summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorINOPIAE <inopiae@cacert.org>2012-12-15 14:38:44 +0100
committerBenny Baumann <BenBE@geshi.org>2013-01-07 00:18:47 +0100
commit0f2ef2f94a72bd9d869c7e79674dc39f0bf0a71b (patch)
tree443127fe9af060b8d67df60fa8b760d83ddb1897
parent7baaa9a0ac611329539a43031ca3d0e81bba2b5f (diff)
downloadcacert-devel-0f2ef2f94a72bd9d869c7e79674dc39f0bf0a71b.tar.gz
cacert-devel-0f2ef2f94a72bd9d869c7e79674dc39f0bf0a71b.tar.xz
cacert-devel-0f2ef2f94a72bd9d869c7e79674dc39f0bf0a71b.zip
bug 893:extracted delete functionalities to temp_functions.php, modified www/disputes.php, includes/account.php with the new function calls, changed the the delete account routine for pages/account/50.php
Late the functions from temp_functions.php should be moved to notary_inc.php???
-rw-r--r--includes/account.php65
-rw-r--r--includes/temp_functions.php153
-rw-r--r--pages/account/50.php6
-rw-r--r--www/disputes.php35
4 files changed, 179 insertions, 80 deletions
diff --git a/includes/account.php b/includes/account.php
index 4faa0e5..5ac5a6a 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -18,7 +18,8 @@
require_once("../includes/loggedin.php");
require_once("../includes/lib/l10n.php");
require_once('lib/check_weak_key.php');
-
+ require_once("../includes/temp_functions.php");
+
loadem("account");
$id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']);
@@ -160,17 +161,7 @@
{
$row = mysql_fetch_assoc($res);
echo $row['email']."<br>\n";
- $query = "select `emailcerts`.`id`
- from `emaillink`,`emailcerts` where
- `emailid`='$id' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and
- `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0
- group by `emailcerts`.`id`";
- $dres = mysql_query($query);
- while($drow = mysql_fetch_assoc($dres))
- mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['id']."'");
-
- $query = "update `email` set `deleted`=NOW() where `id`='$id'";
- mysql_query($query);
+ account_email_delete($row['id']);
$delcount++;
}
}
@@ -621,31 +612,9 @@
{
$row = mysql_fetch_assoc($res);
echo $row['domain']."<br>\n";
-
- $dres = mysql_query(
- "select distinct `domaincerts`.`id`
- from `domaincerts`, `domlink`
- where `domaincerts`.`domid` = '$id'
- or (
- `domaincerts`.`id` = `domlink`.`certid`
- and `domlink`.`domid` = '$id'
- )");
- while($drow = mysql_fetch_assoc($dres))
- {
- mysql_query(
- "update `domaincerts`
- set `revoked`='1970-01-01 10:00:01'
- where `id` = '".$drow['id']."'
- and `revoked` = 0
- and UNIX_TIMESTAMP(`expire`) -
- UNIX_TIMESTAMP() > 0");
- }
-
- mysql_query(
- "update `domains`
- set `deleted`=NOW()
- where `id` = '$id'");
+ account_domain_delete($row['id']);
}
+
}
}
else
@@ -2324,8 +2293,8 @@
$row = mysql_fetch_assoc($res);
if ( !is_assurer(intval($row['id'])) )
{
- $id = $oldid;
- $oldid=0;
+ $id = $oldid;
+ $oldid=0;
$_SESSION['_config']['errmsg'] =
_("The user is not an Assurer yet");
} else {
@@ -2874,23 +2843,11 @@
if($oldid == 50 && $process != "")
{
$_REQUEST['userid'] = intval($_REQUEST['userid']);
- $res = mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'");
- if(mysql_num_rows($res) > 0)
- {
- $query = "update `domaincerts`,`domains` SET `domaincerts`.`revoked`='1970-01-01 10:00:01'
- WHERE `domaincerts`.`domid` = `domains`.`id` AND `domains`.`memid`='".intval($_REQUEST['userid'])."'";
- mysql_query($query);
- $query = "update `domains` SET `deleted`=NOW() WHERE `domains`.`memid`='".intval($_REQUEST['userid'])."'";
- mysql_query($query);
- $query = "update `emailcerts` SET `revoked`='1970-01-01 10:00:01' WHERE `memid`='".intval($_REQUEST['userid'])."'";
- mysql_query($query);
- $query = "update `email` SET `deleted`=NOW() WHERE `memid`='".intval($_REQUEST['userid'])."'";
- mysql_query($query);
- $query = "delete from `org` WHERE `memid`='".intval($_REQUEST['userid'])."'";
- mysql_query($query);
- $query = "update `users` SET `deleted`=NOW() WHERE `id`='".intval($_REQUEST['userid'])."'";
- mysql_query($query);
+ if (!isset($_REQUEST['arbitrationno'])){
+ echo _("You did not enter an arbitration number.");
+ exit;
}
+ account_delete($_REQUEST['userid'], $_REQUEST['arbitrationno'], $_SESSION['profile']['id']);
}
if(($id == 51 || $id == 52 || $oldid == 52) && $_SESSION['profile']['tverify'] <= 0)
diff --git a/includes/temp_functions.php b/includes/temp_functions.php
new file mode 100644
index 0000000..bd07127
--- /dev/null
+++ b/includes/temp_functions.php
@@ -0,0 +1,153 @@
+<?php
+//just temoprary file to find all function needed for account delete
+
+function account_email_delete($mailid){
+//deletes an email entry from an acount
+//revolkes all certifcates for that email address
+//called from www/account.php if($process != "" && $oldid == 2)
+//called from www/diputes.php if($type == "reallyemail") / if($action == "accept")
+
+ $query = "select `emailcerts`.`id`
+ from `emaillink`,`emailcerts` where
+ emailid`='$mailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and
+ `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0
+ group by `emailcerts`.`id`";
+ $dres = mysql_query($query);
+ while($drow = mysql_fetch_assoc($dres)){
+ mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['id']."'");
+ }
+ $query = "update `email` set `deleted`=NOW() where `id`='$mailid'";
+ mysql_query($query);
+}
+
+function account_domain_delete($domainid){
+//deletes an domain entry from an acount
+//revolkes all certifcates for that domain address
+//called from www/account.php if($process != "" && $oldid == 9)
+//called from www/diputes.php if($type == "reallydomain") / if($action == "accept")
+
+ $query = "select distinct `domaincerts`.`id`
+ from `domaincerts`, `domlink`
+ where `domaincerts`.`domid` = '$domainid'
+ or (
+ `domaincerts`.`id` = `domlink`.`certid`
+ and `domlink`.`domid` = '$domainid'";
+ $dres = mysql_query($query);
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ mysql_query(
+ "update `domaincerts`
+ set `revoked`='1970-01-01 10:00:01'
+ where `id` = '".$drow['id']."'
+ and `revoked` = 0
+ and UNIX_TIMESTAMP(`expire`) -
+ UNIX_TIMESTAMP() > 0");
+ }
+ mysql_query(
+ "update `domains`
+ set `deleted`=NOW()
+ where `id` = '$domainid'");
+
+}
+
+function account_delete($id, $arbno, $adminid){
+//deletes an account following the deleted account routnie V3
+// called from www/account.php if($oldid == 50 && $process != "")
+//change password
+ $pool = "abcdefghijklmnopqrstuvwxyz";
+ $pool .= "0123456789!()ยง";
+ $pool .= "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+ srand ((double)microtime()*1000000);
+ $password="";
+ for($index = 0; $index < 30; $index++)
+ {
+ $password .= substr($pool,(rand()%(strlen ($pool))), 1);
+ }
+ mysql_query("update `users` set `password`=sha1('".$password."') where `id`='".$id."'");
+
+//create new mail for arbitration number
+ $query = "insert into `email` set `email`='".$arbno."@cacert.org',`memid`='".$id."',`created`=NOW(),`modified`=NOW(), `attempts`=-1";
+ mysql_query($query);
+ $emailid = mysql_insert_id();
+
+//set new mail as default
+ $query = "update `users` set `email`='".$arbno."@cacert.org' where `id`='".$id."'";
+ mysql_query($query);
+
+//delete all other email address
+ $query = "select * from `email` where `memid`='".$id."' and `memid`='".$emailid."'" ;
+ $res=mysql_query($query);
+ while($row = mysql_fetch_assoc(dres)){}
+ account_email_delete($row['id']);
+ }
+
+//delete all domains
+ $query = "select * from `domains` where `memid`='".$id."'";
+ $res=mysql_query($query);
+ while($row = mysql_fetch_assoc($res)){}
+ account_email_delete($row['id']);
+ }
+//clear alert settings
+ mysql_query("update `alerts` set `general`='1' where `memid`='$id'");
+ mysql_query("update `alerts` set `country`='1' where `memid`='$id'");
+ mysql_query("update `alerts` set `regional`='1' where `memid`='$id'");
+ mysql_query("update `alerts` set `radius`='1' where `memid`='$id'");
+
+//set default location
+ $query = "update `users` set `locid`='2256755', `regid`='243', `ccid`='12' where `id`='".$id."'";
+ mysql_query($query);
+
+//clear listings
+ $query = "update `users` set `listme`=' ',`contactinfo`=' ' where `id`='".$id."'";
+ mysql_query($query);
+
+//set lanuage to default
+ //set default language
+ mysql_query("update `users` set `language`='en_AU' where `id`='".$id."'");
+ //delete secondary langugaes
+ mysql_query("delete from `addlang` where `userid`='".$id."'");
+
+//change secret questions
+ for($i=1;$i<=5;$i++){}
+ $q="";
+ $a=""
+ for($index = 0; $index < 30; $index++)
+ {
+ $q .= substr($pool,(rand()%(strlen ($pool))), 1);
+ $a .= substr($pool,(rand()%(strlen ($pool))), 1);
+ }
+ $query = "update `users` set `Q".$i."`='".$q."',
+ `A".$i."`='".$a."',
+ where `id`='".$id."'";
+ mysql_query($query);
+ }
+
+//change personal information to arbitration number and DOB=1900-01-01
+ $query = "select `fname`,`mname`,`lname`,`suffix`,`dob` from `users` where `id`='$userid'";
+ $details = mysql_fetch_assoc(mysql_query($query));
+ $query = "insert into `adminlog` set `when`=NOW(),`old-lname`='${details['lname']}',`old-dob`='${details['dob']}',
+ `new-lname`='$arbno',`new-dob`='1900-01-01',`uid`='$id',`adminid`='".$adminid."'";
+ mysql_query($query);
+ $query = "update `users` set `fname`='".$arbno."',
+ `mname`='".$arbno."',
+ `lname`='".$arbno."',
+ `suffix`='".$arbno."',
+ `dob`='1900-01-01'
+ where `id`='".$id."'";
+ mysql_query($query);
+
+//clear all admin flags
+ mysql_query("update `users` set `assurer`='0' where `id`='$id'");
+ mysql_query("update `users` set `assurer_blocked`='0' where `id`='$id'");
+ mysql_query("update `users` set `codesign`='0' where `id`='$id'");
+ mysql_query("update `users` set `orgadmin`='0' where `id`='$id'");
+ mysql_query("update `users` set `ttpadmin`='0' where `id`='$id'");
+ mysql_query("update `users` set `locadmin`='0' where `id`='$id'");
+ mysql_query("update `users` set `admin`='0' where `id`='$id'");
+ mysql_query("update `users` set `adadmin`='0' where `id`='$id'");
+ mysql_query("update `users` set `tverify`='0' where `id`='$id'");
+
+//block account
+ mysql_query("update `users` set `locked`='1' where `id`='$id'");
+}
+?>
diff --git a/pages/account/50.php b/pages/account/50.php
index 1604156..48c8896 100644
--- a/pages/account/50.php
+++ b/pages/account/50.php
@@ -19,13 +19,17 @@
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
- <td colspan="2" class="title"><?=_("Change Password")?></td>
+ <td colspan="2" class="title"><?=_("Delete Account")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Email")?>:</td>
<td class="DataTD"><b><?=sanitizeHTML($_REQUEST['email'])?></b></td>
</tr>
<tr>
+ <td class="DataTD"><?=_("Username from arbitration number.")?>:</td>
+ <td class="DataTD"><input type="text" name="arbitrationno"></td>
+ </tr>
+ <tr>
<td class="DataTD" colspan="2"><?=_("Are you sure you want to delete this user, while not actually deleting the account it will completely disable it and revoke any/all certificates currently issued.")?></td>
</tr>
<tr>
diff --git a/www/disputes.php b/www/disputes.php
index 5b78c1e..3eec20b 100644
--- a/www/disputes.php
+++ b/www/disputes.php
@@ -17,7 +17,8 @@
*/ ?>
<?
require_once("../includes/loggedin.php");
-
+ require_once("../includes/temp_functions.php");
+
loadem("account");
$type=""; if(array_key_exists('type',$_REQUEST)) $type=$_REQUEST['type'];
@@ -58,24 +59,13 @@
{
$row = mysql_fetch_assoc($res);
echo $row['email']."<br>\n";
- $query = "select `emailcerts`.`id`
- from `emaillink`,`emailcerts` where
- `emailid`='$emailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and
- `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0
- group by `emailcerts`.`id`";
- $dres = mysql_query($query);
- while($drow = mysql_fetch_assoc($dres))
- mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($drow['id'])."'");
-
- $do = `../scripts/runclient`;
- $query = "update `email` set `deleted`=NOW() where `id`='".intval($emailid)."'";
- mysql_query($query);
+ account_email_delete($row['id']);
}
mysql_query("update `disputeemail` set hash='',action='accept' where `id`='$emailid'");
- $rc = mysql_num_rows(mysql_query("select * from `domains` where `memid`='$oldmemid' and `deleted`=0"));
- $rc = mysql_num_rows(mysql_query("select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'"));
- $res = mysql_query("select * from `users` where `id`='$oldmemid'");
- $user = mysql_fetch_assoc($res);
+ $rc = mysql_num_rows(mysql_query("select * from `domains` where `memid`='$oldmemid' and `deleted`=0"));
+ $rc = mysql_num_rows(mysql_query("select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'"));
+ $res = mysql_query("select * from `users` where `id`='$oldmemid'");
+ $user = mysql_fetch_assoc($res);
if($rc == 0 && $rc2 == 0 && $_SESSION['_config']['email'] == $user['email'])
{
mysql_query("update `users` set `deleted`=NOW() where `id`='$oldmemid'");
@@ -160,18 +150,13 @@
showheader(_("Domain Dispute"));
echo "<p>"._("You have opted to accept this dispute and the request will now remove this domain from the existing account, and revoke any current certificates.")."</p>";
echo "<p>"._("The following accounts have been removed:")."<br>\n";
+ //new account_domain_delete($domainid, $memberID)
$query = "select * from `domains` where `id`='$domainid' and deleted=0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
- echo $_SESSION['_config']['domain']."<br>\n";
- mysql_query("update `domains` set `deleted`=NOW() where `id`='$domainid'");
- $query = "select * from `domlink` where `domid`='$domainid'";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
- mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['certid']."' and `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0");
- $do = `../scripts/runserver`;
- }
+ echo $_SESSION['_config']['domain']."<br>\n";
+ account_domain_delete($domainid);
mysql_query("update `disputedomain` set hash='',action='accept' where `id`='$domainid'");
showfooter();
exit;