summaryrefslogtreecommitdiff
path: root/includes
diff options
context:
space:
mode:
authorMichael Tänzer <neo@nhng.de>2013-08-06 23:09:32 +0200
committerMichael Tänzer <neo@nhng.de>2013-08-06 23:56:07 +0200
commit0a982f8ba01b5b47230d7a16aaa624bb9e340207 (patch)
treeb1e23a43702c453e15a7284c0b9d40a02b16b4b0 /includes
parent3cbac6cc51939d04ee6adadcaf07d5b27947d5dc (diff)
parent945f334cc612b6f853d926163815f71242ea342a (diff)
downloadcacert-devel-0a982f8ba01b5b47230d7a16aaa624bb9e340207.tar.gz
cacert-devel-0a982f8ba01b5b47230d7a16aaa624bb9e340207.tar.xz
cacert-devel-0a982f8ba01b5b47230d7a16aaa624bb9e340207.zip
Merge branch 'bug-893' into bug-1136
Conflicts: includes/notary.inc.php Signed-off-by: Michael Tänzer <neo@nhng.de>
Diffstat (limited to 'includes')
-rw-r--r--includes/account.php6
-rw-r--r--includes/notary.inc.php54
2 files changed, 33 insertions, 27 deletions
diff --git a/includes/account.php b/includes/account.php
index 76de567..eae7500 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -2976,11 +2976,11 @@
}
if ( 1 !== preg_match('/^[a-z]\d{8}\.\d+\.\d+$/i',trim($_REQUEST['arbitrationno'])) ) {
showheader(_("My CAcert.org Account!"));
- echo _("You did not enter an arbitration number entry.");
+ printf(_("'%s' is not a valid arbitration number entry."), sanitizeHTML(trim($_REQUEST['arbitrationno'])));
showfooter();
exit;
}
- if (check_email_exists($_REQUEST['arbitrationno'].'@cacert.org')) {
+ if (check_email_exists(trim($_REQUEST['arbitrationno']).'@cacert.org')) {
showheader(_("My CAcert.org Account!"));
printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['arbitrationno'].'@cacert.org'));
showfooter();
@@ -3000,7 +3000,7 @@
showfooter();
exit;
}
- account_delete($_REQUEST['userid'], $_REQUEST['arbitrationno'], $_SESSION['profile']['id']);
+ account_delete($_REQUEST['userid'], trim($_REQUEST['arbitrationno']), $_SESSION['profile']['id']);
}
if(($id == 51 || $id == 52 || $oldid == 52) && $_SESSION['profile']['tverify'] <= 0)
diff --git a/includes/notary.inc.php b/includes/notary.inc.php
index 55f731c..1ca6ba1 100644
--- a/includes/notary.inc.php
+++ b/includes/notary.inc.php
@@ -838,24 +838,27 @@
mysql_query($query);
//delete all other email address
- $query = "select * from `email` where `memid`='".$id."' and `id`!='".$emailid."'" ;
+ $query = "select `id` from `email` where `memid`='".$id."' and `id`!='".$emailid."'" ;
$res=mysql_query($query);
while($row = mysql_fetch_assoc($res)){
account_email_delete($row['id']);
}
//delete all domains
- $query = "select * from `domains` where `memid`='".$id."'";
+ $query = "select `id` from `domains` where `memid`='".$id."'";
$res=mysql_query($query);
while($row = mysql_fetch_assoc($res)){
account_domain_delete($row['id']);
}
//clear alert settings
- mysql_query("update `alerts` set `general`='0' where `memid`='$id'");
- mysql_query("update `alerts` set `country`='0' where `memid`='$id'");
- mysql_query("update `alerts` set `regional`='0' where `memid`='$id'");
- mysql_query("update `alerts` set `radius`='0' where `memid`='$id'");
+ mysql_query(
+ "update `alerts` set
+ `general`='0',
+ `country`='0',
+ `regional`='0',
+ `radius`='0'
+ where `memid`='$id'");
//set default location
$query = "update `users` set `locid`='2256755', `regid`='243', `ccid`='12' where `id`='".$id."'";
@@ -899,16 +902,19 @@
mysql_query($query);
//clear all admin and board flags
- mysql_query("update `users` set `assurer`='0' where `id`='$id'");
- mysql_query("update `users` set `assurer_blocked`='0' where `id`='$id'");
- mysql_query("update `users` set `codesign`='0' where `id`='$id'");
- mysql_query("update `users` set `orgadmin`='0' where `id`='$id'");
- mysql_query("update `users` set `ttpadmin`='0' where `id`='$id'");
- mysql_query("update `users` set `locadmin`='0' where `id`='$id'");
- mysql_query("update `users` set `admin`='0' where `id`='$id'");
- mysql_query("update `users` set `adadmin`='0' where `id`='$id'");
- mysql_query("update `users` set `tverify`='0' where `id`='$id'");
- mysql_query("update `users` set `board`='0' where `id`='$id'");
+ mysql_query(
+ "update `users` set
+ `assurer`='0',
+ `assurer_blocked`='0',
+ `codesign`='0',
+ `orgadmin`='0',
+ `ttpadmin`='0',
+ `locadmin`='0',
+ `admin`='0',
+ `adadmin`='0',
+ `tverify`='0',
+ `board`='0'
+ where `id`='$id'");
//block account
mysql_query("update `users` set `locked`='1' where `id`='$id'"); //, `deleted`=Now()
@@ -942,11 +948,11 @@
// called from includes/account.php if($oldid == 50 && $process != "")
$uid = intval($uid);
if (0==$cca) {
- $query1 = "select 1 from `domiancerts` where `memid`='$uid' and `expire`>NOW()";
- $query2 = "select 1 from `domiancerts` where `memid`='$uid' and `revoked`>NOW()";
+ $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>NOW() and `revoked`<`created`";
+ $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>NOW()";
}else{
- $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>NOW()+90*86400";
- $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>NOW()+90*86400";
+ $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>(NOW()-90*86400) and `revoked`<`created`";
+ $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>(NOW()-90*86400)";
}
$res = mysql_query($query1);
$r1 = mysql_num_rows($res)>0;
@@ -960,11 +966,11 @@
// called from includes/account.php if($oldid == 50 && $process != "")
$uid = intval($uid);
if (0==$cca) {
- $query1 = "select 1 from `domiancerts` where `memid`='$uid' and `expire`>NOW()";
- $query2 = "select 1 from `domiancerts` where `memid`='$uid' and `revoked`>NOW()";
+ $query1 = "select 1 from `domaincerts` where `memid`='$uid' and `expire`>NOW() and `revoked`<`created`";
+ $query2 = "select 1 from `domaincerts` where `memid`='$uid' and `revoked`>NOW()";
}else{
- $query1 = "select 1 from `domiancerts` where `memid`='$uid' and `expire`>NOW()+90*86400";
- $query2 = "select 1 from `domiancerts` where `memid`='$uid' and `revoked`>NOW()+90*86400";
+ $query1 = "select 1 from `domaincerts` where `memid`='$uid' and `expire`>(NOW()-90*86400) and `revoked`<`created`";
+ $query2 = "select 1 from `domaincerts` where `memid`='$uid' and `revoked`>(NOW()-90*86400)";
}
$res = mysql_query($query1);
$r1 = mysql_num_rows($res)>0;