Merge branch 'bug-893' into bug-1136

Conflicts:
        includes/notary.inc.php

Signed-off-by: Michael Tänzer <neo@nhng.de>

2 files changed, 33 insertions, 27 deletions

diff --git a/includes/account.php b/includes/account.php
index 76de567..eae7500 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -2976,11 +2976,11 @@
 		}
 		if ( 1 !== preg_match('/^[a-z]\d{8}\.\d+\.\d+$/i',trim($_REQUEST['arbitrationno'])) ) {
 			showheader(_("My CAcert.org Account!"));
-			echo _("You did not enter an arbitration number entry.");
+			printf(_("'%s' is not a valid arbitration number entry."), sanitizeHTML(trim($_REQUEST['arbitrationno'])));
 			showfooter();
 			exit;
 		}
-		if (check_email_exists($_REQUEST['arbitrationno'].'@cacert.org')) {
+		if (check_email_exists(trim($_REQUEST['arbitrationno']).'@cacert.org')) {
 			showheader(_("My CAcert.org Account!"));
 			printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['arbitrationno'].'@cacert.org'));
 			showfooter();
@@ -3000,7 +3000,7 @@
 			showfooter();
 			exit;
 		}
-		account_delete($_REQUEST['userid'], $_REQUEST['arbitrationno'], $_SESSION['profile']['id']);
+		account_delete($_REQUEST['userid'], trim($_REQUEST['arbitrationno']), $_SESSION['profile']['id']);
 	}
 
 	if(($id == 51 || $id == 52 || $oldid == 52) && $_SESSION['profile']['tverify'] <= 0)
diff --git a/includes/notary.inc.php b/includes/notary.inc.php
index 55f731c..1ca6ba1 100644
--- a/includes/notary.inc.php
+++ b/includes/notary.inc.php
@@ -838,24 +838,27 @@
 		mysql_query($query);
 
 	//delete all other email address
-		$query = "select * from `email` where `memid`='".$id."' and `id`!='".$emailid."'" ;
+		$query = "select `id` from `email` where `memid`='".$id."' and `id`!='".$emailid."'" ;
 		$res=mysql_query($query);
 		while($row = mysql_fetch_assoc($res)){
 			account_email_delete($row['id']);
 		}
 
 	//delete all domains
-		$query = "select * from `domains` where `memid`='".$id."'";
+		$query = "select `id` from `domains` where `memid`='".$id."'";
 		$res=mysql_query($query);
 		while($row = mysql_fetch_assoc($res)){
 			account_domain_delete($row['id']);
 		}
 
 	//clear alert settings
-		mysql_query("update `alerts` set `general`='0' where `memid`='$id'");
-		mysql_query("update `alerts` set `country`='0' where `memid`='$id'");
-		mysql_query("update `alerts` set `regional`='0' where `memid`='$id'");
-		mysql_query("update `alerts` set `radius`='0' where `memid`='$id'");
+		mysql_query(
+			"update `alerts` set
+				`general`='0',
+				`country`='0',
+				`regional`='0',
+				`radius`='0'
+			where `memid`='$id'");
 
 	//set default location
 		$query = "update `users` set `locid`='2256755', `regid`='243', `ccid`='12' where `id`='".$id."'";
@@ -899,16 +902,19 @@
 		mysql_query($query);
 
 	//clear all admin and board flags
-		mysql_query("update `users` set `assurer`='0' where `id`='$id'");
-		mysql_query("update `users` set `assurer_blocked`='0' where `id`='$id'");
-		mysql_query("update `users` set `codesign`='0' where `id`='$id'");
-		mysql_query("update `users` set `orgadmin`='0' where `id`='$id'");
-		mysql_query("update `users` set `ttpadmin`='0' where `id`='$id'");
-		mysql_query("update `users` set `locadmin`='0' where `id`='$id'");
-		mysql_query("update `users` set `admin`='0' where `id`='$id'");
-		mysql_query("update `users` set `adadmin`='0' where `id`='$id'");
-		mysql_query("update `users` set `tverify`='0' where `id`='$id'");
-		mysql_query("update `users` set `board`='0' where `id`='$id'");
+		mysql_query(
+			"update `users` set
+				`assurer`='0',
+				`assurer_blocked`='0',
+				`codesign`='0',
+				`orgadmin`='0',
+				`ttpadmin`='0',
+				`locadmin`='0',
+				`admin`='0',
+				`adadmin`='0',
+				`tverify`='0',
+				`board`='0'
+			where `id`='$id'");
 
 	//block account
 		mysql_query("update `users` set `locked`='1' where `id`='$id'");  //, `deleted`=Now()
@@ -942,11 +948,11 @@
 		// called from includes/account.php	if($oldid == 50 && $process != "")
 		$uid = intval($uid);
 		if (0==$cca) {
-			$query1 = "select 1 from `domiancerts` where `memid`='$uid' and `expire`>NOW()";
-			$query2 = "select 1 from `domiancerts` where `memid`='$uid' and `revoked`>NOW()";
+			$query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>NOW() and `revoked`<`created`";
+			$query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>NOW()";
 		}else{
-			$query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>NOW()+90*86400";
-			$query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>NOW()+90*86400";
+			$query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>(NOW()-90*86400)  and `revoked`<`created`";
+			$query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>(NOW()-90*86400)";
 		}
 		$res = mysql_query($query1);
 		$r1 = mysql_num_rows($res)>0;
@@ -960,11 +966,11 @@
 		// called from includes/account.php	if($oldid == 50 && $process != "")
 		$uid = intval($uid);
 		if (0==$cca) {
-			$query1 = "select 1 from `domiancerts` where `memid`='$uid' and `expire`>NOW()";
-			$query2 = "select 1 from `domiancerts` where `memid`='$uid' and `revoked`>NOW()";
+			$query1 = "select 1 from `domaincerts` where `memid`='$uid' and `expire`>NOW() and `revoked`<`created`";
+			$query2 = "select 1 from `domaincerts` where `memid`='$uid' and `revoked`>NOW()";
 		}else{
-			$query1 = "select 1 from `domiancerts` where `memid`='$uid' and `expire`>NOW()+90*86400";
-			$query2 = "select 1 from `domiancerts` where `memid`='$uid' and `revoked`>NOW()+90*86400";
+			$query1 = "select 1 from `domaincerts` where `memid`='$uid' and `expire`>(NOW()-90*86400)  and `revoked`<`created`";
+			$query2 = "select 1 from `domaincerts` where `memid`='$uid' and `revoked`>(NOW()-90*86400)";
 		}
 		$res = mysql_query($query1);
 		$r1 = mysql_num_rows($res)>0;