diff options
author | Michael Tänzer <neo@nhng.de> | 2014-04-02 01:02:23 +0200 |
---|---|---|
committer | Michael Tänzer <neo@nhng.de> | 2014-04-02 01:02:23 +0200 |
commit | efcc291e3a7e1413bf6340ba76ae1ae11b62b05f (patch) | |
tree | 7d26811f09099b7648af0863412725192f68b356 | |
parent | d44ae6a04770b7abb0bcf2784b16fdcddc9ad9ac (diff) | |
download | cacert-devel-efcc291e3a7e1413bf6340ba76ae1ae11b62b05f.tar.gz cacert-devel-efcc291e3a7e1413bf6340ba76ae1ae11b62b05f.tar.xz cacert-devel-efcc291e3a7e1413bf6340ba76ae1ae11b62b05f.zip |
bug 1138: Error handling when inserting to the admin log
Signed-off-by: Michael Tänzer <neo@nhng.de>
-rw-r--r-- | includes/account.php | 129 | ||||
-rw-r--r-- | includes/notary.inc.php | 15 | ||||
-rw-r--r-- | pages/account/43.php | 36 | ||||
-rw-r--r-- | pages/account/59.php | 7 |
4 files changed, 148 insertions, 39 deletions
diff --git a/includes/account.php b/includes/account.php index 4e59a00..44a0cb8 100644 --- a/includes/account.php +++ b/includes/account.php @@ -2704,6 +2704,13 @@ function buildSubjectFromSession() { { $id = 43; $oldid=0; + $userid = intval($_REQUEST['userid']); + if (!write_se_log($userid, $_SESSION['profile']['id'],'SE Name/DOB Change',$ticketno)) { + showheader(_("Something went wrong")); + echo _("Writing to the admin log failed. Can't continue."); + showfooter(); + exit; + } $fname = mysql_real_escape_string($_REQUEST['fname']); $mname = mysql_real_escape_string($_REQUEST['mname']); $lname = mysql_real_escape_string($_REQUEST['lname']); @@ -2711,10 +2718,8 @@ function buildSubjectFromSession() { $day = intval($_REQUEST['day']); $month = intval($_REQUEST['month']); $year = intval($_REQUEST['year']); - $userid = intval($_REQUEST['userid']); $query = "update `users` set `fname`='$fname',`mname`='$mname',`lname`='$lname',`suffix`='$suffix',`dob`='$year-$month-$day' where `id`='$userid'"; mysql_query($query); - write_se_log($userid, $_SESSION['profile']['id'],'SE Name/DOB Change',$ticketno); }elseif($oldid == 43 && $actionrequest == "updatedob" && $ticketvalidation == FALSE){ $id = 43; $oldid=0; @@ -2724,8 +2729,13 @@ function buildSubjectFromSession() { if($oldid == 43 && $actionrequest == 'revokecert' && $ticketvalidation == TRUE) { $userid = intval($_REQUEST['userid']); + if (!write_se_log($userid, $_SESSION['profile']['id'], 'SE Revoke all certificates',$ticketno)) { + showheader(_("Something went wrong")); + echo _("Writing to the admin log failed. Can't continue."); + showfooter(); + exit; + } revoke_all_private_cert($userid); - write_se_log($userid, $_SESSION['profile']['id'], 'SE Revoke all certificates',$ticketno); $id=43; }elseif($oldid == 43 && $actionrequest == "revokecert" && $ticketvalidation == FALSE){ $id = 43; @@ -2762,6 +2772,12 @@ function buildSubjectFromSession() { { echo _("No such user found."); } else { + if (!write_se_log(intval($_REQUEST['userid']), $_SESSION['profile']['id'],'SE reset password',$ticketno)) { + showheader(_("Something went wrong")); + echo _("Writing to the admin log failed. Can't continue."); + showfooter(); + exit; + } mysql_query("update `users` set `password`=sha1('".mysql_real_escape_string(stripslashes($_REQUEST['newpass']))."') where `id`='".intval($_REQUEST['userid'])."'"); $row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'")); printf(_("The password for %s has been updated successfully in the system."), sanitizeHTML($row['email'])); @@ -2775,7 +2791,6 @@ function buildSubjectFromSession() { sendmail($row['email'], "[CAcert.org] "._("Password Update Notification"), $body, "support@cacert.org", "", "", "CAcert Support"); - write_se_log(intval($_REQUEST['userid']), $_SESSION['profile']['id'],'SE reset password',$ticketno); } showfooter(); @@ -2881,11 +2896,16 @@ function buildSubjectFromSession() { if($id == 43 && array_key_exists('tverify',$_REQUEST) && $_REQUEST['tverify'] > 0 && $ticketvalidation==TRUE) { $memid = $_REQUEST['userid'] = intval($_REQUEST['tverify']); + if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change tverify status',$ticketno)) { + showheader(_("Something went wrong")); + echo _("Writing to the admin log failed. Can't continue."); + showfooter(); + exit; + } $query = "select * from `users` where `id`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['tverify']; mysql_query("update `users` set `tverify`='$ver' where `id`='$memid'"); - write_se_log($memid, $_SESSION['profile']['id'],'SE Change tverify status',$ticketno); }else{ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!'; } @@ -2894,11 +2914,16 @@ function buildSubjectFromSession() { { csrf_check('admsetassuret'); $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer']); + if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change assurer status',$ticketno)) { + showheader(_("Something went wrong")); + echo _("Writing to the admin log failed. Can't continue."); + showfooter(); + exit; + } $query = "select * from `users` where `id`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['assurer']; mysql_query("update `users` set `assurer`='$ver' where `id`='$memid'"); - write_se_log($memid, $_SESSION['profile']['id'],'SE Change assurer status',$ticketno); }elseif($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0 && $ticketvalidation == FALSE){ $_REQUEST['userid'] = intval($_REQUEST['assurer']); $_SESSION['ticketmsg']='No action (Change assurer status) taken. Ticket number is missing!'; @@ -2907,11 +2932,16 @@ function buildSubjectFromSession() { if($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0 && $ticketvalidation == TRUE) { $memid = $_REQUEST['userid'] = intval($_REQUEST['assurer_blocked']); + if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change assurer blocked status',$ticketno)) { + showheader(_("Something went wrong")); + echo _("Writing to the admin log failed. Can't continue."); + showfooter(); + exit; + } $query = "select * from `users` where `id`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['assurer_blocked']; mysql_query("update `users` set `assurer_blocked`='$ver' where `id`='$memid'"); - write_se_log($memid, $_SESSION['profile']['id'],'SE Change assurer blocked status',$ticketno); }elseif($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0 && $ticketvalidation == FALSE){ $_REQUEST['userid'] = intval($_REQUEST['assurer_blocked']); $_SESSION['ticketmsg']='No action taken. Ticket number is missing!'; @@ -2921,11 +2951,16 @@ function buildSubjectFromSession() { { csrf_check('admactlock'); $memid = $_REQUEST['userid'] = intval($_REQUEST['locked']); + if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change locked status',$ticketno)) { + showheader(_("Something went wrong")); + echo _("Writing to the admin log failed. Can't continue."); + showfooter(); + exit; + } $query = "select * from `users` where `id`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['locked']; mysql_query("update `users` set `locked`='$ver' where `id`='$memid'"); - write_se_log($memid, $_SESSION['profile']['id'],'SE Change locked status',$ticketno); }elseif($id == 43 && array_key_exists('locked',$_REQUEST) && $_REQUEST['locked'] > 0 && $ticketvalidation == FALSE){ $_REQUEST['userid'] = intval($_REQUEST['locked']); $_SESSION['ticketmsg']='No action taken. Ticket number is missing!'; @@ -2935,11 +2970,16 @@ function buildSubjectFromSession() { { csrf_check('admcodesign'); $memid = $_REQUEST['userid'] = intval($_REQUEST['codesign']); + if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change codesign status',$ticketno)) { + showheader(_("Something went wrong")); + echo _("Writing to the admin log failed. Can't continue."); + showfooter(); + exit; + } $query = "select * from `users` where `id`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['codesign']; mysql_query("update `users` set `codesign`='$ver' where `id`='$memid'"); - write_se_log($memid, $_SESSION['profile']['id'],'SE Change codesign status',$ticketno); }elseif($id == 43 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] > 0 && $ticketvalidation == FALSE){ $_REQUEST['userid'] = intval($_REQUEST['codesign']); $_SESSION['ticketmsg']='No action taken. Ticket number is missing!'; @@ -2949,11 +2989,16 @@ function buildSubjectFromSession() { { csrf_check('admorgadmin'); $memid = $_REQUEST['userid'] = intval($_REQUEST['orgadmin']); + if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change org assuer status',$ticketno)) { + showheader(_("Something went wrong")); + echo _("Writing to the admin log failed. Can't continue."); + showfooter(); + exit; + } $query = "select * from `users` where `id`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['orgadmin']; mysql_query("update `users` set `orgadmin`='$ver' where `id`='$memid'"); - write_se_log($memid, $_SESSION['profile']['id'],'SE Change org assuer status',$ticketno); }elseif($id == 43 && array_key_exists('orgadmin',$_REQUEST) && $_REQUEST['orgadmin'] > 0 && $ticketvalidation == FALSE){ $_REQUEST['userid'] = intval($_REQUEST['orgadmin']); $_SESSION['ticketmsg']='No action taken. Ticket number is missing!'; @@ -2963,11 +3008,16 @@ function buildSubjectFromSession() { { csrf_check('admttpadmin'); $memid = $_REQUEST['userid'] = intval($_REQUEST['ttpadmin']); + if(!write_se_log($memid, $_SESSION['profile']['id'],'SE Change ttp admin status',$ticketno)) { + showheader(_("Something went wrong")); + echo _("Writing to the admin log failed. Can't continue."); + showfooter(); + exit; + } $query = "select * from `users` where `id`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['ttpadmin']; mysql_query("update `users` set `ttpadmin`='$ver' where `id`='$memid'"); - write_se_log($memid, $_SESSION['profile']['id'],'SE Change ttp admin status',$ticketno); }elseif($id == 43 && array_key_exists('ttpadmin',$_REQUEST) && $_REQUEST['ttpadmin'] > 0 && $ticketvalidation == FALSE){ $_REQUEST['userid'] = intval($_REQUEST['ttpadmin']); $_SESSION['ticketmsg']='No action taken. Ticket number is missing!'; @@ -2976,13 +3026,18 @@ function buildSubjectFromSession() { if($id == 43 && array_key_exists('adadmin',$_REQUEST) && $_REQUEST['adadmin'] > 0 && $ticketvalidation == TRUE) { $memid = $_REQUEST['userid'] = intval($_REQUEST['adadmin']); + if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change advertising admin status',$ticketno)) { + showheader(_("Something went wrong")); + echo _("Writing to the admin log failed. Can't continue."); + showfooter(); + exit; + } $query = "select * from `users` where `id`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = $row['adadmin'] + 1; if($ver > 2) $ver = 0; mysql_query("update `users` set `adadmin`='$ver' where `id`='$memid'"); - write_se_log($memid, $_SESSION['profile']['id'],'SE Change advertising admin status',$ticketno); }elseif($id == 43 && array_key_exists('adadmin',$_REQUEST) && $_REQUEST['adadmin'] > 0 && $ticketvalidation == FALSE){ $_REQUEST['userid'] = intval($_REQUEST['adadmin']); $_SESSION['ticketmsg']='No action taken. Ticket number is missing!'; @@ -2991,11 +3046,16 @@ function buildSubjectFromSession() { if($id == 43 && array_key_exists('locadmin',$_REQUEST) && $_REQUEST['locadmin'] > 0 && $ticketvalidation == TRUE) { $memid = $_REQUEST['userid'] = intval($_REQUEST['locadmin']); + if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change location admin status',$ticketno)) { + showheader(_("Something went wrong")); + echo _("Writing to the admin log failed. Can't continue."); + showfooter(); + exit; + } $query = "select * from `users` where `id`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['locadmin']; mysql_query("update `users` set `locadmin`='$ver' where `id`='$memid'"); - write_se_log($memid, $_SESSION['profile']['id'],'SE Change location admin status',$ticketno); }elseif($id == 43 && array_key_exists('locadmin',$_REQUEST) && $_REQUEST['locadmin'] > 0 && $ticketvalidation == FALSE){ $_REQUEST['userid'] = intval($_REQUEST['locadmin']); $_SESSION['ticketmsg']='No action taken. Ticket number is missing!'; @@ -3005,11 +3065,16 @@ function buildSubjectFromSession() { { csrf_check('admsetadmin'); $memid = $_REQUEST['userid'] = intval($_REQUEST['admin']); + if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change SE status',$ticketno)) { + showheader(_("Something went wrong")); + echo _("Writing to the admin log failed. Can't continue."); + showfooter(); + exit; + } $query = "select * from `users` where `id`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['admin']; mysql_query("update `users` set `admin`='$ver' where `id`='$memid'"); - write_se_log($memid, $_SESSION['profile']['id'],'SE Change SE status',$ticketno); }elseif($id == 43 && array_key_exists('admin',$_REQUEST) && $_REQUEST['admin'] > 0 && $ticketvalidation == FALSE){ $_REQUEST['userid'] = intval($_REQUEST['admin']); $_SESSION['ticketmsg']='No action taken. Ticket number is missing!'; @@ -3018,11 +3083,16 @@ function buildSubjectFromSession() { if($id == 43 && array_key_exists('general',$_REQUEST) && $_REQUEST['general'] > 0 && $ticketvalidation == TRUE) { $memid = $_REQUEST['userid'] = intval($_REQUEST['general']); + if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change general status',$ticketno)) { + showheader(_("Something went wrong")); + echo _("Writing to the admin log failed. Can't continue."); + showfooter(); + exit; + } $query = "select * from `alerts` where `memid`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['general']; mysql_query("update `alerts` set `general`='$ver' where `memid`='$memid'"); - write_se_log($memid, $_SESSION['profile']['id'],'SE Change general status',$ticketno); }elseif($id == 43 && array_key_exists('general',$_REQUEST) && $_REQUEST['general'] > 0 && $ticketvalidation == FALSE){ $_REQUEST['userid'] = intval($_REQUEST['general']); $_SESSION['ticketmsg']='No action taken. Ticket number is missing!'; @@ -3031,11 +3101,16 @@ function buildSubjectFromSession() { if($id == 43 && array_key_exists('country',$_REQUEST) && $_REQUEST['country'] > 0 && $ticketvalidation == TRUE) { $memid = $_REQUEST['userid'] = intval($_REQUEST['country']); + if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change country status',$ticketno)) { + showheader(_("Something went wrong")); + echo _("Writing to the admin log failed. Can't continue."); + showfooter(); + exit; + } $query = "select * from `alerts` where `memid`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['country']; mysql_query("update `alerts` set `country`='$ver' where `memid`='$memid'"); - write_se_log($memid, $_SESSION['profile']['id'],'SE Change country status',$ticketno); }elseif($id == 43 && array_key_exists('country',$_REQUEST) && $_REQUEST['country'] > 0 && $ticketvalidation == FALSE){ $_REQUEST['userid'] = intval($_REQUEST['country']); $_SESSION['ticketmsg']='No action taken. Ticket number is missing!'; @@ -3044,11 +3119,16 @@ function buildSubjectFromSession() { if($id == 43 && array_key_exists('regional',$_REQUEST) && $_REQUEST['regional'] > 0 && $ticketvalidation == TRUE) { $memid = $_REQUEST['userid'] = intval($_REQUEST['regional']); + if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change regional status',$ticketno)) { + showheader(_("Something went wrong")); + echo _("Writing to the admin log failed. Can't continue."); + showfooter(); + exit; + } $query = "select * from `alerts` where `memid`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['regional']; mysql_query("update `alerts` set `regional`='$ver' where `memid`='$memid'"); - write_se_log($memid, $_SESSION['profile']['id'],'SE Change regional status',$ticketno); }elseif($id == 43 && array_key_exists('regional',$_REQUEST) && $_REQUEST['regional'] > 0 && $ticketvalidation == FALSE){ $_REQUEST['userid'] = intval($_REQUEST['regional']); $_SESSION['ticketmsg']='No action taken. Ticket number is missing!'; @@ -3057,11 +3137,16 @@ function buildSubjectFromSession() { if($id == 43 && array_key_exists('radius',$_REQUEST) && $_REQUEST['radius'] > 0 && $ticketvalidation == TRUE) { $memid = $_REQUEST['userid'] = intval($_REQUEST['radius']); + if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change radius status',$ticketno)) { + showheader(_("Something went wrong")); + echo _("Writing to the admin log failed. Can't continue."); + showfooter(); + exit; + } $query = "select * from `alerts` where `memid`='$memid'"; $row = mysql_fetch_assoc(mysql_query($query)); $ver = !$row['radius']; mysql_query("update `alerts` set `radius`='$ver' where `memid`='$memid'"); - write_se_log($memid, $_SESSION['profile']['id'],'SE Change radius status',$ticketno); }elseif($id == 43 && array_key_exists('radius',$_REQUEST) && $_REQUEST['radius'] > 0 && $ticketvalidation == false){ $_REQUEST['userid'] = intval($_REQUEST['radius']); $_SESSION['ticketmsg']='No action taken. Ticket number is missing!'; @@ -3125,8 +3210,14 @@ function buildSubjectFromSession() { showfooter(); exit; } + if (!write_se_log(intval($_REQUEST['userid']), $_SESSION['profile']['id'], 'SE Account delete', trim($_REQUEST['arbitrationno']))) { + showheader(_("Something went wrong")); + echo _("Writing to the admin log failed. Can't continue."); + printf('<br/><a href="account.php?id=43&userid=' . intval($_REQUEST['userid']) . '">' . _('Back to previous page.') .'</a>'); + showfooter(); + exit; + } account_delete(intval($_REQUEST['userid']), trim($_REQUEST['arbitrationno']), $_SESSION['profile']['id']); - write_se_log(intval($_REQUEST['userid']), $_SESSION['profile']['id'], 'SE Account delete', trim($_REQUEST['arbitrationno'])); } if(($id == 51 || $id == 52 || $oldid == 52)) diff --git a/includes/notary.inc.php b/includes/notary.inc.php index d9724cc..4ec1e4e 100644 --- a/includes/notary.inc.php +++ b/includes/notary.inc.php @@ -1243,14 +1243,13 @@ function get_user_agreements($memid, $type=null, $active=null){ } /** - * write_se_log() - * writes an information to the adminlog + * Write some information to the adminlog * - * @param mixed $uid - id of the user account - * @param mixed $adminid - id of the admin - * @param mixed $type - what was changed - * @param mixed $info - the ticket / arbitration no or other information - * @return + * @param int $uid - id of the user account + * @param int $adminid - id of the admin + * @param string $type - the operation that was performed on the user account + * @param string $info - the ticket / arbitration number or other information + * @return bool - true := success, false := error */ function write_se_log($uid, $adminid, $type, $info){ //records all support engineer actions changing a user account @@ -1260,7 +1259,7 @@ function write_se_log($uid, $adminid, $type, $info){ $info = mysql_real_escape_string($info); $query="insert into `adminlog` (`when`, `uid`, `adminid`,`type`,`information`) values (Now(), $uid, $adminid, '$type', '$info')"; - mysql_query($query); + return mysql_query($query); } /** diff --git a/pages/account/43.php b/pages/account/43.php index b055add..b4f2465 100644 --- a/pages/account/43.php +++ b/pages/account/43.php @@ -127,16 +127,20 @@ if(intval($_REQUEST['userid']) > 0) { //deletes an assurance if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0 && $ticketvalidation == true) { - $assurance = mysql_escape_string(intval($_REQUEST['assurance'])); - $trow = 0; - $res = mysql_query("select `to` from `notary` where `id`='$assurance'"); - if ($res) { - $trow = mysql_fetch_assoc($res); - } - mysql_query("update `notary` set `deleted`=NOW() where `id`='$assurance'"); - if ($trow) { - fix_assurer_flag($trow['to']); - write_se_log($userid, $_SESSION['profile']['id'], 'SE assurance revoke', $ticketno); + if (!write_se_log($userid, $_SESSION['profile']['id'], 'SE assurance revoke', $ticketno)) { + $ticketmsg=_("Writing to the admin log failed. Can't continue."); + } else { + $assurance = mysql_escape_string(intval($_REQUEST['assurance'])); + $trow = 0; + $res = mysql_query("select `to` from `notary` where `id`='$assurance'"); + if ($res) { + $trow = mysql_fetch_assoc($res); + } + + mysql_query("update `notary` set `deleted`=NOW() where `id`='$assurance'"); + if ($trow) { + fix_assurer_flag($trow['to']); + } } } elseif(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0 && $ticketvalidation == FALSE) { $ticketmsg=_('No assurance revoked. Ticket number is missing!'); @@ -314,7 +318,16 @@ if(intval($_REQUEST['userid']) > 0) { <? // This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!! if(array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==true) { - write_se_log($userid, $_SESSION['profile']['id'], 'SE view lost password information', $ticketno); + if (!write_se_log($userid, $_SESSION['profile']['id'], 'SE view lost password information', $ticketno)) { + ?> + <tr> + <td class="DataTD" colspan="2"><?=_("Writing to the admin log failed. Can't continue.")?></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><a href="account.php?id=43&userid=<?=$row['id']?>&showlostpw=yes&ticketno=<?=$ticketno?>"><?=_("Show Lost Password Details")?></a></td> + </tr> + <? + } else { ?> <tr> <td class="DataTD"><?=_("Lost Password")?> - Q1:</td> @@ -357,6 +370,7 @@ if(intval($_REQUEST['userid']) > 0) { <td class="DataTD"><?=sanitizeHTML($row['A5'])?></td> </tr> <? + } } elseif (array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==false) { ?> <tr> diff --git a/pages/account/59.php b/pages/account/59.php index ae9ec09..e9643d0 100644 --- a/pages/account/59.php +++ b/pages/account/59.php @@ -52,7 +52,12 @@ if (!valid_ticket_number($ticketno) && $support == 1) { exit; } if ( $support == 1) { - write_se_log($userid, $_SESSION['profile']['id'], 'SE View account history', $_REQUEST['ticketno']); + if (!write_se_log($userid, $_SESSION['profile']['id'], 'SE View account history', $_REQUEST['ticketno'])) { + echo _("Writing to the admin log failed. Can't continue."); + printf('<br/><a href="account.php?id=43&userid=' . intval($_REQUEST['userid']) . '">' . _('Back to previous page.') .'</a>'); + showfooter(); + exit; + } } ?> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> |