summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorINOPIAE <inopiae@cacert.org>2013-02-20 00:49:48 +0100
committerINOPIAE <inopiae@cacert.org>2013-02-20 00:49:48 +0100
commitf25e34aa0700891f3c5b7ea2dceb2d38bfbbb1b5 (patch)
tree76acb703ac34febb0e2527f58bdab0943d84d9d6
parent4a7afbc30acb170f7ff3517d5450c7e0bec43fe2 (diff)
downloadcacert-devel-f25e34aa0700891f3c5b7ea2dceb2d38bfbbb1b5.tar.gz
cacert-devel-f25e34aa0700891f3c5b7ea2dceb2d38bfbbb1b5.tar.xz
cacert-devel-f25e34aa0700891f3c5b7ea2dceb2d38bfbbb1b5.zip
bug 1008: changed query and user output
-rw-r--r--pages/account/58.php21
1 files changed, 11 insertions, 10 deletions
diff --git a/pages/account/58.php b/pages/account/58.php
index 20e0b59..233f37c 100644
--- a/pages/account/58.php
+++ b/pages/account/58.php
@@ -16,30 +16,31 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
-require_once(dirname(__FILE__).'/../../includes/notary.inc.php');
-
if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST) || intval($_REQUEST['userid']) < 1) {
echo _('You do not have access to this page');
} else {
$user_id = intval($_REQUEST['userid']);
- $query = "select * from `users` where `id`='$user_id' and `users`.`deleted`=0";
+ $query = "select `users`.`fname`, `users`.`mname`, `users`.`lname`, from `users` where `id`='$user_id' and `users`.`deleted`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0){
echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
} else {
- $query = "select `users`.`fname`, `users`.`mname`, `users`.`lname`, `orginfo`.`o`, `org`.`masteracc`
- FROM `users`, `orginfo`, `org`
- WHERE `users`.`id` = `org`.`memid` AND `orginfo`.`id` = `org`.`orgid`
+ while($row = mysql_fetch_assoc($res)){
+ $username=sanitizeHTML($row['fname']).' '.sanitizeHTML($row['mname']).' '.sanitizeHTML($row['lname']);
+ }
+ $query = "select `orginfo`.`o`, `org`.`masteracc`
+ FROM `orginfo`, `org`
+ WHERE `orginfo`.`id` = `org`.`orgid`
AND `users`.`id`='$user_id' order by `orginfo`.`o`";
- $res = mysql_query($query);?>
+ $res1 = mysql_query($query);?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"><?
- if (mysql_num_rows($res) <= 0) {?>
+ if (mysql_num_rows($res1) <= 0) {?>
<tr>
- <td colspan="2" class="title"><?=sprintf(_('%s %s %s is not listed as Organisation Administrator'),sanitizeHTML($row['fname']),sanitizeHTML($row['mname']),sanitizeHTML($row['lname']))?></td>
+ <td colspan="2" class="title"><?=sprintf(_('%s is not listed as Organisation Administrator'), $username)?></td>
</tr>
<?}else{?>
<tr>
- <td colspan="2" class="title"><?=sprintf(_('%s %s %s is listed as Organisation Administrator for:'),sanitizeHTML($row['fname']),sanitizeHTML($row['mname']),sanitizeHTML($row['lname']))?></td>
+ <td colspan="2" class="title"><?=sprintf(_('%s is listed as Organisation Administrator for:'), $username)?></td>
</tr>
<tr>
<td class="DataTD"><b><?=_('Organisation')?></b></td>