diff options
author | INOPIAE <inopiae@cacert.org> | 2014-01-06 09:19:30 +0100 |
---|---|---|
committer | INOPIAE <inopiae@cacert.org> | 2014-01-06 09:19:30 +0100 |
commit | 41f47a449c77f14f44e2cf073b2ffa951e57787d (patch) | |
tree | 06b2b8df9798012fd029b95953efadcd89e47959 | |
parent | beef667c8fc1dd6e41807732358174832d801ecf (diff) | |
download | cacert-devel-41f47a449c77f14f44e2cf073b2ffa951e57787d.tar.gz cacert-devel-41f47a449c77f14f44e2cf073b2ffa951e57787d.tar.xz cacert-devel-41f47a449c77f14f44e2cf073b2ffa951e57787d.zip |
bug 1236: Fixed show detail problem
-rw-r--r-- | includes/account.php | 30 |
1 files changed, 17 insertions, 13 deletions
diff --git a/includes/account.php b/includes/account.php index f28cf49..67f0e7a 100644 --- a/includes/account.php +++ b/includes/account.php @@ -25,6 +25,8 @@ $id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']); $oldid = 0; if(array_key_exists("oldid",$_REQUEST)) $oldid=intval($_REQUEST['oldid']); $process = ""; if(array_key_exists("process",$_REQUEST)) $process=$_REQUEST['process']; +// $showdetalis refers to Secret Question and Answers from account/13.php + $showdetails = ""; if(array_key_exists("showdetails",$_REQUEST)) $showdetails=$_REQUEST['showdetails']; $cert=0; if(array_key_exists('cert',$_REQUEST)) $cert=intval($_REQUEST['cert']); $orgid=0; if(array_key_exists('orgid',$_REQUEST)) $orgid=intval($_REQUEST['orgid']); @@ -1205,7 +1207,7 @@ mysql_query("update `emailcerts` set `disablelogin`='$disablelogin', `description`='$description' where `id`='".$_REQUEST['certid']."' and `memid`='".$_SESSION['profile']['id']."'"); } - if($oldid == 13 && $process != "") + if($oldid == 13 && $process != "" && $showdetails!="") { csrf_check("perschange"); $_SESSION['_config']['user'] = $_SESSION['profile']; @@ -1313,18 +1315,20 @@ where `id`='".$_SESSION['profile']['id']."'"; mysql_query($query); } - $query = "update `users` set `Q1`='".$_SESSION['_config']['user']['Q1']."', - `Q2`='".$_SESSION['_config']['user']['Q2']."', - `Q3`='".$_SESSION['_config']['user']['Q3']."', - `Q4`='".$_SESSION['_config']['user']['Q4']."', - `Q5`='".$_SESSION['_config']['user']['Q5']."', - `A1`='".$_SESSION['_config']['user']['A1']."', - `A2`='".$_SESSION['_config']['user']['A2']."', - `A3`='".$_SESSION['_config']['user']['A3']."', - `A4`='".$_SESSION['_config']['user']['A4']."', - `A5`='".$_SESSION['_config']['user']['A5']."' - where `id`='".$_SESSION['profile']['id']."'"; - mysql_query($query); + if ($showdetails!="") { + $query = "update `users` set `Q1`='".$_SESSION['_config']['user']['Q1']."', + `Q2`='".$_SESSION['_config']['user']['Q2']."', + `Q3`='".$_SESSION['_config']['user']['Q3']."', + `Q4`='".$_SESSION['_config']['user']['Q4']."', + `Q5`='".$_SESSION['_config']['user']['Q5']."', + `A1`='".$_SESSION['_config']['user']['A1']."', + `A2`='".$_SESSION['_config']['user']['A2']."', + `A3`='".$_SESSION['_config']['user']['A3']."', + `A4`='".$_SESSION['_config']['user']['A4']."', + `A5`='".$_SESSION['_config']['user']['A5']."' + where `id`='".$_SESSION['profile']['id']."'"; + mysql_query($query); + } //!!!Should be rewritten $_SESSION['_config']['user']['otphash'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otphash'])))); |