summaryrefslogtreecommitdiff
path: root/pages/account/43.php
diff options
context:
space:
mode:
authorINOPIAE <inopiae@cacert.org>2013-12-08 18:25:16 +0100
committerINOPIAE <inopiae@cacert.org>2013-12-08 18:25:16 +0100
commit103de8f1b582298d7352e2395295ca378f0c011f (patch)
treedf0c1306847413f06644074b36f43965be4169b5 /pages/account/43.php
parentd653cd9cc696bb988a40aa80fb914c5f04b2f39f (diff)
parentbbcafda8e9f17cd84b252a45171fd11397f6e27a (diff)
downloadcacert-devel-103de8f1b582298d7352e2395295ca378f0c011f.tar.gz
cacert-devel-103de8f1b582298d7352e2395295ca378f0c011f.tar.xz
cacert-devel-103de8f1b582298d7352e2395295ca378f0c011f.zip
Merge branch 'bug-1138' of https://github.com/INOPIAE/CAcert into bug-1138
Conflicts: includes/account.php includes/temp_functions.php pages/account/43.php
Diffstat (limited to 'pages/account/43.php')
-rw-r--r--pages/account/43.php113
1 files changed, 86 insertions, 27 deletions
diff --git a/pages/account/43.php b/pages/account/43.php
index 240d7ed..1ea6142 100644
--- a/pages/account/43.php
+++ b/pages/account/43.php
@@ -17,6 +17,8 @@
*/ ?>
<?
include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
+ $ticketno='';
+ $ticketvalidation=FALSE;
//check if an assurance should be deleted
if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0)
@@ -27,11 +29,16 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
if ($res) {
$row = mysql_fetch_assoc($res);
}
- mysql_query("delete from `notary` where `id`='$assurance'");
- if ($row) {
- fix_assurer_flag($row['to']);
}
+ if (isset($_SESSION['ticketno'])) {
+ $ticketno=$_SESSION['ticketno'];
+ $ticketvalidation=TRUE;
}
+ if (isset($_SESSION['ticketmsg'])) {
+ $ticketmsg=$_SESSION['ticketmsg'];
+ } else {
+ $ticketmsg='';
+ }
// search for an account by email search, if more than one is found display list to choose
if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
@@ -119,7 +126,48 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
// $alerts = mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($row['id'])."'"));
$alerts =get_alerts(intval($row['id']));
//display account data
+
+ //deletes an assurance
+ if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0 && $ticketvalidation==true)
+ {
+ $assurance = mysql_escape_string(intval($_REQUEST['assurance']));
+ $row = 0;
+ $res = mysql_query("select `to` from `notary` where `id`='$assurance'");
+ if ($res) {
+ $row = mysql_fetch_assoc($res);
+ }
+ mysql_query("delete from `notary` where `id`='$assurance'");
+ if ($row) {
+ fix_assurer_flag($row['to']);
+ write_se_log($uid, $adminid, 'AD block account', $ticketno);
+ }
+ } else {
+ $ticketmsg=_('No assurance revoked. Ticket number is missing!');
+ }
+ //Ticket number
?>
+<form method="post" action="account.php?id=43&userid=<?=$uid?>">
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_('Ticket handling') ?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_('Ticket no:')?>:</td>
+ <td class="DataTD"><input type="text" name="ticketno" value="<?=$ticketno?>"/></td>
+ </tr>
+ <tr>
+ <td colspan="2" ><?=$ticketmsg?></td>
+<? $_SESSION['ticketmsg']='' ?>'
+ </tr>
+ <tr>
+ <td colspan="2" ><input type="submit" value="<?=_('Set ticket number') ?>"></td>
+ </tr>
+ </table>
+</form>
+<br/>
+
+<!-- display data table -->
+
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="5" class="title"><? printf(_("%s's Account Details"), sanitizeHTML($row['email'])); ?></td>
@@ -152,12 +200,12 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
<tr>
<td class="DataTD"><?=_("Date of Birth")?>:</td>
<td class="DataTD">
-<?
+ <?
$year = intval(substr($row['dob'], 0, 4));
$month = intval(substr($row['dob'], 5, 2));
$day = intval(substr($row['dob'], 8, 2));
?><nobr><select name="day">
-<?
+ <?
for($i = 1; $i <= 31; $i++)
{
echo "<option";
@@ -165,10 +213,10 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
echo " selected='selected'";
echo ">$i</option>";
}
-?>
+ ?>
</select>
<select name="month">
-<?
+ <?
for($i = 1; $i <= 12; $i++)
{
echo "<option value='$i'";
@@ -176,7 +224,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
echo " selected='selected'";
echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))."</option>";
}
-?>
+ ?>
</select>
<input type="text" name="year" value="<?=$year?>" size="4">
<input type="submit" value="Go"></form></nobr></td>
@@ -226,10 +274,11 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
<td class="DataTD"><?=_("Ad Admin")?>:</td>
<td class="DataTD"><a href="account.php?id=43&amp;adadmin=<?=$row['id']?>"><?=$row['adadmin']?></a> (0 = none, 1 = submit, 2 = approve)</td>
</tr>
+ <!---presently not needed
<tr>
<td class="DataTD"><?=_("Tverify Account")?>:</td>
<td class="DataTD"><a href="account.php?id=43&amp;tverify=<?=$row['id']?>"><?=$row['tverify']?></a></td>
- </tr>
+ </tr> -->
<tr>
<td class="DataTD"><?=_("General Announcements")?>:</td>
<td class="DataTD"><a href="account.php?id=43&amp;general=<?=$row['id']?>"><?=$alerts['general']?></a></td>
@@ -255,10 +304,11 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
<td class="DataTD"><?=_("Delete Account")?>:</td>
<td class="DataTD"><a href="account.php?id=50&amp;userid=<?=$row['id']?>&amp;csrf=<?=make_csrf('admdelaccount')?>"><?=_("Delete Account")?></a></td>
</tr>
-<?
+ <?
// This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!!
- if(array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes") {
-?>
+ if(array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==true) {
+ write_se_log($uid, $adminid, 'AD view lost password information', $ticketno);
+ ?>
<tr>
<td class="DataTD"><?=_("Lost Password")?> - Q1:</td>
<td class="DataTD"><?=sanitizeHTML($row['Q1'])?></td>
@@ -299,14 +349,22 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
<td class="DataTD"><?=_("Lost Password")?> - A5:</td>
<td class="DataTD"><?=sanitizeHTML($row['A5'])?></td>
</tr>
-<? } else { ?>
+ <? } elseif (array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==false) {
+ ?>
<tr>
+ <td class="DataTD" colspan="2"><?=_('No access granted. Ticket number is missing')?></td>
+ </tr>
+ <tr>
<td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;showlostpw=yes"><?=_("Show Lost Password Details")?></a></td>
</tr>
<? }
// list assurance points
?>
<tr>
+ <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;showlostpw=yes"><?=_("Show Lost Password Details")?></a></td>
+ </tr>
+ <? } ?>
+ <tr>
<td class="DataTD"><?=_("Assurance Points")?>:</td>
<td class="DataTD"><?=intval($drow['points'])?></td>
</tr>
@@ -335,7 +393,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
// $dres = mysql_query($query);
$dres = get_email_address(intval($row['id']),mysql_real_escape_string($row['email']));
if(mysql_num_rows($dres) > 0) { ?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="5" class="title"><?=_("Alternate Verified Email Addresses")?></td>
</tr><?
@@ -346,16 +404,17 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
<td class="DataTD"><?=_("Secondary Emails")?>:</td>
<td class="DataTD"><?=sanitizeHTML($drow['email'])?></td>
</tr>
-<? } ?>
-</table>
-<br><? } ?>
-<?
+ <? } ?>
+ </table>
+ <br>
+ <? } ?>
+ <?
// comment to be deleted before release
// $query = "select * from `domains` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`=''";
// $dres = mysql_query($query);
$dres=get_domains(intval($row['id']));
if(mysql_num_rows($dres) > 0) { ?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<? // list of domains ?>
<td colspan="5" class="title"><?=_("Verified Domains")?></td>
@@ -367,12 +426,12 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
<td class="DataTD"><?=_("Domain")?>:</td>
<td class="DataTD"><?=sanitizeHTML($drow['domain'])?></td>
</tr>
-<? } ?>
-</table>
-<br>
-<? } ?>
+ <? } ?>
+ </table>
+ <br>
+ <? } ?>
<? // Begin - Debug infos ?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("Account State")?></td>
</tr>
@@ -502,14 +561,14 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
}
if ($inconsistency>0) {
// $inconsistencydisp = _("Yes");
-?>
+ ?>
<tr>
<td class="DataTD"><?=_("Account inconsistency")?>:</td>
<td class="DataTD"><?=$inccause?><br>code: <?=$inconsistency?></td>
</tr>
<tr>
<td colspan="2" class="DataTD" style="max-width: 75ex">
- <?=_("Account inconsistency can cause problems in daily account ".
+<?=_("Account inconsistency can cause problems in daily account ".
"operations and needs to be fixed manually through arbitration/critical ".
"team.")?>
</td>
@@ -517,7 +576,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
<? }
// --- bug-975 end ---
-?>
+ ?>
</table>
<br>
<?