diff options
| author | INOPIAE <inopiae@cacert.org> | 2013-01-08 22:01:43 +0100 |
|---|---|---|
| committer | INOPIAE <inopiae@cacert.org> | 2013-01-08 22:01:43 +0100 |
| commit | dbf07cf3dfba195693f6c86165c183e4aaf75fc3 (patch) | |
| tree | ce50fad4532ab778122d19a2e59d474973d5eabb | |
| parent | d8b91ede479cb6095b302d72d15e3bafc87b3aef (diff) | |
| download | cacert-devel-dbf07cf3dfba195693f6c86165c183e4aaf75fc3.tar.gz cacert-devel-dbf07cf3dfba195693f6c86165c183e4aaf75fc3.tar.xz cacert-devel-dbf07cf3dfba195693f6c86165c183e4aaf75fc3.zip | |
bug 893: Added email check to includes/temp_functions.php and exchanged the function in includes/account.php
| -rw-r--r-- | includes/account.php | 164 | ||||
| -rw-r--r-- | includes/temp_functions.php | 26 |
2 files changed, 105 insertions, 85 deletions
diff --git a/includes/account.php b/includes/account.php index 5ac5a6a..72159fb 100644 --- a/includes/account.php +++ b/includes/account.php @@ -10,7 +10,7 @@ but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA @@ -19,7 +19,7 @@ require_once("../includes/lib/l10n.php"); require_once('lib/check_weak_key.php'); require_once("../includes/temp_functions.php"); - + loadem("account"); $id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']); @@ -71,9 +71,7 @@ } $oldid=0; $_REQUEST['email'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['newemail']))); - $query = "select * from `email` where `email`='".$_REQUEST['email']."' and `deleted`=0"; - $res = mysql_query($query); - if(mysql_num_rows($res) > 0) + if(check_email_exists($_REQUEST['email'])==true) { showheader(_("My CAcert.org Account!")); printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['email'])); @@ -84,7 +82,7 @@ if($checkemail != "OK") { showheader(_("My CAcert.org Account!")); - if (substr($checkemail, 0, 1) == "4") + if (substr($checkemail, 0, 1) == "4") { echo "<p>"._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."</p>\n"; } else { @@ -306,9 +304,9 @@ showfooter(); exit; } - + $query = "insert into emailcerts set - `CN`='$defaultemail', + `CN`='$defaultemail', `keytype`='NS', `memid`='".intval($_SESSION['profile']['id'])."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), @@ -338,7 +336,7 @@ } else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype'] == "VI") { if($csr == "") $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."\n-----END CERTIFICATE REQUEST-----\n"; - + if (($weakKey = checkWeakKeyCSR($csr)) !== "") { $id = 4; @@ -347,7 +345,7 @@ showfooter(); exit; } - + $tmpfname = tempnam("/tmp", "id4CSR"); $fp = fopen($tmpfname, "w"); fputs($fp, $csr); @@ -406,8 +404,8 @@ showfooter(); exit; } - $query = "insert into emailcerts set - `CN`='$defaultemail', + $query = "insert into emailcerts set + `CN`='$defaultemail', `keytype`='".sanitizeHTML($_REQUEST['keytype'])."', `memid`='".$_SESSION['profile']['id']."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), @@ -565,7 +563,7 @@ { showheader(_("My CAcert.org Account!")); //echo "<p>"._("Email Address given was invalid, or a test connection couldn't be made to your server, or the server rejected the email address as invalid")."</p>\n"; - if (substr($checkemail, 0, 1) == "4") + if (substr($checkemail, 0, 1) == "4") { echo "<p>"._("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.")."</p>\n"; } else { @@ -634,7 +632,7 @@ // In case the CSR is missing the ---BEGIN lines, add them automatically: $CSR = "-----BEGIN CERTIFICATE REQUEST-----\n".$CSR."\n-----END CERTIFICATE REQUEST-----\n"; } - + if (($weakKey = checkWeakKeyCSR($CSR)) !== "") { showheader(_("My CAcert.org Account!")); @@ -642,7 +640,7 @@ showfooter(); exit; } - + $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id10CSR"); $fp = fopen($_SESSION['_config']['tmpfname'], "w"); fputs($fp, $CSR); @@ -687,7 +685,7 @@ showfooter(); exit; } - + if (($weakKey = checkWeakKeyCSR(file_get_contents( $_SESSION['_config']['tmpfname']))) !== "") { @@ -696,7 +694,7 @@ showfooter(); exit; } - + $id = 11; if($_SESSION['_config']['0.CN'] == "" && $_SESSION['_config']['0.subjectAltName'] == "") { @@ -740,13 +738,13 @@ if(array_key_exists('0',$_SESSION['_config']['rowid']) && $_SESSION['_config']['rowid']['0'] > 0) { - $query = "insert into `domaincerts` set + $query = "insert into `domaincerts` set `CN`='".mysql_real_escape_string($_SESSION['_config']['rows']['0'])."', `domid`='".mysql_real_escape_string($_SESSION['_config']['rowid']['0'])."', `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."', `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."'"; } elseif(array_key_exists('0',$_SESSION['_config']['altid']) && $_SESSION['_config']['altid']['0'] > 0) { - $query = "insert into `domaincerts` set + $query = "insert into `domaincerts` set `CN`='".mysql_real_escape_string($_SESSION['_config']['altrows']['0'])."', `domid`='".mysql_real_escape_string($_SESSION['_config']['altid']['0'])."', `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."', @@ -812,24 +810,24 @@ printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br/>\n", $id); continue; } - + $row = mysql_fetch_assoc($res); - + if (($weakKey = checkWeakKeyX509(file_get_contents( $row['crt_name']))) !== "") { echo $weakKey, "<br/>\n"; continue; } - + mysql_query("update `domaincerts` set `renewed`='1' where `id`='$id'"); - $query = "insert into `domaincerts` set - `domid`='".$row['domid']."', + $query = "insert into `domaincerts` set + `domid`='".$row['domid']."', `CN`='".mysql_real_escape_string($row['CN'])."', `subject`='".mysql_real_escape_string($row['subject'])."',". //`csr_name`='".$row['csr_name']."', // RACE CONDITION "`created`='".$row['created']."', - `modified`=NOW(), + `modified`=NOW(), `rootcert`='".$row['rootcert']."', `type`='".$row['type']."', `pkhash`='".$row['pkhash']."'"; @@ -913,7 +911,7 @@ foreach($_REQUEST['revokeid'] as $id) { $id = intval($id); - $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains` + $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`revoked`) as `revoke` from `domaincerts`,`domains` where `domaincerts`.`id`='$id' and `domaincerts`.`domid`=`domains`.`id` and `domains`.`memid`='".$_SESSION['profile']['id']."'"; @@ -944,7 +942,7 @@ foreach($_REQUEST['delid'] as $id) { $id = intval($id); - $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired` from `domaincerts`,`domains` + $query = "select *,UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired` from `domaincerts`,`domains` where `domaincerts`.`id`='$id' and `domaincerts`.`domid`=`domains`.`id` and `domains`.`memid`='".$_SESSION['profile']['id']."'"; @@ -979,7 +977,7 @@ foreach($_REQUEST['revokeid'] as $id) { $id = intval($id); - $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts` + $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts` where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) @@ -987,24 +985,24 @@ printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id); continue; } - + $row = mysql_fetch_assoc($res); - + if (($weakKey = checkWeakKeyX509(file_get_contents( $row['crt_name']))) !== "") { echo $weakKey, "<br/>\n"; continue; } - + mysql_query("update `emailcerts` set `renewed`='1' where `id`='$id'"); - $query = "insert into emailcerts set - `memid`='".$row['memid']."', + $query = "insert into emailcerts set + `memid`='".$row['memid']."', `CN`='".mysql_real_escape_string($row['CN'])."', `subject`='".mysql_real_escape_string($row['subject'])."', - `keytype`='".$row['keytype']."', - `csr_name`='".$row['csr_name']."', - `created`='".$row['created']."', + `keytype`='".$row['keytype']."', + `csr_name`='".$row['csr_name']."', + `created`='".$row['created']."', `modified`=NOW(), `disablelogin`='".$row['disablelogin']."', `codesign`='".$row['codesign']."', @@ -1052,7 +1050,7 @@ foreach($_REQUEST['revokeid'] as $id) { $id = intval($id); - $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts` + $query = "select *,UNIX_TIMESTAMP(`revoked`) as `revoke` from `emailcerts` where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) @@ -1081,7 +1079,7 @@ foreach($_REQUEST['delid'] as $id) { $id = intval($id); - $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `emailcerts` + $query = "select *,UNIX_TIMESTAMP(`expire`) as `expired` from `emailcerts` where `id`='$id' and `memid`='".$_SESSION['profile']['id']."'"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) @@ -1196,7 +1194,7 @@ $ddres = mysql_query($ddquery); $ddrow = mysql_fetch_assoc($ddres); $_SESSION['profile']['points'] = $ddrow['total']; - + if($_SESSION['profile']['points'] == 0) { $_SESSION['_config']['user']['fname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['fname'])))); @@ -1248,7 +1246,7 @@ where `id`='".$_SESSION['profile']['id']."'"; mysql_query($query); - //!!!Should be rewritten + //!!!Should be rewritten $_SESSION['_config']['user']['otphash'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otphash'])))); $_SESSION['_config']['user']['otppin'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otppin'])))); if($_SESSION['_config']['user']['otphash'] != "" && $_SESSION['_config']['user']['otppin'] != "") @@ -1445,9 +1443,9 @@ showfooter(); exit; } - - $query = "insert into `orgemailcerts` set - `CN`='$defaultemail', + + $query = "insert into `orgemailcerts` set + `CN`='$defaultemail', `keytype`='NS', `orgid`='".$org['orgid']."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), @@ -1476,7 +1474,7 @@ mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'"); } else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype']=="VI") { $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."-----END CERTIFICATE REQUEST-----\n"; - + if (($weakKey = checkWeakKeyCSR($csr)) !== "") { $id = 17; @@ -1485,7 +1483,7 @@ showfooter(); exit; } - + $tmpfname = tempnam("/tmp", "id17CSR"); $fp = fopen($tmpfname, "w"); fputs($fp, $csr); @@ -1535,8 +1533,8 @@ if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) $_SESSION['_config']['rootcert'] = 1; - $query = "insert into `orgemailcerts` set - `CN`='$defaultemail', + $query = "insert into `orgemailcerts` set + `CN`='$defaultemail', `keytype`='" . sanitizeHTML($_REQUEST['keytype']) . "', `orgid`='".$org['orgid']."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), @@ -1592,29 +1590,29 @@ printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id); continue; } - + $row = mysql_fetch_assoc($res); - + if (($weakKey = checkWeakKeyX509(file_get_contents( $row['crt_name']))) !== "") { echo $weakKey, "<br/>\n"; continue; } - + mysql_query("update `orgemailcerts` set `renewed`='1' where `id`='$id'"); if($row['revoke'] > 0) { printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']); continue; } - $query = "insert into `orgemailcerts` set - `orgid`='".$row['orgid']."', + $query = "insert into `orgemailcerts` set + `orgid`='".$row['orgid']."', `CN`='".$row['CN']."', `subject`='".$row['subject']."', - `keytype`='".$row['keytype']."', - `csr_name`='".$row['csr_name']."', - `created`='".$row['created']."', + `keytype`='".$row['keytype']."', + `csr_name`='".$row['csr_name']."', + `created`='".$row['created']."', `modified`=NOW(), `codesign`='".$row['codesign']."', `rootcert`='".$row['rootcert']."'"; @@ -1712,7 +1710,7 @@ if($process != "" && $oldid == 20) { $CSR = clean_csr($_REQUEST['CSR']); - + if (($weakKey = checkWeakKeyCSR($CSR)) !== "") { $id = 20; @@ -1721,7 +1719,7 @@ showfooter(); exit; } - + $_SESSION['_config']['tmpfname'] = tempnam("/tmp", "id20CSR"); $fp = fopen($_SESSION['_config']['tmpfname'], "w"); fputs($fp, $CSR); @@ -1771,7 +1769,7 @@ if($process != "" && $oldid == 21) { $id = 21; - + if(!file_exists($_SESSION['_config']['tmpfname'])) { showheader(_("My CAcert.org Account!")); @@ -1779,7 +1777,7 @@ showfooter(); exit; } - + if (($weakKey = checkWeakKeyCSR(file_get_contents( $_SESSION['_config']['tmpfname']))) !== "") { @@ -1828,7 +1826,7 @@ if(is_array($_SESSION['_config']['rows'])) foreach($_SESSION['_config']['rows'] as $row) $csrsubject .= "/commonName=$row"; - $SAN=""; + $SAN=""; if(is_array($_SESSION['_config']['altrows'])) foreach($_SESSION['_config']['altrows'] as $subalt) { @@ -1847,7 +1845,7 @@ if($_SESSION['_config']['rowid']['0'] > 0) { - $query = "insert into `orgdomaincerts` set + $query = "insert into `orgdomaincerts` set `CN`='".$_SESSION['_config']['rows']['0']."', `orgid`='".$org['id']."', `created`=NOW(), @@ -1855,7 +1853,7 @@ `rootcert`='".$_SESSION['_config']['rootcert']."', `type`='$type'"; } else { - $query = "insert into `orgdomaincerts` set + $query = "insert into `orgdomaincerts` set `CN`='".$_SESSION['_config']['altrows']['0']."', `orgid`='".$org['id']."', `created`=NOW(), @@ -1913,29 +1911,29 @@ printf(_("Invalid ID '%s' presented, can't do anything with it.")."<br>\n", $id); continue; } - + $row = mysql_fetch_assoc($res); - + if (($weakKey = checkWeakKeyX509(file_get_contents( $row['crt_name']))) !== "") { echo $weakKey, "<br/>\n"; continue; } - + mysql_query("update `orgdomaincerts` set `renewed`='1' where `id`='$id'"); if($row['revoke'] > 0) { printf(_("It would seem '%s' has already been revoked. I'll skip this for now.")."<br>\n", $row['CN']); continue; } - $query = "insert into `orgdomaincerts` set - `orgid`='".$row['orgid']."', + $query = "insert into `orgdomaincerts` set + `orgid`='".$row['orgid']."', `CN`='".$row['CN']."', - `csr_name`='".$row['csr_name']."', + `csr_name`='".$row['csr_name']."', `created`='".$row['created']."', - `modified`=NOW(), - `subject`='".$row['subject']."', + `modified`=NOW(), + `subject`='".$row['subject']."', `type`='".$row['type']."', `rootcert`='".$row['rootcert']."'"; mysql_query($query); @@ -2149,7 +2147,7 @@ if(($oldid == 29 || $oldid == 30) && $process != "") // _("Cancel") is handled in front of account.php { - $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where + $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where `orgdomlink`.`orgdomid`=`orgdomains`.`id` and `orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and `orgdomains`.`id`='".intval($domid)."'"; @@ -2157,7 +2155,7 @@ while($row = mysql_fetch_assoc($res)) mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'"); - $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where + $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where `orgemaillink`.`domid`=`orgdomains`.`id` and `orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and `orgdomains`.`id`='".intval($domid)."'"; @@ -2201,7 +2199,7 @@ $dres = mysql_query($query); while($drow = mysql_fetch_assoc($dres)) { - $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where + $query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where `orgdomlink`.`orgdomid`=`orgdomains`.`id` and `orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and `orgdomains`.`id`='".intval($drow['id'])."'"; @@ -2213,7 +2211,7 @@ mysql_query("delete from `orgdomlink` where `domid`='".intval($row['id'])."'"); } - $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where + $query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where `orgemaillink`.`domid`=`orgdomains`.`id` and `orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and `orgdomains`.`id`='".intval($drow['id'])."'"; @@ -2428,7 +2426,7 @@ exit; } - if($oldid == 54 || ($id == 53 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "") || + if($oldid == 54 || ($id == 53 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "") || ($id == 54 && array_key_exists('action',$_REQUEST) && $_REQUEST['action'] != "" && $_REQUEST['action'] != "aliases" && $_REQUEST['action'] != "edit" && $_REQUEST['action'] != "add")) { @@ -2645,7 +2643,7 @@ showfooter(); exit; } - + if (($weakKey = checkWeakKeyCSR($CSR)) !== "") { showheader(_("My CAcert.org Account!")); @@ -2654,7 +2652,7 @@ exit; } - $query = "insert into `domaincerts` set + $query = "insert into `domaincerts` set `CN`='".$_SESSION['_config']['0.CN']."', `domid`='".$_SESSION['_config']['row']['id']."', `created`=NOW()"; @@ -2718,7 +2716,7 @@ if($id == 43 && array_key_exists('locked',$_REQUEST) && $_REQUEST['locked'] > 0) { - csrf_check('admactlock'); + csrf_check('admactlock'); $memid = $_REQUEST['userid'] = intval($_REQUEST['locked']); $query = "select * from `users` where `id`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); @@ -2843,10 +2841,14 @@ if($oldid == 50 && $process != "") { $_REQUEST['userid'] = intval($_REQUEST['userid']); - if (!isset($_REQUEST['arbitrationno'])){ + if (trim($_REQUEST['arbitrationno'])==""){ echo _("You did not enter an arbitration number."); exit; } + if (check_email_exists($_REQUEST['arbitrationno'].'@cacert.org')==true) { + printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['arbitrationno'].'@cacert.org')); + exit; + } account_delete($_REQUEST['userid'], $_REQUEST['arbitrationno'], $_SESSION['profile']['id']); } @@ -2931,7 +2933,7 @@ while($row = mysql_fetch_assoc($res)) $body .= $row['comment']."\n"; $body .= "\n"; - + $body .= _("Best regards")."\n"; $body .= _("CAcert Support Team"); sendmail($user['email'], "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "support@cacert.org", "", "CAcert Tverify"); @@ -2952,7 +2954,7 @@ $body .= "\n"; $body .= _("You are welcome to try submitting another request at any time in the future, please make sure you take the reviewer comments into consideration or you risk having your application rejected again.")."\n\n"; - + $body .= _("Best regards")."\n"; $body .= _("CAcert Support Team"); sendmail($user['email'], "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "support@cacert.org", "", "CAcert Tverify"); diff --git a/includes/temp_functions.php b/includes/temp_functions.php index 319d34f..764ef57 100644 --- a/includes/temp_functions.php +++ b/includes/temp_functions.php @@ -6,8 +6,9 @@ function account_email_delete($mailid){ //revolkes all certifcates for that email address //called from www/account.php if($process != "" && $oldid == 2) //called from www/diputes.php if($type == "reallyemail") / if($action == "accept") +//called from account_delete - $query = "select `emailcerts`.`id` + $query = "select `emailcerts`.`id` from `emaillink`,`emailcerts` where `emailid`='$mailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0 @@ -25,6 +26,7 @@ function account_domain_delete($domainid){ //revolkes all certifcates for that domain address //called from www/account.php if($process != "" && $oldid == 9) //called from www/diputes.php if($type == "reallydomain") / if($action == "accept") +//called from account_delete $query = "select distinct `domaincerts`.`id` from `domaincerts`, `domlink` @@ -50,7 +52,7 @@ function account_domain_delete($domainid){ } function account_delete($id, $arbno, $adminid){ -//deletes an account following the deleted account routnie V3 +//deletes an account following the deleted account routnie V3 // called from www/account.php if($oldid == 50 && $process != "") //change password @@ -108,7 +110,7 @@ function account_delete($id, $arbno, $adminid){ //delete secondary langugaes mysql_query("delete from `addlang` where `userid`='".$id."'"); -//change secret questions +//change secret questions for($i=1;$i<=5;$i++){ $q=""; $a=""; @@ -135,7 +137,7 @@ function account_delete($id, $arbno, $adminid){ where `id`='".$id."'"; mysql_query($query); -//clear all admin flags +//clear all admin and board flags mysql_query("update `users` set `assurer`='0' where `id`='$id'"); mysql_query("update `users` set `assurer_blocked`='0' where `id`='$id'"); mysql_query("update `users` set `codesign`='0' where `id`='$id'"); @@ -145,9 +147,25 @@ function account_delete($id, $arbno, $adminid){ mysql_query("update `users` set `admin`='0' where `id`='$id'"); mysql_query("update `users` set `adadmin`='0' where `id`='$id'"); mysql_query("update `users` set `tverify`='0' where `id`='$id'"); + mysql_query("update `users` set `board`='0' where `id`='$id'"); //block account mysql_query("update `users` set `locked`='1' where `id`='$id'"); } + +function check_email_exists($email){ +// called from includes/account.php if($process != "" && $oldid == 1) +// called from includes/account.php if($oldid == 50 && $process != "") + + $query = "select * from `email` where `email`='$email' and `deleted`=0"; + $res = mysql_query($query); + if(mysql_num_rows($res) > 0) + { + return true; + }else{ + return false; + } + +} ?> |