diff options
author | INOPIAE <inopiae@cacert.org> | 2012-12-15 14:38:44 +0100 |
---|---|---|
committer | Benny Baumann <BenBE@geshi.org> | 2013-01-07 00:18:47 +0100 |
commit | 0f2ef2f94a72bd9d869c7e79674dc39f0bf0a71b (patch) | |
tree | 443127fe9af060b8d67df60fa8b760d83ddb1897 | |
parent | 7baaa9a0ac611329539a43031ca3d0e81bba2b5f (diff) | |
download | cacert-devel-0f2ef2f94a72bd9d869c7e79674dc39f0bf0a71b.tar.gz cacert-devel-0f2ef2f94a72bd9d869c7e79674dc39f0bf0a71b.tar.xz cacert-devel-0f2ef2f94a72bd9d869c7e79674dc39f0bf0a71b.zip |
bug 893:extracted delete functionalities to temp_functions.php, modified www/disputes.php, includes/account.php with the new function calls, changed the the delete account routine for pages/account/50.php
Late the functions from temp_functions.php should be moved to notary_inc.php???
-rw-r--r-- | includes/account.php | 65 | ||||
-rw-r--r-- | includes/temp_functions.php | 153 | ||||
-rw-r--r-- | pages/account/50.php | 6 | ||||
-rw-r--r-- | www/disputes.php | 35 |
4 files changed, 179 insertions, 80 deletions
diff --git a/includes/account.php b/includes/account.php index 4faa0e5..5ac5a6a 100644 --- a/includes/account.php +++ b/includes/account.php @@ -18,7 +18,8 @@ require_once("../includes/loggedin.php"); require_once("../includes/lib/l10n.php"); require_once('lib/check_weak_key.php'); - + require_once("../includes/temp_functions.php"); + loadem("account"); $id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']); @@ -160,17 +161,7 @@ { $row = mysql_fetch_assoc($res); echo $row['email']."<br>\n"; - $query = "select `emailcerts`.`id` - from `emaillink`,`emailcerts` where - `emailid`='$id' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and - `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0 - group by `emailcerts`.`id`"; - $dres = mysql_query($query); - while($drow = mysql_fetch_assoc($dres)) - mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['id']."'"); - - $query = "update `email` set `deleted`=NOW() where `id`='$id'"; - mysql_query($query); + account_email_delete($row['id']); $delcount++; } } @@ -621,31 +612,9 @@ { $row = mysql_fetch_assoc($res); echo $row['domain']."<br>\n"; - - $dres = mysql_query( - "select distinct `domaincerts`.`id` - from `domaincerts`, `domlink` - where `domaincerts`.`domid` = '$id' - or ( - `domaincerts`.`id` = `domlink`.`certid` - and `domlink`.`domid` = '$id' - )"); - while($drow = mysql_fetch_assoc($dres)) - { - mysql_query( - "update `domaincerts` - set `revoked`='1970-01-01 10:00:01' - where `id` = '".$drow['id']."' - and `revoked` = 0 - and UNIX_TIMESTAMP(`expire`) - - UNIX_TIMESTAMP() > 0"); - } - - mysql_query( - "update `domains` - set `deleted`=NOW() - where `id` = '$id'"); + account_domain_delete($row['id']); } + } } else @@ -2324,8 +2293,8 @@ $row = mysql_fetch_assoc($res); if ( !is_assurer(intval($row['id'])) ) { - $id = $oldid;
- $oldid=0;
+ $id = $oldid; + $oldid=0; $_SESSION['_config']['errmsg'] = _("The user is not an Assurer yet"); } else { @@ -2874,23 +2843,11 @@ if($oldid == 50 && $process != "") { $_REQUEST['userid'] = intval($_REQUEST['userid']); - $res = mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'"); - if(mysql_num_rows($res) > 0) - { - $query = "update `domaincerts`,`domains` SET `domaincerts`.`revoked`='1970-01-01 10:00:01' - WHERE `domaincerts`.`domid` = `domains`.`id` AND `domains`.`memid`='".intval($_REQUEST['userid'])."'"; - mysql_query($query); - $query = "update `domains` SET `deleted`=NOW() WHERE `domains`.`memid`='".intval($_REQUEST['userid'])."'"; - mysql_query($query); - $query = "update `emailcerts` SET `revoked`='1970-01-01 10:00:01' WHERE `memid`='".intval($_REQUEST['userid'])."'"; - mysql_query($query); - $query = "update `email` SET `deleted`=NOW() WHERE `memid`='".intval($_REQUEST['userid'])."'"; - mysql_query($query); - $query = "delete from `org` WHERE `memid`='".intval($_REQUEST['userid'])."'"; - mysql_query($query); - $query = "update `users` SET `deleted`=NOW() WHERE `id`='".intval($_REQUEST['userid'])."'"; - mysql_query($query); + if (!isset($_REQUEST['arbitrationno'])){ + echo _("You did not enter an arbitration number."); + exit; } + account_delete($_REQUEST['userid'], $_REQUEST['arbitrationno'], $_SESSION['profile']['id']); } if(($id == 51 || $id == 52 || $oldid == 52) && $_SESSION['profile']['tverify'] <= 0) diff --git a/includes/temp_functions.php b/includes/temp_functions.php new file mode 100644 index 0000000..bd07127 --- /dev/null +++ b/includes/temp_functions.php @@ -0,0 +1,153 @@ +<?php +//just temoprary file to find all function needed for account delete + +function account_email_delete($mailid){ +//deletes an email entry from an acount +//revolkes all certifcates for that email address +//called from www/account.php if($process != "" && $oldid == 2) +//called from www/diputes.php if($type == "reallyemail") / if($action == "accept") + + $query = "select `emailcerts`.`id` + from `emaillink`,`emailcerts` where + emailid`='$mailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and + `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0 + group by `emailcerts`.`id`"; + $dres = mysql_query($query); + while($drow = mysql_fetch_assoc($dres)){ + mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['id']."'"); + } + $query = "update `email` set `deleted`=NOW() where `id`='$mailid'"; + mysql_query($query); +} + +function account_domain_delete($domainid){ +//deletes an domain entry from an acount +//revolkes all certifcates for that domain address +//called from www/account.php if($process != "" && $oldid == 9) +//called from www/diputes.php if($type == "reallydomain") / if($action == "accept") + + $query = "select distinct `domaincerts`.`id` + from `domaincerts`, `domlink` + where `domaincerts`.`domid` = '$domainid' + or ( + `domaincerts`.`id` = `domlink`.`certid` + and `domlink`.`domid` = '$domainid'"; + $dres = mysql_query($query); + while($drow = mysql_fetch_assoc($dres)) + { + mysql_query( + "update `domaincerts` + set `revoked`='1970-01-01 10:00:01' + where `id` = '".$drow['id']."' + and `revoked` = 0 + and UNIX_TIMESTAMP(`expire`) - + UNIX_TIMESTAMP() > 0"); + } + mysql_query( + "update `domains` + set `deleted`=NOW() + where `id` = '$domainid'"); + +} + +function account_delete($id, $arbno, $adminid){ +//deletes an account following the deleted account routnie V3 +// called from www/account.php if($oldid == 50 && $process != "") +//change password + $pool = "abcdefghijklmnopqrstuvwxyz"; + $pool .= "0123456789!()ยง"; + $pool .= "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; + srand ((double)microtime()*1000000); + $password=""; + for($index = 0; $index < 30; $index++) + { + $password .= substr($pool,(rand()%(strlen ($pool))), 1); + } + mysql_query("update `users` set `password`=sha1('".$password."') where `id`='".$id."'"); + +//create new mail for arbitration number + $query = "insert into `email` set `email`='".$arbno."@cacert.org',`memid`='".$id."',`created`=NOW(),`modified`=NOW(), `attempts`=-1"; + mysql_query($query); + $emailid = mysql_insert_id(); + +//set new mail as default + $query = "update `users` set `email`='".$arbno."@cacert.org' where `id`='".$id."'"; + mysql_query($query); + +//delete all other email address + $query = "select * from `email` where `memid`='".$id."' and `memid`='".$emailid."'" ; + $res=mysql_query($query); + while($row = mysql_fetch_assoc(dres)){} + account_email_delete($row['id']); + } + +//delete all domains + $query = "select * from `domains` where `memid`='".$id."'"; + $res=mysql_query($query); + while($row = mysql_fetch_assoc($res)){} + account_email_delete($row['id']); + } +//clear alert settings + mysql_query("update `alerts` set `general`='1' where `memid`='$id'"); + mysql_query("update `alerts` set `country`='1' where `memid`='$id'"); + mysql_query("update `alerts` set `regional`='1' where `memid`='$id'"); + mysql_query("update `alerts` set `radius`='1' where `memid`='$id'"); + +//set default location + $query = "update `users` set `locid`='2256755', `regid`='243', `ccid`='12' where `id`='".$id."'"; + mysql_query($query); + +//clear listings + $query = "update `users` set `listme`=' ',`contactinfo`=' ' where `id`='".$id."'"; + mysql_query($query); + +//set lanuage to default + //set default language + mysql_query("update `users` set `language`='en_AU' where `id`='".$id."'"); + //delete secondary langugaes + mysql_query("delete from `addlang` where `userid`='".$id."'"); + +//change secret questions + for($i=1;$i<=5;$i++){} + $q=""; + $a="" + for($index = 0; $index < 30; $index++) + { + $q .= substr($pool,(rand()%(strlen ($pool))), 1); + $a .= substr($pool,(rand()%(strlen ($pool))), 1); + } + $query = "update `users` set `Q".$i."`='".$q."', + `A".$i."`='".$a."', + where `id`='".$id."'"; + mysql_query($query); + } + +//change personal information to arbitration number and DOB=1900-01-01 + $query = "select `fname`,`mname`,`lname`,`suffix`,`dob` from `users` where `id`='$userid'"; + $details = mysql_fetch_assoc(mysql_query($query)); + $query = "insert into `adminlog` set `when`=NOW(),`old-lname`='${details['lname']}',`old-dob`='${details['dob']}', + `new-lname`='$arbno',`new-dob`='1900-01-01',`uid`='$id',`adminid`='".$adminid."'"; + mysql_query($query); + $query = "update `users` set `fname`='".$arbno."', + `mname`='".$arbno."', + `lname`='".$arbno."', + `suffix`='".$arbno."', + `dob`='1900-01-01' + where `id`='".$id."'"; + mysql_query($query); + +//clear all admin flags + mysql_query("update `users` set `assurer`='0' where `id`='$id'"); + mysql_query("update `users` set `assurer_blocked`='0' where `id`='$id'"); + mysql_query("update `users` set `codesign`='0' where `id`='$id'"); + mysql_query("update `users` set `orgadmin`='0' where `id`='$id'"); + mysql_query("update `users` set `ttpadmin`='0' where `id`='$id'"); + mysql_query("update `users` set `locadmin`='0' where `id`='$id'"); + mysql_query("update `users` set `admin`='0' where `id`='$id'"); + mysql_query("update `users` set `adadmin`='0' where `id`='$id'"); + mysql_query("update `users` set `tverify`='0' where `id`='$id'"); + +//block account + mysql_query("update `users` set `locked`='1' where `id`='$id'"); +} +?> diff --git a/pages/account/50.php b/pages/account/50.php index 1604156..48c8896 100644 --- a/pages/account/50.php +++ b/pages/account/50.php @@ -19,13 +19,17 @@ <form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> - <td colspan="2" class="title"><?=_("Change Password")?></td> + <td colspan="2" class="title"><?=_("Delete Account")?></td> </tr> <tr> <td class="DataTD"><?=_("Email")?>:</td> <td class="DataTD"><b><?=sanitizeHTML($_REQUEST['email'])?></b></td> </tr> <tr> + <td class="DataTD"><?=_("Username from arbitration number.")?>:</td> + <td class="DataTD"><input type="text" name="arbitrationno"></td> + </tr> + <tr> <td class="DataTD" colspan="2"><?=_("Are you sure you want to delete this user, while not actually deleting the account it will completely disable it and revoke any/all certificates currently issued.")?></td> </tr> <tr> diff --git a/www/disputes.php b/www/disputes.php index 5b78c1e..3eec20b 100644 --- a/www/disputes.php +++ b/www/disputes.php @@ -17,7 +17,8 @@ */ ?> <? require_once("../includes/loggedin.php"); - + require_once("../includes/temp_functions.php"); + loadem("account"); $type=""; if(array_key_exists('type',$_REQUEST)) $type=$_REQUEST['type']; @@ -58,24 +59,13 @@ { $row = mysql_fetch_assoc($res); echo $row['email']."<br>\n"; - $query = "select `emailcerts`.`id` - from `emaillink`,`emailcerts` where - `emailid`='$emailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and - `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0 - group by `emailcerts`.`id`"; - $dres = mysql_query($query); - while($drow = mysql_fetch_assoc($dres)) - mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($drow['id'])."'"); - - $do = `../scripts/runclient`; - $query = "update `email` set `deleted`=NOW() where `id`='".intval($emailid)."'"; - mysql_query($query); + account_email_delete($row['id']); } mysql_query("update `disputeemail` set hash='',action='accept' where `id`='$emailid'"); - $rc = mysql_num_rows(mysql_query("select * from `domains` where `memid`='$oldmemid' and `deleted`=0")); - $rc = mysql_num_rows(mysql_query("select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'")); - $res = mysql_query("select * from `users` where `id`='$oldmemid'"); - $user = mysql_fetch_assoc($res); + $rc = mysql_num_rows(mysql_query("select * from `domains` where `memid`='$oldmemid' and `deleted`=0")); + $rc = mysql_num_rows(mysql_query("select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'")); + $res = mysql_query("select * from `users` where `id`='$oldmemid'"); + $user = mysql_fetch_assoc($res); if($rc == 0 && $rc2 == 0 && $_SESSION['_config']['email'] == $user['email']) { mysql_query("update `users` set `deleted`=NOW() where `id`='$oldmemid'"); @@ -160,18 +150,13 @@ showheader(_("Domain Dispute")); echo "<p>"._("You have opted to accept this dispute and the request will now remove this domain from the existing account, and revoke any current certificates.")."</p>"; echo "<p>"._("The following accounts have been removed:")."<br>\n"; + //new account_domain_delete($domainid, $memberID) $query = "select * from `domains` where `id`='$domainid' and deleted=0"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { - echo $_SESSION['_config']['domain']."<br>\n"; - mysql_query("update `domains` set `deleted`=NOW() where `id`='$domainid'"); - $query = "select * from `domlink` where `domid`='$domainid'"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) - mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['certid']."' and `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0"); - $do = `../scripts/runserver`; - } + echo $_SESSION['_config']['domain']."<br>\n"; + account_domain_delete($domainid); mysql_query("update `disputedomain` set hash='',action='accept' where `id`='$domainid'"); showfooter(); exit; |