summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Tänzer <neo@nhng.de>2014-04-02 01:02:23 +0200
committerMichael Tänzer <neo@nhng.de>2014-04-02 01:02:23 +0200
commitefcc291e3a7e1413bf6340ba76ae1ae11b62b05f (patch)
tree7d26811f09099b7648af0863412725192f68b356
parentd44ae6a04770b7abb0bcf2784b16fdcddc9ad9ac (diff)
downloadcacert-devel-efcc291e3a7e1413bf6340ba76ae1ae11b62b05f.tar.gz
cacert-devel-efcc291e3a7e1413bf6340ba76ae1ae11b62b05f.tar.xz
cacert-devel-efcc291e3a7e1413bf6340ba76ae1ae11b62b05f.zip
bug 1138: Error handling when inserting to the admin log
Signed-off-by: Michael Tänzer <neo@nhng.de>
-rw-r--r--includes/account.php129
-rw-r--r--includes/notary.inc.php15
-rw-r--r--pages/account/43.php36
-rw-r--r--pages/account/59.php7
4 files changed, 148 insertions, 39 deletions
diff --git a/includes/account.php b/includes/account.php
index 4e59a00..44a0cb8 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -2704,6 +2704,13 @@ function buildSubjectFromSession() {
{
$id = 43;
$oldid=0;
+ $userid = intval($_REQUEST['userid']);
+ if (!write_se_log($userid, $_SESSION['profile']['id'],'SE Name/DOB Change',$ticketno)) {
+ showheader(_("Something went wrong"));
+ echo _("Writing to the admin log failed. Can't continue.");
+ showfooter();
+ exit;
+ }
$fname = mysql_real_escape_string($_REQUEST['fname']);
$mname = mysql_real_escape_string($_REQUEST['mname']);
$lname = mysql_real_escape_string($_REQUEST['lname']);
@@ -2711,10 +2718,8 @@ function buildSubjectFromSession() {
$day = intval($_REQUEST['day']);
$month = intval($_REQUEST['month']);
$year = intval($_REQUEST['year']);
- $userid = intval($_REQUEST['userid']);
$query = "update `users` set `fname`='$fname',`mname`='$mname',`lname`='$lname',`suffix`='$suffix',`dob`='$year-$month-$day' where `id`='$userid'";
mysql_query($query);
- write_se_log($userid, $_SESSION['profile']['id'],'SE Name/DOB Change',$ticketno);
}elseif($oldid == 43 && $actionrequest == "updatedob" && $ticketvalidation == FALSE){
$id = 43;
$oldid=0;
@@ -2724,8 +2729,13 @@ function buildSubjectFromSession() {
if($oldid == 43 && $actionrequest == 'revokecert' && $ticketvalidation == TRUE)
{
$userid = intval($_REQUEST['userid']);
+ if (!write_se_log($userid, $_SESSION['profile']['id'], 'SE Revoke all certificates',$ticketno)) {
+ showheader(_("Something went wrong"));
+ echo _("Writing to the admin log failed. Can't continue.");
+ showfooter();
+ exit;
+ }
revoke_all_private_cert($userid);
- write_se_log($userid, $_SESSION['profile']['id'], 'SE Revoke all certificates',$ticketno);
$id=43;
}elseif($oldid == 43 && $actionrequest == "revokecert" && $ticketvalidation == FALSE){
$id = 43;
@@ -2762,6 +2772,12 @@ function buildSubjectFromSession() {
{
echo _("No such user found.");
} else {
+ if (!write_se_log(intval($_REQUEST['userid']), $_SESSION['profile']['id'],'SE reset password',$ticketno)) {
+ showheader(_("Something went wrong"));
+ echo _("Writing to the admin log failed. Can't continue.");
+ showfooter();
+ exit;
+ }
mysql_query("update `users` set `password`=sha1('".mysql_real_escape_string(stripslashes($_REQUEST['newpass']))."') where `id`='".intval($_REQUEST['userid'])."'");
$row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
printf(_("The password for %s has been updated successfully in the system."), sanitizeHTML($row['email']));
@@ -2775,7 +2791,6 @@ function buildSubjectFromSession() {
sendmail($row['email'], "[CAcert.org] "._("Password Update Notification"), $body,
"support@cacert.org", "", "", "CAcert Support");
- write_se_log(intval($_REQUEST['userid']), $_SESSION['profile']['id'],'SE reset password',$ticketno);
}
showfooter();
@@ -2881,11 +2896,16 @@ function buildSubjectFromSession() {
if($id == 43 && array_key_exists('tverify',$_REQUEST) && $_REQUEST['tverify'] > 0 && $ticketvalidation==TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['tverify']);
+ if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change tverify status',$ticketno)) {
+ showheader(_("Something went wrong"));
+ echo _("Writing to the admin log failed. Can't continue.");
+ showfooter();
+ exit;
+ }
$query = "select * from `users` where `id`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['tverify'];
mysql_query("update `users` set `tverify`='$ver' where `id`='$memid'");
- write_se_log($memid, $_SESSION['profile']['id'],'SE Change tverify status',$ticketno);
}else{
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
@@ -2894,11 +2914,16 @@ function buildSubjectFromSession() {
{
csrf_check('admsetassuret');
$memid = $_REQUEST['userid'] = intval($_REQUEST['assurer']);
+ if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change assurer status',$ticketno)) {
+ showheader(_("Something went wrong"));
+ echo _("Writing to the admin log failed. Can't continue.");
+ showfooter();
+ exit;
+ }
$query = "select * from `users` where `id`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['assurer'];
mysql_query("update `users` set `assurer`='$ver' where `id`='$memid'");
- write_se_log($memid, $_SESSION['profile']['id'],'SE Change assurer status',$ticketno);
}elseif($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0 && $ticketvalidation == FALSE){
$_REQUEST['userid'] = intval($_REQUEST['assurer']);
$_SESSION['ticketmsg']='No action (Change assurer status) taken. Ticket number is missing!';
@@ -2907,11 +2932,16 @@ function buildSubjectFromSession() {
if($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0 && $ticketvalidation == TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['assurer_blocked']);
+ if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change assurer blocked status',$ticketno)) {
+ showheader(_("Something went wrong"));
+ echo _("Writing to the admin log failed. Can't continue.");
+ showfooter();
+ exit;
+ }
$query = "select * from `users` where `id`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['assurer_blocked'];
mysql_query("update `users` set `assurer_blocked`='$ver' where `id`='$memid'");
- write_se_log($memid, $_SESSION['profile']['id'],'SE Change assurer blocked status',$ticketno);
}elseif($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0 && $ticketvalidation == FALSE){
$_REQUEST['userid'] = intval($_REQUEST['assurer_blocked']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -2921,11 +2951,16 @@ function buildSubjectFromSession() {
{
csrf_check('admactlock');
$memid = $_REQUEST['userid'] = intval($_REQUEST['locked']);
+ if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change locked status',$ticketno)) {
+ showheader(_("Something went wrong"));
+ echo _("Writing to the admin log failed. Can't continue.");
+ showfooter();
+ exit;
+ }
$query = "select * from `users` where `id`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['locked'];
mysql_query("update `users` set `locked`='$ver' where `id`='$memid'");
- write_se_log($memid, $_SESSION['profile']['id'],'SE Change locked status',$ticketno);
}elseif($id == 43 && array_key_exists('locked',$_REQUEST) && $_REQUEST['locked'] > 0 && $ticketvalidation == FALSE){
$_REQUEST['userid'] = intval($_REQUEST['locked']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -2935,11 +2970,16 @@ function buildSubjectFromSession() {
{
csrf_check('admcodesign');
$memid = $_REQUEST['userid'] = intval($_REQUEST['codesign']);
+ if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change codesign status',$ticketno)) {
+ showheader(_("Something went wrong"));
+ echo _("Writing to the admin log failed. Can't continue.");
+ showfooter();
+ exit;
+ }
$query = "select * from `users` where `id`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['codesign'];
mysql_query("update `users` set `codesign`='$ver' where `id`='$memid'");
- write_se_log($memid, $_SESSION['profile']['id'],'SE Change codesign status',$ticketno);
}elseif($id == 43 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] > 0 && $ticketvalidation == FALSE){
$_REQUEST['userid'] = intval($_REQUEST['codesign']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -2949,11 +2989,16 @@ function buildSubjectFromSession() {
{
csrf_check('admorgadmin');
$memid = $_REQUEST['userid'] = intval($_REQUEST['orgadmin']);
+ if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change org assuer status',$ticketno)) {
+ showheader(_("Something went wrong"));
+ echo _("Writing to the admin log failed. Can't continue.");
+ showfooter();
+ exit;
+ }
$query = "select * from `users` where `id`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['orgadmin'];
mysql_query("update `users` set `orgadmin`='$ver' where `id`='$memid'");
- write_se_log($memid, $_SESSION['profile']['id'],'SE Change org assuer status',$ticketno);
}elseif($id == 43 && array_key_exists('orgadmin',$_REQUEST) && $_REQUEST['orgadmin'] > 0 && $ticketvalidation == FALSE){
$_REQUEST['userid'] = intval($_REQUEST['orgadmin']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -2963,11 +3008,16 @@ function buildSubjectFromSession() {
{
csrf_check('admttpadmin');
$memid = $_REQUEST['userid'] = intval($_REQUEST['ttpadmin']);
+ if(!write_se_log($memid, $_SESSION['profile']['id'],'SE Change ttp admin status',$ticketno)) {
+ showheader(_("Something went wrong"));
+ echo _("Writing to the admin log failed. Can't continue.");
+ showfooter();
+ exit;
+ }
$query = "select * from `users` where `id`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['ttpadmin'];
mysql_query("update `users` set `ttpadmin`='$ver' where `id`='$memid'");
- write_se_log($memid, $_SESSION['profile']['id'],'SE Change ttp admin status',$ticketno);
}elseif($id == 43 && array_key_exists('ttpadmin',$_REQUEST) && $_REQUEST['ttpadmin'] > 0 && $ticketvalidation == FALSE){
$_REQUEST['userid'] = intval($_REQUEST['ttpadmin']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -2976,13 +3026,18 @@ function buildSubjectFromSession() {
if($id == 43 && array_key_exists('adadmin',$_REQUEST) && $_REQUEST['adadmin'] > 0 && $ticketvalidation == TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['adadmin']);
+ if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change advertising admin status',$ticketno)) {
+ showheader(_("Something went wrong"));
+ echo _("Writing to the admin log failed. Can't continue.");
+ showfooter();
+ exit;
+ }
$query = "select * from `users` where `id`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = $row['adadmin'] + 1;
if($ver > 2)
$ver = 0;
mysql_query("update `users` set `adadmin`='$ver' where `id`='$memid'");
- write_se_log($memid, $_SESSION['profile']['id'],'SE Change advertising admin status',$ticketno);
}elseif($id == 43 && array_key_exists('adadmin',$_REQUEST) && $_REQUEST['adadmin'] > 0 && $ticketvalidation == FALSE){
$_REQUEST['userid'] = intval($_REQUEST['adadmin']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -2991,11 +3046,16 @@ function buildSubjectFromSession() {
if($id == 43 && array_key_exists('locadmin',$_REQUEST) && $_REQUEST['locadmin'] > 0 && $ticketvalidation == TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['locadmin']);
+ if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change location admin status',$ticketno)) {
+ showheader(_("Something went wrong"));
+ echo _("Writing to the admin log failed. Can't continue.");
+ showfooter();
+ exit;
+ }
$query = "select * from `users` where `id`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['locadmin'];
mysql_query("update `users` set `locadmin`='$ver' where `id`='$memid'");
- write_se_log($memid, $_SESSION['profile']['id'],'SE Change location admin status',$ticketno);
}elseif($id == 43 && array_key_exists('locadmin',$_REQUEST) && $_REQUEST['locadmin'] > 0 && $ticketvalidation == FALSE){
$_REQUEST['userid'] = intval($_REQUEST['locadmin']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -3005,11 +3065,16 @@ function buildSubjectFromSession() {
{
csrf_check('admsetadmin');
$memid = $_REQUEST['userid'] = intval($_REQUEST['admin']);
+ if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change SE status',$ticketno)) {
+ showheader(_("Something went wrong"));
+ echo _("Writing to the admin log failed. Can't continue.");
+ showfooter();
+ exit;
+ }
$query = "select * from `users` where `id`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['admin'];
mysql_query("update `users` set `admin`='$ver' where `id`='$memid'");
- write_se_log($memid, $_SESSION['profile']['id'],'SE Change SE status',$ticketno);
}elseif($id == 43 && array_key_exists('admin',$_REQUEST) && $_REQUEST['admin'] > 0 && $ticketvalidation == FALSE){
$_REQUEST['userid'] = intval($_REQUEST['admin']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -3018,11 +3083,16 @@ function buildSubjectFromSession() {
if($id == 43 && array_key_exists('general',$_REQUEST) && $_REQUEST['general'] > 0 && $ticketvalidation == TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['general']);
+ if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change general status',$ticketno)) {
+ showheader(_("Something went wrong"));
+ echo _("Writing to the admin log failed. Can't continue.");
+ showfooter();
+ exit;
+ }
$query = "select * from `alerts` where `memid`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['general'];
mysql_query("update `alerts` set `general`='$ver' where `memid`='$memid'");
- write_se_log($memid, $_SESSION['profile']['id'],'SE Change general status',$ticketno);
}elseif($id == 43 && array_key_exists('general',$_REQUEST) && $_REQUEST['general'] > 0 && $ticketvalidation == FALSE){
$_REQUEST['userid'] = intval($_REQUEST['general']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -3031,11 +3101,16 @@ function buildSubjectFromSession() {
if($id == 43 && array_key_exists('country',$_REQUEST) && $_REQUEST['country'] > 0 && $ticketvalidation == TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['country']);
+ if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change country status',$ticketno)) {
+ showheader(_("Something went wrong"));
+ echo _("Writing to the admin log failed. Can't continue.");
+ showfooter();
+ exit;
+ }
$query = "select * from `alerts` where `memid`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['country'];
mysql_query("update `alerts` set `country`='$ver' where `memid`='$memid'");
- write_se_log($memid, $_SESSION['profile']['id'],'SE Change country status',$ticketno);
}elseif($id == 43 && array_key_exists('country',$_REQUEST) && $_REQUEST['country'] > 0 && $ticketvalidation == FALSE){
$_REQUEST['userid'] = intval($_REQUEST['country']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -3044,11 +3119,16 @@ function buildSubjectFromSession() {
if($id == 43 && array_key_exists('regional',$_REQUEST) && $_REQUEST['regional'] > 0 && $ticketvalidation == TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['regional']);
+ if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change regional status',$ticketno)) {
+ showheader(_("Something went wrong"));
+ echo _("Writing to the admin log failed. Can't continue.");
+ showfooter();
+ exit;
+ }
$query = "select * from `alerts` where `memid`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['regional'];
mysql_query("update `alerts` set `regional`='$ver' where `memid`='$memid'");
- write_se_log($memid, $_SESSION['profile']['id'],'SE Change regional status',$ticketno);
}elseif($id == 43 && array_key_exists('regional',$_REQUEST) && $_REQUEST['regional'] > 0 && $ticketvalidation == FALSE){
$_REQUEST['userid'] = intval($_REQUEST['regional']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -3057,11 +3137,16 @@ function buildSubjectFromSession() {
if($id == 43 && array_key_exists('radius',$_REQUEST) && $_REQUEST['radius'] > 0 && $ticketvalidation == TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['radius']);
+ if (!write_se_log($memid, $_SESSION['profile']['id'],'SE Change radius status',$ticketno)) {
+ showheader(_("Something went wrong"));
+ echo _("Writing to the admin log failed. Can't continue.");
+ showfooter();
+ exit;
+ }
$query = "select * from `alerts` where `memid`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['radius'];
mysql_query("update `alerts` set `radius`='$ver' where `memid`='$memid'");
- write_se_log($memid, $_SESSION['profile']['id'],'SE Change radius status',$ticketno);
}elseif($id == 43 && array_key_exists('radius',$_REQUEST) && $_REQUEST['radius'] > 0 && $ticketvalidation == false){
$_REQUEST['userid'] = intval($_REQUEST['radius']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
@@ -3125,8 +3210,14 @@ function buildSubjectFromSession() {
showfooter();
exit;
}
+ if (!write_se_log(intval($_REQUEST['userid']), $_SESSION['profile']['id'], 'SE Account delete', trim($_REQUEST['arbitrationno']))) {
+ showheader(_("Something went wrong"));
+ echo _("Writing to the admin log failed. Can't continue.");
+ printf('<br/><a href="account.php?id=43&amp;userid=' . intval($_REQUEST['userid']) . '">' . _('Back to previous page.') .'</a>');
+ showfooter();
+ exit;
+ }
account_delete(intval($_REQUEST['userid']), trim($_REQUEST['arbitrationno']), $_SESSION['profile']['id']);
- write_se_log(intval($_REQUEST['userid']), $_SESSION['profile']['id'], 'SE Account delete', trim($_REQUEST['arbitrationno']));
}
if(($id == 51 || $id == 52 || $oldid == 52))
diff --git a/includes/notary.inc.php b/includes/notary.inc.php
index d9724cc..4ec1e4e 100644
--- a/includes/notary.inc.php
+++ b/includes/notary.inc.php
@@ -1243,14 +1243,13 @@ function get_user_agreements($memid, $type=null, $active=null){
}
/**
- * write_se_log()
- * writes an information to the adminlog
+ * Write some information to the adminlog
*
- * @param mixed $uid - id of the user account
- * @param mixed $adminid - id of the admin
- * @param mixed $type - what was changed
- * @param mixed $info - the ticket / arbitration no or other information
- * @return
+ * @param int $uid - id of the user account
+ * @param int $adminid - id of the admin
+ * @param string $type - the operation that was performed on the user account
+ * @param string $info - the ticket / arbitration number or other information
+ * @return bool - true := success, false := error
*/
function write_se_log($uid, $adminid, $type, $info){
//records all support engineer actions changing a user account
@@ -1260,7 +1259,7 @@ function write_se_log($uid, $adminid, $type, $info){
$info = mysql_real_escape_string($info);
$query="insert into `adminlog` (`when`, `uid`, `adminid`,`type`,`information`) values
(Now(), $uid, $adminid, '$type', '$info')";
- mysql_query($query);
+ return mysql_query($query);
}
/**
diff --git a/pages/account/43.php b/pages/account/43.php
index b055add..b4f2465 100644
--- a/pages/account/43.php
+++ b/pages/account/43.php
@@ -127,16 +127,20 @@ if(intval($_REQUEST['userid']) > 0) {
//deletes an assurance
if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0 && $ticketvalidation == true)
{
- $assurance = mysql_escape_string(intval($_REQUEST['assurance']));
- $trow = 0;
- $res = mysql_query("select `to` from `notary` where `id`='$assurance'");
- if ($res) {
- $trow = mysql_fetch_assoc($res);
- }
- mysql_query("update `notary` set `deleted`=NOW() where `id`='$assurance'");
- if ($trow) {
- fix_assurer_flag($trow['to']);
- write_se_log($userid, $_SESSION['profile']['id'], 'SE assurance revoke', $ticketno);
+ if (!write_se_log($userid, $_SESSION['profile']['id'], 'SE assurance revoke', $ticketno)) {
+ $ticketmsg=_("Writing to the admin log failed. Can't continue.");
+ } else {
+ $assurance = mysql_escape_string(intval($_REQUEST['assurance']));
+ $trow = 0;
+ $res = mysql_query("select `to` from `notary` where `id`='$assurance'");
+ if ($res) {
+ $trow = mysql_fetch_assoc($res);
+ }
+
+ mysql_query("update `notary` set `deleted`=NOW() where `id`='$assurance'");
+ if ($trow) {
+ fix_assurer_flag($trow['to']);
+ }
}
} elseif(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0 && $ticketvalidation == FALSE) {
$ticketmsg=_('No assurance revoked. Ticket number is missing!');
@@ -314,7 +318,16 @@ if(intval($_REQUEST['userid']) > 0) {
<?
// This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!!
if(array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==true) {
- write_se_log($userid, $_SESSION['profile']['id'], 'SE view lost password information', $ticketno);
+ if (!write_se_log($userid, $_SESSION['profile']['id'], 'SE view lost password information', $ticketno)) {
+ ?>
+ <tr>
+ <td class="DataTD" colspan="2"><?=_("Writing to the admin log failed. Can't continue.")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;showlostpw=yes&amp;ticketno=<?=$ticketno?>"><?=_("Show Lost Password Details")?></a></td>
+ </tr>
+ <?
+ } else {
?>
<tr>
<td class="DataTD"><?=_("Lost Password")?> - Q1:</td>
@@ -357,6 +370,7 @@ if(intval($_REQUEST['userid']) > 0) {
<td class="DataTD"><?=sanitizeHTML($row['A5'])?></td>
</tr>
<?
+ }
} elseif (array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==false) {
?>
<tr>
diff --git a/pages/account/59.php b/pages/account/59.php
index ae9ec09..e9643d0 100644
--- a/pages/account/59.php
+++ b/pages/account/59.php
@@ -52,7 +52,12 @@ if (!valid_ticket_number($ticketno) && $support == 1) {
exit;
}
if ( $support == 1) {
- write_se_log($userid, $_SESSION['profile']['id'], 'SE View account history', $_REQUEST['ticketno']);
+ if (!write_se_log($userid, $_SESSION['profile']['id'], 'SE View account history', $_REQUEST['ticketno'])) {
+ echo _("Writing to the admin log failed. Can't continue.");
+ printf('<br/><a href="account.php?id=43&amp;userid=' . intval($_REQUEST['userid']) . '">' . _('Back to previous page.') .'</a>');
+ showfooter();
+ exit;
+ }
}
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">