summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormam <m.maengel@project-biz.de>2014-02-18 23:46:43 +0100
committermam <m.maengel@project-biz.de>2014-02-18 23:46:43 +0100
commitc5e9c32222afb159e0e03a423c5b942a68661bc0 (patch)
tree418e2b2d721a5249f1d075899b36d7d41a1d3029
parent351c76a5a61a9d0ac9564580cfb66b5090505443 (diff)
downloadcacert-devel-c5e9c32222afb159e0e03a423c5b942a68661bc0.tar.gz
cacert-devel-c5e9c32222afb159e0e03a423c5b942a68661bc0.tar.xz
cacert-devel-c5e9c32222afb159e0e03a423c5b942a68661bc0.zip
bug 1138: added ticket validation to account history view
-rw-r--r--pages/account/59.php17
1 files changed, 15 insertions, 2 deletions
diff --git a/pages/account/59.php b/pages/account/59.php
index 4cf81c0..05a6cb5 100644
--- a/pages/account/59.php
+++ b/pages/account/59.php
@@ -17,10 +17,13 @@
*/
include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
+
$colspandefault=2;
$userid = intval($_REQUEST['userid']);
$res =get_user_data($userid);
+
+
if(mysql_num_rows($res) <= 0)
{
echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
@@ -41,7 +44,11 @@ $support=0;
if(intval($_REQUEST['oldid'])==43){
$support=$_SESSION['profile']['admin'];
}
-
+$ticketno = ""; if(array_key_exists('ticketno', $_SESSION)) $ticketno = $_SESSION['ticketno'];
+if (!valid_ticket_number($ticketno) && $support == 1) {
+ echo printf(_("I'm sorry, you did not enter a ticket number!%sSupport is not allowed to view the account history without a ticket number.%s"), '<br/>', '<br/><a href="account.php?id=43&amp;userid=' . intval($_REQUEST['userid']) .'">'. _('Back to previous page.').'</a>');
+ exit;
+}
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
@@ -287,5 +294,11 @@ if (1 == $support) {
}
}ELSE{
?><td colspan="<?=$colspan?>" ><?=_('no entry avialable')?></td><?
- }?>
+ }
+ if ($support==1) {
+ ?><td colspan="<?=$colspan?>" ><a href="account.php?id=43&amp;userid=' . intval($_REQUEST['userid']) .'">'. _('Back to previous page.').'</a>'?></td><?
+ }
+
+ ?>
+
</table>