CAcert Code Development list.

[Michael Tänzer <michael.taenzer AT cacert.org>]

Hi folks,

We have a fix for https://bugs.cacert.org/view.php?id=1137
"Record the CCA acception for entering an assurance"

The fix was reviewed by Benny Baumann (BenBE) and me (NEOatNHNG) and
tested by Martin Gummi, Eva Stöwe (Eva) and Marcus Mängel (INOPIAE).

Diff is attached. Please also run the locale makefile so that our
translators see the new strings (if present) on
https://translations.cacert.org and new translations get imported into
the system.

Changed files:
/includes/notary.inc.php
/pages/wot/6.php
/www/wot.php

-- 
Have a nice day,
Michael Tänzer
diff --git a/includes/notary.inc.php b/includes/notary.inc.php
index 37a7ed0..c983491 100644
--- a/includes/notary.inc.php
+++ b/includes/notary.inc.php
@@ -639,10 +639,16 @@
 		$res = mysql_query($query);
 	}
 
+	/**
+	 * get_user_agreement_status()
+	 *  returns 1 if the user has an entry for the given type in user_agreement, 0 if no entry is recorded
+	 * @param mixed $memid
+	 * @param string $type
+	 * @return
+	 */
 	function get_user_agreement_status($memid, $type="CCA"){
-	//returns 0 - no user agreement, 1- at least one entry
 		$query="SELECT u.`document` FROM `user_agreements` u
-			WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." or u.`secmemid`=".$memid.")" ;
+			WHERE u.`document` = '" . mysql_real_escape_string($type) . "' AND u.`memid`=" . intval($memid) ;
 		$res = mysql_query($query);
 		if(mysql_num_rows($res) <=0){
 			return 0;
@@ -651,53 +657,62 @@
 		}
 	}
 
+	/**
+	 * get_first_user_agreement()
+	 *  returns the first user_agreement entry of the requested type depending on thes status of active of a given user
+	 * @param mixed $memid
+	 * @param integer $active, 0 - passive, 1 -active
+	 * @param string $type
+	 * @return
+	 */
 	function get_first_user_agreement($memid, $active=1, $type="CCA"){
 	//returns an array (`document`,`date`,`method`, `comment`,`active`)
-		if($active==1){
-			$filter="u.`memid`=".$memid;
-		}else{
-			$filter="u.`secmemid`=".$memid;
-		}
-		$query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM `user_agreements` u
-			WHERE u.`document` = '".$type."' AND ".$filter."
-			ORDER BY u.`date` Limit 1;";
+		$query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM `user_agreements` AS u
+			WHERE u.`document` = '" . mysql_real_escape_string($type) . "' AND u.`memid`=" . intval($memid) . " AND u.`active`=" . intval($active) .
+			" ORDER BY u.`date` Limit 1;";
 		$res = mysql_query($query);
 		if(mysql_num_rows($res) >0){
-			$row = mysql_fetch_assoc($res);
-			$rec['document']= $row['document'];
-			$rec['date']= $row['date'];
-			$rec['method']= $row['method'];
-			$rec['comment']= $row['comment'];
-			$rec['active']= $row['active'];
+			$rec = mysql_fetch_assoc($res);
 		}else{
 			$rec=array();
 		}
 		return $rec;
 	}
 
+	/**
+	 * get_last_user_agreement()
+	 *  returns the last user_agreement entry of a given type and of a given user
+	 * @param mixed $memid
+	 * @param string $type
+	 * @return
+	 */
 	function get_last_user_agreement($memid, $type="CCA"){
 	//returns an array (`document`,`date`,`method`, `comment`,`active`)
-		$query="(SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 1 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." ) order by `date` desc limit 1)
-			union
-			(SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 0 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND ( u.`secmemid`=".$memid.")) order by `date` desc limit 1" ;
+		$query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM user_agreements u WHERE u.`document` = '" . mysql_real_escape_string($type) . "' AND (u.`memid`=" . intval($memid) . " ) order by `date` desc limit 1 " ;
 		$res = mysql_query($query);
 		if(mysql_num_rows($res) >0){
-			$row = mysql_fetch_assoc($res);
-			$rec['document']= $row['document'];
-			$rec['date']= $row['date'];
-			$rec['method']= $row['method'];
-			$rec['comment']= $row['comment'];
-			$rec['active']= $row['active'];
+			$rec = mysql_fetch_assoc($res);
 		}else{
 			$rec=array();
 		}
 		return $rec;
 	}
 
-	function delete_user_agreement($memid, $type="CCA"){
+	/**
+	 * delete_user_agreement()
+	 *  deletes all entries for a given type from user_agreement of a given user, if type is not given all
+	 * @param mixed $memid
+	 * @param string $type
+	 * @return
+	 */
+	function delete_user_agreement($memid, $type=false){
 	//deletes all entries to an user for the given type of user agreements
-		mysql_query("delete from `user_agreements` where `memid`='".$memid."'");
-		mysql_query("delete from `user_agreements` where `secmemid`='".$memid."'");
+		if ($type === false) {
+			$filter = '';
+		} else {
+			$filter = " and `document` = '" . mysql_real_escape_string($type) . "'";
+		}
+		mysql_query("delete from `user_agreements` where `memid`=" . intval($memid) . $filter );
 	}
 
 	// functions for 6.php (assure somebody)
diff --git a/pages/wot/6.php b/pages/wot/6.php
index 1031090..3ca74c2 100644
--- a/pages/wot/6.php
+++ b/pages/wot/6.php
@@ -53,7 +53,7 @@
 	AssureTextLine("",_("Only tick the next box if the Assurance was face to face."));
 	AssureBoxLine("assertion",_("I believe that the assertion of identity I am making is correct, complete and verifiable. I have seen original documentation attesting to this identity. I accept that the CAcert Arbitrator may call upon me to provide evidence in any dispute, and I may be held responsible."),array_key_exists('assertion',$_POST) && $_POST['assertion'] == 1);
 	AssureBoxLine("rules",_("I have read and understood the CAcert Community Agreement (CCA), Assurance Policy and the Assurance Handbook. I am making this Assurance subject to and in compliance with the CCA, Assurance policy and handbook."),array_key_exists('rules',$_POST) && $_POST['rules'] == 1);
-	AssureTextLine(_("Policy"),"<a href=\"/policy/CAcert Community Agreement.php\" target=\"_blank\">"._("CAcert Community Agreement")."</a> -<a href=\"/policy/AssurancePolicy.php\" target=\"_blank\">"._("Assurance Policy")."</a> - <a href=\"http://wiki.cacert.org/AssuranceHandbook2\"; target=\"_blank\">"._("Assurance Handbook")."</a>");
+	AssureTextLine(_("Policy"),"<a href=\"/policy/CAcertCommunityAgreement.php\" target=\"_blank\">"._("CAcert Community Agreement")."</a> -<a href=\"/policy/AssurancePolicy.php\" target=\"_blank\">"._("Assurance Policy")."</a> - <a href=\"http://wiki.cacert.org/AssuranceHandbook2\"; target=\"_blank\">"._("Assurance Handbook")."</a>");
 	AssureInboxLine("points",_("Points"),"","<br />(Max. ".maxpoints().")");
 	AssureFoot($id,_("I confirm this Assurance"));
 ?>
diff --git a/www/wot.php b/www/wot.php
index 8395a58..7200517 100644
--- a/www/wot.php
+++ b/www/wot.php
@@ -371,7 +371,8 @@ $iecho= "c";
 						`when`=NOW()";
 		//record active acceptance by Assurer
 		if (check_date_format(trim($_REQUEST['date']),2010)) {
-			write_user_agreement($_SESSION['profile']['id'], "CCA", "Assurance", "Assurer", 1, $_SESSION['_config']['notarise']['id']);
+			write_user_agreement($_SESSION['profile']['id'], "CCA", "assurance", "Assuring", 1, $_SESSION['_config']['notarise']['id']);
+			write_user_agreement($_SESSION['_config']['notarise']['id'], "CCA", "assurance", "Being assured", 0, $_SESSION['profile']['id']);
 		}
 		if($_SESSION['profile']['ttpadmin'] == 1 && ($_POST['method'] == 'Trusted 3rd Parties' || $_POST['method'] == 'Trusted Third Parties')) {
 			$query .= ",\n`method`='TTP-Assisted'";
@@ -379,10 +380,6 @@ $iecho= "c";
 		mysql_query($query);
 		fix_assurer_flag($_SESSION['_config']['notarise']['id']);
 		include_once("../includes/notary.inc.php");
-/*to be activated after CCA accept option is implemented in form
-		write_user_agreement($_SESSION['profile']['id'], "CCA", "assurance", "Assuring", 1, $_SESSION['_config']['notarise']['id']);}*/
-/* to be activated after the CCA recording is announced
-		write_user_agreement($_SESSION['_config']['notarise']['id'], "CCA", "assurance", "Being assured", 0, $_SESSION['profile']['id']); */
 
 		if($_SESSION['profile']['points'] < 150)
 		{

Attachment: signature.asc
Description: OpenPGP digital signature