $accountid (int) – accountnumber of the recipient