diff options
author | Michael Tänzer <neo@nhng.de> | 2013-08-06 23:09:32 +0200 |
---|---|---|
committer | Michael Tänzer <neo@nhng.de> | 2013-08-06 23:56:07 +0200 |
commit | 0a982f8ba01b5b47230d7a16aaa624bb9e340207 (patch) | |
tree | b1e23a43702c453e15a7284c0b9d40a02b16b4b0 | |
parent | 3cbac6cc51939d04ee6adadcaf07d5b27947d5dc (diff) | |
parent | 945f334cc612b6f853d926163815f71242ea342a (diff) | |
download | cacert-devel-0a982f8ba01b5b47230d7a16aaa624bb9e340207.tar.gz cacert-devel-0a982f8ba01b5b47230d7a16aaa624bb9e340207.tar.xz cacert-devel-0a982f8ba01b5b47230d7a16aaa624bb9e340207.zip |
Merge branch 'bug-893' into bug-1136
Conflicts:
includes/notary.inc.php
Signed-off-by: Michael Tänzer <neo@nhng.de>
-rw-r--r-- | includes/account.php | 6 | ||||
-rw-r--r-- | includes/notary.inc.php | 54 |
2 files changed, 33 insertions, 27 deletions
diff --git a/includes/account.php b/includes/account.php index 76de567..eae7500 100644 --- a/includes/account.php +++ b/includes/account.php @@ -2976,11 +2976,11 @@ } if ( 1 !== preg_match('/^[a-z]\d{8}\.\d+\.\d+$/i',trim($_REQUEST['arbitrationno'])) ) { showheader(_("My CAcert.org Account!")); - echo _("You did not enter an arbitration number entry."); + printf(_("'%s' is not a valid arbitration number entry."), sanitizeHTML(trim($_REQUEST['arbitrationno']))); showfooter(); exit; } - if (check_email_exists($_REQUEST['arbitrationno'].'@cacert.org')) { + if (check_email_exists(trim($_REQUEST['arbitrationno']).'@cacert.org')) { showheader(_("My CAcert.org Account!")); printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['arbitrationno'].'@cacert.org')); showfooter(); @@ -3000,7 +3000,7 @@ showfooter(); exit; } - account_delete($_REQUEST['userid'], $_REQUEST['arbitrationno'], $_SESSION['profile']['id']); + account_delete($_REQUEST['userid'], trim($_REQUEST['arbitrationno']), $_SESSION['profile']['id']); } if(($id == 51 || $id == 52 || $oldid == 52) && $_SESSION['profile']['tverify'] <= 0) diff --git a/includes/notary.inc.php b/includes/notary.inc.php index 55f731c..1ca6ba1 100644 --- a/includes/notary.inc.php +++ b/includes/notary.inc.php @@ -838,24 +838,27 @@ mysql_query($query); //delete all other email address - $query = "select * from `email` where `memid`='".$id."' and `id`!='".$emailid."'" ; + $query = "select `id` from `email` where `memid`='".$id."' and `id`!='".$emailid."'" ; $res=mysql_query($query); while($row = mysql_fetch_assoc($res)){ account_email_delete($row['id']); } //delete all domains - $query = "select * from `domains` where `memid`='".$id."'"; + $query = "select `id` from `domains` where `memid`='".$id."'"; $res=mysql_query($query); while($row = mysql_fetch_assoc($res)){ account_domain_delete($row['id']); } //clear alert settings - mysql_query("update `alerts` set `general`='0' where `memid`='$id'"); - mysql_query("update `alerts` set `country`='0' where `memid`='$id'"); - mysql_query("update `alerts` set `regional`='0' where `memid`='$id'"); - mysql_query("update `alerts` set `radius`='0' where `memid`='$id'"); + mysql_query( + "update `alerts` set + `general`='0', + `country`='0', + `regional`='0', + `radius`='0' + where `memid`='$id'"); //set default location $query = "update `users` set `locid`='2256755', `regid`='243', `ccid`='12' where `id`='".$id."'"; @@ -899,16 +902,19 @@ mysql_query($query); //clear all admin and board flags - mysql_query("update `users` set `assurer`='0' where `id`='$id'"); - mysql_query("update `users` set `assurer_blocked`='0' where `id`='$id'"); - mysql_query("update `users` set `codesign`='0' where `id`='$id'"); - mysql_query("update `users` set `orgadmin`='0' where `id`='$id'"); - mysql_query("update `users` set `ttpadmin`='0' where `id`='$id'"); - mysql_query("update `users` set `locadmin`='0' where `id`='$id'"); - mysql_query("update `users` set `admin`='0' where `id`='$id'"); - mysql_query("update `users` set `adadmin`='0' where `id`='$id'"); - mysql_query("update `users` set `tverify`='0' where `id`='$id'"); - mysql_query("update `users` set `board`='0' where `id`='$id'"); + mysql_query( + "update `users` set + `assurer`='0', + `assurer_blocked`='0', + `codesign`='0', + `orgadmin`='0', + `ttpadmin`='0', + `locadmin`='0', + `admin`='0', + `adadmin`='0', + `tverify`='0', + `board`='0' + where `id`='$id'"); //block account mysql_query("update `users` set `locked`='1' where `id`='$id'"); //, `deleted`=Now() @@ -942,11 +948,11 @@ // called from includes/account.php if($oldid == 50 && $process != "") $uid = intval($uid); if (0==$cca) { - $query1 = "select 1 from `domiancerts` where `memid`='$uid' and `expire`>NOW()"; - $query2 = "select 1 from `domiancerts` where `memid`='$uid' and `revoked`>NOW()"; + $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>NOW() and `revoked`<`created`"; + $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>NOW()"; }else{ - $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>NOW()+90*86400"; - $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>NOW()+90*86400"; + $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>(NOW()-90*86400) and `revoked`<`created`"; + $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>(NOW()-90*86400)"; } $res = mysql_query($query1); $r1 = mysql_num_rows($res)>0; @@ -960,11 +966,11 @@ // called from includes/account.php if($oldid == 50 && $process != "") $uid = intval($uid); if (0==$cca) { - $query1 = "select 1 from `domiancerts` where `memid`='$uid' and `expire`>NOW()"; - $query2 = "select 1 from `domiancerts` where `memid`='$uid' and `revoked`>NOW()"; + $query1 = "select 1 from `domaincerts` where `memid`='$uid' and `expire`>NOW() and `revoked`<`created`"; + $query2 = "select 1 from `domaincerts` where `memid`='$uid' and `revoked`>NOW()"; }else{ - $query1 = "select 1 from `domiancerts` where `memid`='$uid' and `expire`>NOW()+90*86400"; - $query2 = "select 1 from `domiancerts` where `memid`='$uid' and `revoked`>NOW()+90*86400"; + $query1 = "select 1 from `domaincerts` where `memid`='$uid' and `expire`>(NOW()-90*86400) and `revoked`<`created`"; + $query2 = "select 1 from `domaincerts` where `memid`='$uid' and `revoked`>(NOW()-90*86400)"; } $res = mysql_query($query1); $r1 = mysql_num_rows($res)>0; |