bug 789: Remove non-relevant parts and fix some minor things.

- get rid of $_SESSION['_config']['domid'] (do it via REQUEST)
- use "cancel" instead of process

Signed-off-by: Michael Tänzer <neo@nhng.de>

3 files changed, 13 insertions, 17 deletions

diff --git a/includes/account.php b/includes/account.php
index 171c79e..e64f360 100755
--- a/includes/account.php
+++ b/includes/account.php
@@ -2138,19 +2138,15 @@
 
 	if($oldid == 29 && $process != "")
 	{
-		// $domain = mysql_real_escape_string(stripslashes(trim($domainname)));
-		$domain = $_SESSION['_config']['domain'] = trim(mysql_real_escape_string(stripslashes($_REQUEST['domainname'])));
+		$domain = mysql_real_escape_string(stripslashes(trim($_REQUEST['domainname'])));
 
-		$res1 = mysql_query("select * from `orgdomains` where `domain` like '$domain' and `id`!='".intval($_SESSION['_config']['domid'])."'");
+		$res1 = mysql_query("select * from `orgdomains` where `domain` like '$domain' and `id`!='".intval($domid)."'");
 		$res2 = mysql_query("select * from `domains` where `domain` like '$domain' and `deleted`=0");
 		if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0)
 		{
 			$_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in a different account and is listed as valid. Can't continue."), sanitizeHTML($domain));
 			$id = $oldid;
 			$oldid=0;
-			// reset domid into its original state
-			$domid = $_SESSION['_config']['domid'];
-			$_REQUEST['domid'] = $domid;
 		}
 	}
 
@@ -2159,7 +2155,7 @@
 		$query = "select `orgdomaincerts`.`id` as `id` from `orgdomlink`, `orgdomaincerts`, `orgdomains` where 
 				`orgdomlink`.`orgdomid`=`orgdomains`.`id` and
 				`orgdomaincerts`.`id`=`orgdomlink`.`orgcertid` and
-				`orgdomains`.`id`='".intval($_SESSION['_config']['domid'])."'";
+				`orgdomains`.`id`='".intval($domid)."'";
 		$res = mysql_query($query);
 		while($row = mysql_fetch_assoc($res))
 			mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['id']."'");
@@ -2167,7 +2163,7 @@
 		$query = "select `orgemailcerts`.`id` as `id` from `orgemailcerts`, `orgemaillink`, `orgdomains` where 
 				`orgemaillink`.`domid`=`orgdomains`.`id` and
 				`orgemailcerts`.`id`=`orgemaillink`.`emailcertsid` and
-				`orgdomains`.`id`='".intval($_SESSION['_config']['domid'])."'";
+				`orgdomains`.`id`='".intval($domid)."'";
 		$res = mysql_query($query);
 		while($row = mysql_fetch_assoc($res))
 			mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($row['id'])."'");
@@ -2175,23 +2171,23 @@
 
 	if($oldid == 29 && $process != "")
 	{
-		$row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($_SESSION['_config']['domid'])."'"));
-		mysql_query("update `orgdomains` set `domain`='$domain' where `id`='".intval($_SESSION['_config']['domid'])."'");
+		$row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($domid)."'"));
+		mysql_query("update `orgdomains` set `domain`='$domain' where `id`='".intval($domid)."'");
 		showheader(_("My CAcert.org Account!"));
 		printf(_("'%s' has just been successfully updated in the database."), sanitizeHTML($domain));
-		echo "<br><br><a href='account.php?id=26&orgid=".intval($_SESSION['_config']['orgid'])."'>"._("Click here")."</a> "._("to continue.");
+		echo "<br><br><a href='account.php?id=26&orgid=".intval($orgid)."'>"._("Click here")."</a> "._("to continue.");
 		showfooter();
 		exit;
 	}
 
 	if($oldid == 30 && $process != "")
 	{
-		$row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($_SESSION['_config']['domid'])."'"));
+		$row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($domid)."'"));
 		$domain = $row['domain'];
-		mysql_query("delete from `orgdomains` where `id`='".intval($_SESSION['_config']['domid'])."'");
+		mysql_query("delete from `orgdomains` where `id`='".intval($domid)."'");
 		showheader(_("My CAcert.org Account!"));
 		printf(_("'%s' has just been successfully deleted from the database."), sanitizeHTML($domain));
-		echo "<br><br><a href='account.php?id=26&orgid=".intval($_SESSION['_config']['orgid'])."'>"._("Click here")."</a> "._("to continue.");
+		echo "<br><br><a href='account.php?id=26&orgid=".intval($orgid)."'>"._("Click here")."</a> "._("to continue.");
 		showfooter();
 		exit;
 	}
@@ -2964,6 +2960,4 @@
 		$_SESSION['_config']['orgid'] = intval($orgid);
 	if(intval($memid) > 0)
 		$_SESSION['_config']['memid'] = intval($memid);
-	if(intval($domid) > 0)
-		$_SESSION['_config']['domid'] = intval($domid);
 ?>
diff --git a/pages/account/29.php b/pages/account/29.php
index bc930f6..4229b3b 100755
--- a/pages/account/29.php
+++ b/pages/account/29.php
@@ -35,11 +35,12 @@
     <td class="DataTD"><input type="text" name="domainname" value="<?=sanitizeHTML($_SESSION['_config']['domain'])?>"></td>
   </tr>
   <tr>
-    <td class="DataTD"><input type="submit" name="process" value="<?=_("Cancel")?>"></td>
+    <td class="DataTD"><input type="submit" name="cancel" value="<?=_("Cancel")?>"></td>
     <td class="DataTD"><input type="submit" name="process" value="<?=_("Update")?>"></td>
   </tr>
 </table>
 <input type="hidden" name="oldid" value="<?=intval($id)?>">
 <input type="hidden" name="orgid" value="<?=intval($_REQUEST['orgid'])?>">
+<input type="hidden" name="domid" value="<?=intval($_REQUEST['domid'])?>">
 
 </form>
diff --git a/pages/account/30.php b/pages/account/30.php
index 30c86f3..0c7d337 100644
--- a/pages/account/30.php
+++ b/pages/account/30.php
@@ -41,5 +41,6 @@
 <input type="hidden" name="oldid" value="<?=intval($id)?>">
 <input type="hidden" name="orgid" value="<?=intval($_REQUEST['orgid'])?>">
 <input type="hidden" name="domain" value="<?=sanitizeHTML($row['domain'])?>">
+<input type="hidden" name="domid" value="<?=intval($_REQUEST['domid'])?>">
 
 </form>