summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorINOPIAE <inopiae@cacert.org>2013-05-05 12:37:18 +0200
committerINOPIAE <inopiae@cacert.org>2013-05-05 12:37:18 +0200
commit5c3807f7c86dd4ceb3661e84661ec88760095eed (patch)
treea28fab2f8a8eb56a1e568f3882b687a397c27771
parentef6fa684e0c1ac2155036cc2981c65482de92bfc (diff)
downloadcacert-devel-5c3807f7c86dd4ceb3661e84661ec88760095eed.tar.gz
cacert-devel-5c3807f7c86dd4ceb3661e84661ec88760095eed.tar.xz
cacert-devel-5c3807f7c86dd4ceb3661e84661ec88760095eed.zip
bug 1173: added check for disputes on locked accounts
-rw-r--r--www/disputes.php38
1 files changed, 36 insertions, 2 deletions
diff --git a/www/disputes.php b/www/disputes.php
index 5b78c1e..96f117e 100644
--- a/www/disputes.php
+++ b/www/disputes.php
@@ -236,6 +236,23 @@
exit;
}
+ //check if email belongs to locked account
+ $res = mysql_query("select 1 from `email`, `users` where `email`.`email`='$email' and `email`.`memid`=`users`.`id` and (`users`.`assurer_blocked`=1 or `users`.`locked`=1)");
+ if(mysql_num_rows($res) > 0)
+ {
+ showheader(_("Email Dispute"));
+ printf(_("Sorry, the email address '%s' cannot be disputed for administrative reasons. To solve this problem please get in contact with %s."), sanitizeHTML($email),"<a href='mailto:support@cacert.org'>support@cacert.org</a>");
+
+ $body = "Someone has just attempted to dispute this email '".$email."', which belongs to a locked account:\n".
+ "Username(ID): ".$_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']."(".$_SESSION['profile']['id'].")\n".
+ "email: ".$_SESSION['profile']['email']."\n".
+ "IP/Hostname: ".$_SERVER['REMOTE_ADDR'].(array_key_exists('REMOTE_HOST',$_SERVER)?"/".$_SERVER['REMOTE_HOST']:"")."\n".
+ sendmail("support@cacert.org", "[CAcert.org] failed dispute on locked account", $body, $_SESSION['profile']['email'], "", "", $_SESSION['profile']['fname']);
+
+ showfooter();
+ exit;
+ }
+
$res = mysql_query("select * from `disputeemail` where `email`='$email' and hash!=''");
if(mysql_num_rows($res) > 0)
{
@@ -264,7 +281,7 @@
echo _("You aren't allowed to dispute your own email addresses. Can't continue.");
showfooter();
exit;
- }
+ }
$res = mysql_query("select * from `users` where `id`='$oldmemid'");
$user = mysql_fetch_assoc($res);
@@ -308,6 +325,23 @@
exit;
}
+ //check if domain belongs to locked account
+ $res = mysql_query("select 1 from `domains`, `users` where `domains`.`domain`='$domain' and `domains`.`memid`=`users`.`id` and (`users`.`assurer_blocked`=1 or `users`.`locked`=1)");
+ if(mysql_num_rows($res) > 0)
+ {
+ showheader(_("Domain Dispute"));
+ printf(_("Sorry, the domain '%s' cannot be disputed for administrative reasons. To solve this problem please get in contact with %s."), sanitizeHTML($domain),"<a href='mailto:support@cacert.org'>support@cacert.org</a>");
+
+ $body = "Someone has just attempted to dispute this domain '".$domain."', which belongs to a locked account:\n".
+ "Username(ID): ".$_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']."(".$_SESSION['profile']['id'].")\n".
+ "email: ".$_SESSION['profile']['email']."\n".
+ "IP/Hostname: ".$_SERVER['REMOTE_ADDR'].(array_key_exists('REMOTE_HOST',$_SERVER)?"/".$_SERVER['REMOTE_HOST']:"")."\n".
+ sendmail("support@cacert.org", "[CAcert.org] failed dispute on locked account", $body, $_SESSION['profile']['email'], "", "", $_SESSION['profile']['fname']);
+
+ showfooter();
+ exit;
+ }
+
$query = "select * from `disputedomain` where `domain`='$domain' and hash!=''";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
@@ -336,7 +370,7 @@
echo _("You aren't allowed to dispute your own domains. Can't continue.");
showfooter();
exit;
- }
+ }
$domainid = $row['id'];
$_SESSION['_config']['domainid'] = $domainid;