diff options
| author | Michael Tänzer <neo@nhng.de> | 2014-01-15 01:15:15 +0100 |
|---|---|---|
| committer | Michael Tänzer <neo@nhng.de> | 2014-01-15 01:15:15 +0100 |
| commit | e525adb1fcd467f68b9d6f3b685f6736ad8e7b09 (patch) | |
| tree | 8971ced37d9004453950c2a7ee1d8531ccba5a57 /includes | |
| parent | 6238e3b56e965aeb8eaa3345af330e96714f3989 (diff) | |
| parent | bc5cb72198019f4b27aa8e11b250c65cc8ca5717 (diff) | |
| download | cacert-devel-e525adb1fcd467f68b9d6f3b685f6736ad8e7b09.tar.gz cacert-devel-e525adb1fcd467f68b9d6f3b685f6736ad8e7b09.tar.xz cacert-devel-e525adb1fcd467f68b9d6f3b685f6736ad8e7b09.zip | |
Merge branch 'release' into bug-440bug-440
Conflicts:
includes/account.php
Signed-off-by: Michael Tänzer <neo@nhng.de>
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/account.php | 96 | ||||
| -rw-r--r-- | includes/notary.inc.php | 71 |
2 files changed, 101 insertions, 66 deletions
diff --git a/includes/account.php b/includes/account.php index 08718c5..7c3748d 100644 --- a/includes/account.php +++ b/includes/account.php @@ -73,14 +73,16 @@ function buildSubjectFromSession() { return buildSubject(array_unique($domains)); } - $id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']); - $oldid = 0; if(array_key_exists("oldid",$_REQUEST)) $oldid=intval($_REQUEST['oldid']); - $process = ""; if(array_key_exists("process",$_REQUEST)) $process=$_REQUEST['process']; + $id = array_key_exists("id",$_REQUEST) ? intval($_REQUEST['id']) : 0; + $oldid = array_key_exists("oldid",$_REQUEST) ? intval($_REQUEST['oldid']) : 0; + $process = array_key_exists("process",$_REQUEST) ? $_REQUEST['process'] : ""; +// $showdetalis refers to Secret Question and Answers from account/13.php + $showdetails = array_key_exists("showdetails",$_REQUEST) ? intval($_REQUEST['showdetails']) : 0; - $cert=0; if(array_key_exists('cert',$_REQUEST)) $cert=intval($_REQUEST['cert']); - $orgid=0; if(array_key_exists('orgid',$_REQUEST)) $orgid=intval($_REQUEST['orgid']); - $memid=0; if(array_key_exists('memid',$_REQUEST)) $memid=intval($_REQUEST['memid']); - $domid=0; if(array_key_exists('domid',$_REQUEST)) $domid=intval($_REQUEST['domid']); + $cert = array_key_exists('cert',$_REQUEST) ? intval($_REQUEST['cert']) : 0; + $orgid = array_key_exists('orgid',$_REQUEST) ? intval($_REQUEST['orgid']) : 0; + $memid = array_key_exists('memid',$_REQUEST) ? intval($_REQUEST['memid']) : 0; + $domid = array_key_exists('domid',$_REQUEST) ? intval($_REQUEST['domid']) : 0; if(!$_SESSION['mconn']) @@ -1189,25 +1191,7 @@ function buildSubjectFromSession() { exit; } - - if($oldid == 6 && $_REQUEST['certid'] != "") - { - if(trim($_REQUEST['description']) != ""){ - $description= trim(mysql_real_escape_string(stripslashes($_REQUEST['description']))); - }else{ - $description= ""; - } - - if(trim($_REQUEST['disablelogin']) == "1"){ - $disablelogin = 1; - }else{ - $disablelogin = 0; - } - - mysql_query("update `emailcerts` set `disablelogin`='$disablelogin', `description`='$description' where `id`='".$_REQUEST['certid']."' and `memid`='".$_SESSION['profile']['id']."'"); - } - - if($oldid == 13 && $process != "") + if($oldid == 13 && $process != "" && $showdetails!="") { csrf_check("perschange"); $_SESSION['_config']['user'] = $_SESSION['profile']; @@ -1315,18 +1299,20 @@ function buildSubjectFromSession() { where `id`='".$_SESSION['profile']['id']."'"; mysql_query($query); } - $query = "update `users` set `Q1`='".$_SESSION['_config']['user']['Q1']."', - `Q2`='".$_SESSION['_config']['user']['Q2']."', - `Q3`='".$_SESSION['_config']['user']['Q3']."', - `Q4`='".$_SESSION['_config']['user']['Q4']."', - `Q5`='".$_SESSION['_config']['user']['Q5']."', - `A1`='".$_SESSION['_config']['user']['A1']."', - `A2`='".$_SESSION['_config']['user']['A2']."', - `A3`='".$_SESSION['_config']['user']['A3']."', - `A4`='".$_SESSION['_config']['user']['A4']."', - `A5`='".$_SESSION['_config']['user']['A5']."' - where `id`='".$_SESSION['profile']['id']."'"; - mysql_query($query); + if ($showdetails!="") { + $query = "update `users` set `Q1`='".$_SESSION['_config']['user']['Q1']."', + `Q2`='".$_SESSION['_config']['user']['Q2']."', + `Q3`='".$_SESSION['_config']['user']['Q3']."', + `Q4`='".$_SESSION['_config']['user']['Q4']."', + `Q5`='".$_SESSION['_config']['user']['Q5']."', + `A1`='".$_SESSION['_config']['user']['A1']."', + `A2`='".$_SESSION['_config']['user']['A2']."', + `A3`='".$_SESSION['_config']['user']['A3']."', + `A4`='".$_SESSION['_config']['user']['A4']."', + `A5`='".$_SESSION['_config']['user']['A5']."' + where `id`='".$_SESSION['profile']['id']."'"; + mysql_query($query); + } //!!!Should be rewritten $_SESSION['_config']['user']['otphash'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otphash'])))); @@ -1541,6 +1527,7 @@ function buildSubjectFromSession() { $query = "insert into `orgemailcerts` set `CN`='$defaultemail', + `ou`='".$_SESSION['_config']['OU']."', `keytype`='NS', `orgid`='".$org['orgid']."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), @@ -1631,6 +1618,7 @@ function buildSubjectFromSession() { $query = "insert into `orgemailcerts` set `CN`='$defaultemail', + `ou`='".$_SESSION['_config']['OU']."', `keytype`='" . sanitizeHTML($_REQUEST['keytype']) . "', `orgid`='".$org['orgid']."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), @@ -1706,6 +1694,7 @@ function buildSubjectFromSession() { $query = "insert into `orgemailcerts` set `orgid`='".$row['orgid']."', `CN`='".$row['CN']."', + `ou`='".$row['ou']."', `subject`='".$row['subject']."', `keytype`='".$row['keytype']."', `csr_name`='".$row['csr_name']."', @@ -1822,6 +1811,21 @@ function buildSubjectFromSession() { exit; } + if($oldid == 18 && array_key_exists('filter',$_REQUEST) && $_REQUEST['filter']!= "") + { + $id=18; + $_SESSION['_config']['orgfilterid']=$_REQUEST['orgfilterid']; + $_SESSION['_config']['sorting']=$_REQUEST['sorting']; + $_SESSION['_config']['status']=$_REQUEST['status']; + } + + if($oldid == 18 && array_key_exists('reset',$_REQUEST) && $_REQUEST['reset']!= "") + { + $id=18; + $_SESSION['_config']['orgfilterid']=0; + $_SESSION['_config']['sorting']=0; + $_SESSION['_config']['status']=0; + } if($process != "" && $oldid == 20) { @@ -2165,6 +2169,22 @@ function buildSubjectFromSession() { exit; } + if($oldid == 22 && array_key_exists('filter',$_REQUEST) && $_REQUEST['filter']!= "") + { + $id=22; + $_SESSION['_config']['dorgfilterid']=$_REQUEST['dorgfilterid']; + $_SESSION['_config']['dsorting']=$_REQUEST['dsorting']; + $_SESSION['_config']['dstatus']=$_REQUEST['dstatus']; + } + + if($oldid == 22 && array_key_exists('reset',$_REQUEST) && $_REQUEST['reset']!= "") + { + $id=22; + $_SESSION['_config']['dorgfilterid']=0; + $_SESSION['_config']['dsorting']=0; + $_SESSION['_config']['dstatus']=0; + } + if(($id == 24 || $oldid == 24 || $id == 25 || $oldid == 25 || $id == 26 || $oldid == 26 || $id == 27 || $oldid == 27 || $id == 28 || $oldid == 28 || $id == 29 || $oldid == 29 || diff --git a/includes/notary.inc.php b/includes/notary.inc.php index 1f0ec92..b34b2f4 100644 --- a/includes/notary.inc.php +++ b/includes/notary.inc.php @@ -639,10 +639,16 @@ $res = mysql_query($query); } + /** + * get_user_agreement_status() + * returns 1 if the user has an entry for the given type in user_agreement, 0 if no entry is recorded + * @param mixed $memid + * @param string $type + * @return + */ function get_user_agreement_status($memid, $type="CCA"){ - //returns 0 - no user agreement, 1- at least one entry $query="SELECT u.`document` FROM `user_agreements` u - WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." or u.`secmemid`=".$memid.")" ; + WHERE u.`document` = '" . mysql_real_escape_string($type) . "' AND u.`memid`=" . intval($memid) ; $res = mysql_query($query); if(mysql_num_rows($res) <=0){ return 0; @@ -651,53 +657,62 @@ } } + /** + * get_first_user_agreement() + * returns the first user_agreement entry of the requested type depending on thes status of active of a given user + * @param mixed $memid + * @param integer $active, 0 - passive, 1 -active + * @param string $type + * @return + */ function get_first_user_agreement($memid, $active=1, $type="CCA"){ //returns an array (`document`,`date`,`method`, `comment`,`active`) - if($active==1){ - $filter="u.`memid`=".$memid; - }else{ - $filter="u.`secmemid`=".$memid; - } - $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM `user_agreements` u - WHERE u.`document` = '".$type."' AND ".$filter." - ORDER BY u.`date` Limit 1;"; + $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM `user_agreements` AS u + WHERE u.`document` = '" . mysql_real_escape_string($type) . "' AND u.`memid`=" . intval($memid) . " AND u.`active`=" . intval($active) . + " ORDER BY u.`date` Limit 1;"; $res = mysql_query($query); if(mysql_num_rows($res) >0){ - $row = mysql_fetch_assoc($res); - $rec['document']= $row['document']; - $rec['date']= $row['date']; - $rec['method']= $row['method']; - $rec['comment']= $row['comment']; - $rec['active']= $row['active']; + $rec = mysql_fetch_assoc($res); }else{ $rec=array(); } return $rec; } + /** + * get_last_user_agreement() + * returns the last user_agreement entry of a given type and of a given user + * @param mixed $memid + * @param string $type + * @return + */ function get_last_user_agreement($memid, $type="CCA"){ //returns an array (`document`,`date`,`method`, `comment`,`active`) - $query="(SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 1 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND (u.`memid`=".$memid." ) order by `date` desc limit 1) - union - (SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 0 as `active` FROM user_agreements u WHERE u.`document` = '".$type."' AND ( u.`secmemid`=".$memid.")) order by `date` desc limit 1" ; + $query="SELECT u.`document`, u.`date`, u.`method`, u.`comment`, u.`active` FROM user_agreements u WHERE u.`document` = '" . mysql_real_escape_string($type) . "' AND (u.`memid`=" . intval($memid) . " ) order by `date` desc limit 1 " ; $res = mysql_query($query); if(mysql_num_rows($res) >0){ - $row = mysql_fetch_assoc($res); - $rec['document']= $row['document']; - $rec['date']= $row['date']; - $rec['method']= $row['method']; - $rec['comment']= $row['comment']; - $rec['active']= $row['active']; + $rec = mysql_fetch_assoc($res); }else{ $rec=array(); } return $rec; } - function delete_user_agreement($memid, $type="CCA"){ + /** + * delete_user_agreement() + * deletes all entries for a given type from user_agreement of a given user, if type is not given all + * @param mixed $memid + * @param string $type + * @return + */ + function delete_user_agreement($memid, $type=false){ //deletes all entries to an user for the given type of user agreements - mysql_query("delete from `user_agreements` where `memid`='".$memid."'"); - mysql_query("delete from `user_agreements` where `secmemid`='".$memid."'"); + if ($type === false) { + $filter = ''; + } else { + $filter = " and `document` = '" . mysql_real_escape_string($type) . "'"; + } + mysql_query("delete from `user_agreements` where `memid`=" . intval($memid) . $filter ); } // functions for 6.php (assure somebody) |