diff options
| author | INOPIAE <inopiae@cacert.org> | 2013-02-20 00:49:48 +0100 |
|---|---|---|
| committer | INOPIAE <inopiae@cacert.org> | 2013-02-20 00:49:48 +0100 |
| commit | f25e34aa0700891f3c5b7ea2dceb2d38bfbbb1b5 (patch) | |
| tree | 76acb703ac34febb0e2527f58bdab0943d84d9d6 /pages/account | |
| parent | 4a7afbc30acb170f7ff3517d5450c7e0bec43fe2 (diff) | |
| download | cacert-devel-f25e34aa0700891f3c5b7ea2dceb2d38bfbbb1b5.tar.gz cacert-devel-f25e34aa0700891f3c5b7ea2dceb2d38bfbbb1b5.tar.xz cacert-devel-f25e34aa0700891f3c5b7ea2dceb2d38bfbbb1b5.zip | |
bug 1008: changed query and user output
Diffstat (limited to 'pages/account')
| -rw-r--r-- | pages/account/58.php | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/pages/account/58.php b/pages/account/58.php index 20e0b59..233f37c 100644 --- a/pages/account/58.php +++ b/pages/account/58.php @@ -16,30 +16,31 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ -require_once(dirname(__FILE__).'/../../includes/notary.inc.php'); - if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST) || intval($_REQUEST['userid']) < 1) { echo _('You do not have access to this page'); } else { $user_id = intval($_REQUEST['userid']); - $query = "select * from `users` where `id`='$user_id' and `users`.`deleted`=0"; + $query = "select `users`.`fname`, `users`.`mname`, `users`.`lname`, from `users` where `id`='$user_id' and `users`.`deleted`=0"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0){ echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!"); } else { - $query = "select `users`.`fname`, `users`.`mname`, `users`.`lname`, `orginfo`.`o`, `org`.`masteracc` - FROM `users`, `orginfo`, `org` - WHERE `users`.`id` = `org`.`memid` AND `orginfo`.`id` = `org`.`orgid` + while($row = mysql_fetch_assoc($res)){ + $username=sanitizeHTML($row['fname']).' '.sanitizeHTML($row['mname']).' '.sanitizeHTML($row['lname']); + } + $query = "select `orginfo`.`o`, `org`.`masteracc` + FROM `orginfo`, `org` + WHERE `orginfo`.`id` = `org`.`orgid` AND `users`.`id`='$user_id' order by `orginfo`.`o`"; - $res = mysql_query($query);?> + $res1 = mysql_query($query);?> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"><? - if (mysql_num_rows($res) <= 0) {?> + if (mysql_num_rows($res1) <= 0) {?> <tr> - <td colspan="2" class="title"><?=sprintf(_('%s %s %s is not listed as Organisation Administrator'),sanitizeHTML($row['fname']),sanitizeHTML($row['mname']),sanitizeHTML($row['lname']))?></td> + <td colspan="2" class="title"><?=sprintf(_('%s is not listed as Organisation Administrator'), $username)?></td> </tr> <?}else{?> <tr> - <td colspan="2" class="title"><?=sprintf(_('%s %s %s is listed as Organisation Administrator for:'),sanitizeHTML($row['fname']),sanitizeHTML($row['mname']),sanitizeHTML($row['lname']))?></td> + <td colspan="2" class="title"><?=sprintf(_('%s is listed as Organisation Administrator for:'), $username)?></td> </tr> <tr> <td class="DataTD"><b><?=_('Organisation')?></b></td> |