diff options
| author | INOPIAE <inopiae@cacert.org> | 2013-07-09 22:27:21 +0200 |
|---|---|---|
| committer | INOPIAE <inopiae@cacert.org> | 2013-07-09 22:27:21 +0200 |
| commit | 54f4f30e058fdea779a09ca3a2063b948a4ef67f (patch) | |
| tree | 6e52e830718aaca2fb80b9251ee293c8db2c2a87 /pages | |
| parent | df7cc59564f5c7f1f954696f1d089c1ed8a14e76 (diff) | |
| download | cacert-devel-54f4f30e058fdea779a09ca3a2063b948a4ef67f.tar.gz cacert-devel-54f4f30e058fdea779a09ca3a2063b948a4ef67f.tar.xz cacert-devel-54f4f30e058fdea779a09ca3a2063b948a4ef67f.zip | |
bug 663: changed that secret q&a only be visible if requested
Diffstat (limited to 'pages')
| -rw-r--r-- | pages/account/13.php | 80 |
1 files changed, 44 insertions, 36 deletions
diff --git a/pages/account/13.php b/pages/account/13.php index c2b7cc5..6ba1ff9 100644 --- a/pages/account/13.php +++ b/pages/account/13.php @@ -16,30 +16,33 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ ?> <? - $query = "select * from `users` where `id`='".intval($_SESSION['profile']['id'])."' and `users`.`deleted`=0"; - $res = mysql_query($query); - $user = mysql_fetch_assoc($res); + $query = "select * from `users` where `id`='".intval($_SESSION['profile']['id'])."' and `users`.`deleted`=0"; + $res = mysql_query($query); + $user = mysql_fetch_assoc($res); - $year = intval(substr($user['dob'], 0, 4)); - $month = intval(substr($user['dob'], 5, 2)); - $day = intval(substr($user['dob'], 8, 2)); + $year = intval(substr($user['dob'], 0, 4)); + $month = intval(substr($user['dob'], 5, 2)); + $day = intval(substr($user['dob'], 8, 2)); + $showdetails=0; if(array_key_exists('showdetails',$_REQUEST)) $showdetails=intval($_REQUEST['showdetails']); + if($showdetails == 1){ + $body = sprintf(_("Hi %s,"),$user['fname'])."\n\n"; + $body .= _("You receive this automatic mail since you yourself or someone ". + "else looked up your secret questions and answers for a forgotten ". + "password.\n\n". + "If it was you who looked up or changed that data, or clicked ". + "through the menu in your account, everything is in best order ". + "and you can ignore this mail.\n\n". + "But if you received this mail without a recognisable reason, ". + "there is a danger that an unauthorised person accessed your ". + "account, and you should promptly change your password and your ". + "secret questions and answers.")."\n\n"; - $body = sprintf(_("Hi %s,"),$user['fname'])."\n\n"; - $body .= _("You receive this automatic mail since you yourself or someone ". - "else looked up your secret questions and answers for a forgotten ". - "password.\n\n". - "If it was you who looked up or changed that data, or clicked ". - "through the menu in your account, everything is in best order ". - "and you can ignore this mail.\n\n". - "But if you received this mail without a recognisable reason, ". - "there is a danger that an unauthorised person accessed your ". - "account, and you should promptly change your password and your ". - "secret questions and answers.")."\n\n"; + $body .= _("Best regards")."\n"._("CAcert Support"); - $body .= _("Best regards")."\n"._("CAcert Support"); - - sendmail($user['email'], "[CAcert.org] "._("Email Notification"), $body, "support@cacert.org", "", "", "CAcert Support"); + sendmail($user['email'], "[CAcert.org] "._("Email Notification"), $body, "support@cacert.org", "", "", "CAcert Support"); + } ?> + <form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400"> <tr> @@ -70,24 +73,24 @@ (<?=_("dd/mm/yyyy")?>)</td> <td class="DataTD"><nobr><select name="day"> <? - for($i = 1; $i <= 31; $i++) - { - echo "<option"; - if($day == $i) - echo " selected='selected'"; - echo ">$i</option>"; - } + for($i = 1; $i <= 31; $i++) + { + echo "<option"; + if($day == $i) + echo " selected='selected'"; + echo ">$i</option>"; + } ?> </select> <select name="month"> <? - for($i = 1; $i <= 12; $i++) - { - echo "<option value='$i'"; - if($month == $i) - echo " selected='selected'"; - echo ">".ucwords(recode("utf-8..html", strftime("%B", mktime(0,0,0,$i,1,date("Y")))))."</option>"; - } + for($i = 1; $i <= 12; $i++) + { + echo "<option value='$i'"; + if($month == $i) + echo " selected='selected'"; + echo ">".ucwords(recode("utf-8..html", strftime("%B", mktime(0,0,0,$i,1,date("Y")))))."</option>"; + } ?> </select> <input type="text" name="year" value="<?=$year?>" size="4"></nobr> @@ -120,13 +123,17 @@ </tr> <? } ?> <tr> + <td colspan="2" class="title"><a href="account.php?id=13&showdetails=<?=!$showdetails?>"><?=_("View secret question and answers and OTP phrases")?></a></td> + </tr> + <? if($showdetails == 1){ ?> + <tr> <td class="DataTD"><?=_("OTP Hash")?><br> - (<?=_("Not displayed")?>)</td> + (<?=_("Not displayed")?>)</td> <td class="DataTD"><input type="text" name="otphash"></td> </tr> <tr> <td class="DataTD"><?=_("OTP PIN")?><br> - (<?=_("Not displayed")?>)</td> + (<?=_("Not displayed")?>)</td> <td class="DataTD"><input type="text" name="otppin"></td> </tr> <tr> @@ -153,6 +160,7 @@ <td class="DataTD"><input type="text" name="A5" value="<?=sanitizeHTML($user['A5'])?>"></td> </tr> <tr> + < ?} ?> <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td> </tr> </table> |