diff options
| author | Benny Baumann <BenBE@geshi.org> | 2014-01-12 14:23:21 +0100 |
|---|---|---|
| committer | Benny Baumann <BenBE@geshi.org> | 2014-01-12 14:23:21 +0100 |
| commit | bc88d503d06d1d25f11216741b50c2152708cfb1 (patch) | |
| tree | 46756c94d7b8c67165e6e6615337df1f54acb966 /pages | |
| parent | 1e8d8add953809e655f82b3f33a0e3cdadb1f0e6 (diff) | |
| download | cacert-devel-bc88d503d06d1d25f11216741b50c2152708cfb1.tar.gz cacert-devel-bc88d503d06d1d25f11216741b50c2152708cfb1.tar.xz cacert-devel-bc88d503d06d1d25f11216741b50c2152708cfb1.zip | |
bug 1138: Fix indentation and whitespace
Diffstat (limited to 'pages')
| -rw-r--r-- | pages/account/43.php | 1744 |
1 files changed, 915 insertions, 829 deletions
diff --git a/pages/account/43.php b/pages/account/43.php index 5e9cb99..2799a2a 100644 --- a/pages/account/43.php +++ b/pages/account/43.php @@ -17,18 +17,22 @@ */ ?> <? include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); + $ticketno=''; $ticketvalidation=FALSE; //check if an assurance should be deleted - if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0) - { - $assurance = mysql_escape_string(intval($_REQUEST['assurance'])); - $row = 0; - $res = mysql_query("select `to` from `notary` where `id`='$assurance'"); - if ($res) { - $row = mysql_fetch_assoc($res); - } +if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0) +{ + $assurance = mysql_real_escape_string(intval($_REQUEST['assurance'])); + $row = 0; + $res = mysql_query("select `to` from `notary` where `id`='$assurance' and `deleted` = 0"); + if ($res) { + $row = mysql_fetch_assoc($res); + } + mysql_query("update `notary` set `deleted`=NOW() where `id`='$assurance'"); + if ($row) { + fix_assurer_flag($row['to']); } if (isset($_SESSION['ticketno'])) { @@ -45,34 +49,36 @@ $ticketvalidation=FALSE; if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0) { $_REQUEST['userid'] = 0; - $emailsearch = $email = mysql_escape_string(stripslashes($_REQUEST['email'])); - //Disabled to speed up the queries - //if(!strstr($email, "%")) - // $emailsearch = "%$email%"; + $emailsearch = $email = mysql_real_escape_string(stripslashes($_REQUEST['email'])); + + //Disabled to speed up the queries + //if(!strstr($email, "%")) + // $emailsearch = "%$email%"; - // bug-975 ted+uli changes --- begin + // bug-975 ted+uli changes --- begin if(preg_match("/^[0-9]+$/", $email)) { - // $email consists of digits only ==> search for IDs - // Be defensive here (outer join) if primary mail is not listed in email table + // $email consists of digits only ==> search for IDs + // Be defensive here (outer join) if primary mail is not listed in email table $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users` left outer join `email` on (`users`.`id`=`email`.`memid`) where (`email`.`id`='$email' or `users`.`id`='$email') - and `users`.`deleted`=0 + and `users`.`deleted`=0 group by `users`.`id` limit 100"; } else { - // $email contains non-digits ==> search for mail addresses - // Be defensive here (outer join) if primary mail is not listed in email table + // $email contains non-digits ==> search for mail addresses + // Be defensive here (outer join) if primary mail is not listed in email table $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users` left outer join `email` on (`users`.`id`=`email`.`memid`) - where (`email`.`email` like '$emailsearch' - or `users`.`email` like '$emailsearch') + where (`email`.`email` like '$emailsearch' + or `users`.`email` like '$emailsearch') and `users`.`deleted`=0 - group by `users`.`id` limit 100"; + group by `users`.`id` limit 100"; } // bug-975 ted+uli changes --- end $res = mysql_query($query); - if(mysql_num_rows($res) > 1) { ?> + if(mysql_num_rows($res) > 1) { +?> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> <td colspan="5" class="title"><?=_("Select Specific Account Details")?></td> @@ -83,23 +89,32 @@ $ticketvalidation=FALSE; </tr> <? while($row = mysql_fetch_assoc($res)) - { ?> + { +?> <tr> <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($row['id'])?>"><?=intval($row['id'])?></a></td> <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td> </tr> -<? } - if(mysql_num_rows($res) >= 100) { ?> +<? + } + + if(mysql_num_rows($res) >= 100) { +?> <tr> <td class="DataTD" colspan="2"><?=_("Only the first 100 rows are displayed.")?></td> </tr> -<? } else { ?> +<? + } else { +?> <tr> <td class="DataTD" colspan="2"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td> - </tr> -<? } ?> + </tr> +<? + } +?> </table><br><br> -<? } elseif(mysql_num_rows($res) == 1) { +<? + } elseif(mysql_num_rows($res) == 1) { $row = mysql_fetch_assoc($res); $_REQUEST['userid'] = $row['id']; } else { @@ -108,16 +123,14 @@ $ticketvalidation=FALSE; } // display user information for given user id - if(intval($_REQUEST['userid']) > 0) - { + if(intval($_REQUEST['userid']) > 0) { $userid = intval($_REQUEST['userid']); $res =get_user_data($userid); - if(mysql_num_rows($res) <= 0) - { + if(mysql_num_rows($res) <= 0) { echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!"); } else { $row = mysql_fetch_assoc($res); - $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."'"; + $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."' and `deleted` = 0"; $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); $alerts =get_alerts(intval($row['id'])); @@ -141,846 +154,919 @@ $ticketvalidation=FALSE; } else { $ticketmsg=_('No assurance revoked. Ticket number is missing!'); } + //Ticket number ?> -<!-- <form method="post" action="account.php?id=43&userid=<?=$uid?>"> - <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="2" class="title"><?=_('Ticket handling') ?></td> - </tr> - <tr> - <td class="DataTD"><?=_('Ticket no:')?>:</td> - <td class="DataTD"><input type="text" name="ticketno" value="<?=$ticketno?>"/></td> - </tr> - <tr> - <td colspan="2" ><?=$ticketmsg?></td> - <? $_SESSION['ticketmsg']='' ?>' - </tr> - <tr> - <td colspan="2" ><input type="submit" value="<?=_('Set ticket number') ?>"></td> - </tr> - </table> - </form> - <br/> +<!-- +<form method="post" action="account.php?id=43&userid=<?=$uid?>"> + <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="2" class="title"><?=_('Ticket handling') ?></td> + </tr> + <tr> + <td class="DataTD"><?=_('Ticket no:')?>:</td> + <td class="DataTD"><input type="text" name="ticketno" value="<?=$ticketno?>"/></td> + </tr> + <tr> + <td colspan="2" ><?=$ticketmsg?></td><?php $_SESSION['ticketmsg']='' ?> + </tr> + <tr> + <td colspan="2" ><input type="submit" value="<?=_('Set ticket number') ?>"></td> + </tr> + </table> +</form> +<br/> --> -<!-- display data table --> - <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="5" class="title"><? printf(_("%s's Account Details"), sanitizeHTML($row['email'])); ?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Email")?>:</td> - <td class="DataTD"><?=sanitizeHTML($row['email'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("First Name")?>:</td> - <td class="DataTD"><form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to modify this DOB and/or last name?")?>')) return false;"> - <input type="hidden" name="csrf" value="<?=make_csrf('admchangepers')?>" /> - <input type="text" name="fname" value="<?=sanitizeHTML($row['fname'])?>"></td> - </tr> - <tr> - <td class="DataTD"><?=_("Middle Name")?>:</td> - <td class="DataTD"><input type="text" name="mname" value="<?=sanitizeHTML($row['mname'])?>"></td> - </tr> - <tr> - <td class="DataTD"><?=_("Last Name")?>:</td> - <td class="DataTD"> <input type="hidden" name="oldid" value="43"> - <input type="hidden" name="action" value="updatedob"> - <input type="hidden" name="userid" value="<?=intval($userid)?>"> - <input type="text" name="lname" value="<?=sanitizeHTML($row['lname'])?>"></td> - </tr> - <tr> - <td class="DataTD"><?=_("Suffix")?>:</td> - <td class="DataTD"><input type="text" name="suffix" value="<?=sanitizeHTML($row['suffix'])?>"></td> - </tr> - <tr> - <td class="DataTD"><?=_("Date of Birth")?>:</td> - <td class="DataTD"> - <? - $year = intval(substr($row['dob'], 0, 4)); - $month = intval(substr($row['dob'], 5, 2)); - $day = intval(substr($row['dob'], 8, 2)); - ?><nobr><select name="day"> - <? - for($i = 1; $i <= 31; $i++) - { - echo "<option"; - if($day == $i) - echo " selected='selected'"; - echo ">$i</option>"; - } - ?> - </select> - <select name="month"> - <? - for($i = 1; $i <= 12; $i++) - { - echo "<option value='$i'"; - if($month == $i) - echo " selected='selected'"; - echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))."</option>"; - } - ?> - </select> - <input type="text" name="year" value="<?=$year?>" size="4"> - <input type="submit" value="Go"></form></nobr> - </td> - </tr> +<!-- display data table --> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="5" class="title"><? printf(_("%s's Account Details"), sanitizeHTML($row['email'])); ?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Email")?>:</td> + <td class="DataTD"><?=sanitizeHTML($row['email'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("First Name")?>:</td> + <td class="DataTD"><form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to modify this DOB and/or last name?")?>')) return false;"> + <input type="hidden" name="csrf" value="<?=make_csrf('admchangepers')?>" /> + <input type="text" name="fname" value="<?=sanitizeHTML($row['fname'])?>"> + </td> + </tr> + <tr> + <td class="DataTD"><?=_("Middle Name")?>:</td> + <td class="DataTD"><input type="text" name="mname" value="<?=sanitizeHTML($row['mname'])?>"></td> + </tr> + <tr> + <td class="DataTD"><?=_("Last Name")?>:</td> + <td class="DataTD"> <input type="hidden" name="oldid" value="43"> + <input type="hidden" name="action" value="updatedob"> + <input type="hidden" name="userid" value="<?=intval($userid)?>"> + <input type="text" name="lname" value="<?=sanitizeHTML($row['lname'])?>"> + </td> + </tr> + <tr> + <td class="DataTD"><?=_("Suffix")?>:</td> + <td class="DataTD"><input type="text" name="suffix" value="<?=sanitizeHTML($row['suffix'])?>"></td> + </tr> + <tr> + <td class="DataTD"><?=_("Date of Birth")?>:</td> + <td class="DataTD"> + <? + $year = intval(substr($row['dob'], 0, 4)); + $month = intval(substr($row['dob'], 5, 2)); + $day = intval(substr($row['dob'], 8, 2)); +?> + <nobr> + <select name="day"> +<? + for($i = 1; $i <= 31; $i++) { + echo "<option"; + if($day == $i) { + echo " selected='selected'"; + } + echo ">$i</option>"; + } +?> + </select> + <select name="month"> +<? + for($i = 1; $i <= 12; $i++) { + echo "<option value='$i'"; + if($month == $i) + echo " selected='selected'"; + echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))."</option>"; + } +?> + </select> + <input type="text" name="year" value="<?=$year?>" size="4"> + <input type="submit" value="Go"> + </form> + </nobr> + </td> + </tr> <? // list of flags ?> - <tr> - <td class="DataTD"><?=_("CCA accepted")?>:</td> - <td class="DataTD"><a href="account.php?id=57&userid=<?=intval($row['id'])?>"><?=intval(get_user_agreement_status($row['id'])) ? _("Yes") : _("No") ?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Trainings")?>:</td> - <td class="DataTD"><a href="account.php?id=55&userid=<?=intval($row['id'])?>">show</a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Is Assurer")?>:</td> - <td class="DataTD"><a href="account.php?id=43&assurer=<?=intval($row['id'])?>&csrf=<?=make_csrf('admsetassuret')?>"><?=$row['assurer']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Blocked Assurer")?>:</td> - <td class="DataTD"><a href="account.php?id=43&assurer_blocked=<?=intval($row['id'])?>"><?=$row['assurer_blocked']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Account Locking")?>:</td> - <td class="DataTD"><a href="account.php?id=43&locked=<?=$row['id']?>&csrf=<?=make_csrf('admactlock')?>"><?=$row['locked']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Code Signing")?>:</td> - <td class="DataTD"><a href="account.php?id=43&codesign=<?=$row['id']?>&csrf=<?=make_csrf('admcodesign')?>"><?=$row['codesign']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Org Assurer")?>:</td> - <td class="DataTD"><a href="account.php?id=43&orgadmin=<?=$row['id']?>&csrf=<?=make_csrf('admorgadmin')?>"><?=$row['orgadmin']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("TTP Admin")?>:</td> - <td class="DataTD"><a href="account.php?id=43&ttpadmin=<?=$row['id']?>&csrf=<?=make_csrf('admttpadmin')?>"><?=$row['ttpadmin']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Location Admin")?>:</td> - <td class="DataTD"><a href="account.php?id=43&locadmin=<?=$row['id']?>"><?=$row['locadmin']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Admin")?>:</td> - <td class="DataTD"><a href="account.php?id=43&admin=<?=$row['id']?>&csrf=<?=make_csrf('admsetadmin')?>"><?=$row['admin']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Ad Admin")?>:</td> - <td class="DataTD"><a href="account.php?id=43&adadmin=<?=$row['id']?>"><?=$row['adadmin']?></a> (0 = none, 1 = submit, 2 = approve)</td> - </tr> -<!---presently not needed - <tr> - <td class="DataTD"><?=_("Tverify Account")?>:</td> - <td class="DataTD"><a href="account.php?id=43&tverify=<?=$row['id']?>"><?=$row['tverify']?></a></td> - </tr> --> - <tr> - <td class="DataTD"><?=_("General Announcements")?>:</td> - <td class="DataTD"><a href="account.php?id=43&general=<?=$row['id']?>"><?=$alerts['general']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Country Announcements")?>:</td> - <td class="DataTD"><a href="account.php?id=43&country=<?=$row['id']?>"><?=$alerts['country']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Regional Announcements")?>:</td> - <td class="DataTD"><a href="account.php?id=43&regional=<?=$row['id']?>"><?=$alerts['regional']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Within 200km Announcements")?>:</td> - <td class="DataTD"><a href="account.php?id=43&radius=<?=$row['id']?>"><?=$alerts['radius']?></a></td> - </tr> + <tr> + <td class="DataTD"><?=_("CCA accepted")?>:</td> + <td class="DataTD"><a href="account.php?id=57&userid=<?=intval($row['id'])?>"><?=intval(get_user_agreement_status($row['id'])) ? _("Yes") : _("No") ?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Trainings")?>:</td> + <td class="DataTD"><a href="account.php?id=55&userid=<?=intval($row['id'])?>">show</a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Is Assurer")?>:</td> + <td class="DataTD"><a href="account.php?id=43&assurer=<?=intval($row['id'])?>&csrf=<?=make_csrf('admsetassuret')?>"><?=$row['assurer']?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Blocked Assurer")?>:</td> + <td class="DataTD"><a href="account.php?id=43&assurer_blocked=<?=intval($row['id'])?>"><?=$row['assurer_blocked']?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Account Locking")?>:</td> + <td class="DataTD"><a href="account.php?id=43&locked=<?=$row['id']?>&csrf=<?=make_csrf('admactlock')?>"><?=$row['locked']?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Code Signing")?>:</td> + <td class="DataTD"><a href="account.php?id=43&codesign=<?=$row['id']?>&csrf=<?=make_csrf('admcodesign')?>"><?=$row['codesign']?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Org Assurer")?>:</td> + <td class="DataTD"><a href="account.php?id=43&orgadmin=<?=$row['id']?>&csrf=<?=make_csrf('admorgadmin')?>"><?=$row['orgadmin']?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("TTP Admin")?>:</td> + <td class="DataTD"><a href="account.php?id=43&ttpadmin=<?=$row['id']?>&csrf=<?=make_csrf('admttpadmin')?>"><?=$row['ttpadmin']?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Location Admin")?>:</td> + <td class="DataTD"><a href="account.php?id=43&locadmin=<?=$row['id']?>"><?=$row['locadmin']?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Admin")?>:</td> + <td class="DataTD"><a href="account.php?id=43&admin=<?=$row['id']?>&csrf=<?=make_csrf('admsetadmin')?>"><?=$row['admin']?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Ad Admin")?>:</td> + <td class="DataTD"><a href="account.php?id=43&adadmin=<?=$row['id']?>"><?=$row['adadmin']?></a> (0 = none, 1 = submit, 2 = approve)</td> + </tr> +<!-- presently not needed + <tr> + <td class="DataTD"><?=_("Tverify Account")?>:</td> + <td class="DataTD"><a href="account.php?id=43&tverify=<?=$row['id']?>"><?=$row['tverify']?></a></td> + </tr> +--> + <tr> + <td class="DataTD"><?=_("General Announcements")?>:</td> + <td class="DataTD"><a href="account.php?id=43&general=<?=$row['id']?>"><?=$alerts['general']?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Country Announcements")?>:</td> + <td class="DataTD"><a href="account.php?id=43&country=<?=$row['id']?>"><?=$alerts['country']?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Regional Announcements")?>:</td> + <td class="DataTD"><a href="account.php?id=43&regional=<?=$row['id']?>"><?=$alerts['regional']?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Within 200km Announcements")?>:</td> + <td class="DataTD"><a href="account.php?id=43&radius=<?=$row['id']?>"><?=$alerts['radius']?></a></td> + </tr> <? //change password, view secret questions and delete account section ?> - <tr> - <td class="DataTD"><?=_("Change Password")?>:</td> - <td class="DataTD"><a href="account.php?id=44&userid=<?=$row['id']?>"><?=_("Change Password")?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Delete Account")?>:</td> - <td class="DataTD"><a href="account.php?id=50&userid=<?=$row['id']?>&csrf=<?=make_csrf('admdelaccount')?>"><?=_("Delete Account")?></a></td> - </tr> - <? - // This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!! - if(array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==true) { - write_se_log($uid, $adminid, 'AD view lost password information', $ticketno); ?> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - Q1:</td> - <td class="DataTD"><?=sanitizeHTML($row['Q1'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - A1:</td> - <td class="DataTD"><?=sanitizeHTML($row['A1'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - Q2:</td> - <td class="DataTD"><?=sanitizeHTML($row['Q2'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - A2:</td> - <td class="DataTD"><?=sanitizeHTML($row['A2'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - Q3:</td> - <td class="DataTD"><?=sanitizeHTML($row['Q3'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - A3:</td> - <td class="DataTD"><?=sanitizeHTML($row['A3'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - Q4:</td> - <td class="DataTD"><?=sanitizeHTML($row['Q4'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - A4:</td> - <td class="DataTD"><?=sanitizeHTML($row['A4'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - Q5:</td> - <td class="DataTD"><?=sanitizeHTML($row['Q5'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - A5:</td> - <td class="DataTD"><?=sanitizeHTML($row['A5'])?></td> - </tr> - <? - } elseif (array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==false) { -?> - <tr> - <td class="DataTD" colspan="2"><?=_('No access granted. Ticket number is missing')?></td> - </tr> - <tr> - <td class="DataTD" colspan="2"><a href="account.php?id=43&userid=<?=$row['id']?>&showlostpw=yes"><?=_("Show Lost Password Details")?></a></td> - </tr> -<? } + <tr> + <td class="DataTD"><?=_("Change Password")?>:</td> + <td class="DataTD"><a href="account.php?id=44&userid=<?=$row['id']?>"><?=_("Change Password")?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Delete Account")?>:</td> + <td class="DataTD"><a href="account.php?id=50&userid=<?=$row['id']?>&csrf=<?=make_csrf('admdelaccount')?>"><?=_("Delete Account")?></a></td> + </tr> +<? + // This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!! + if(array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==true) { + write_se_log($uid, $adminid, 'AD view lost password information', $ticketno); +?> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - Q1:</td> + <td class="DataTD"><?=sanitizeHTML($row['Q1'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - A1:</td> + <td class="DataTD"><?=sanitizeHTML($row['A1'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - Q2:</td> + <td class="DataTD"><?=sanitizeHTML($row['Q2'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - A2:</td> + <td class="DataTD"><?=sanitizeHTML($row['A2'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - Q3:</td> + <td class="DataTD"><?=sanitizeHTML($row['Q3'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - A3:</td> + <td class="DataTD"><?=sanitizeHTML($row['A3'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - Q4:</td> + <td class="DataTD"><?=sanitizeHTML($row['Q4'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - A4:</td> + <td class="DataTD"><?=sanitizeHTML($row['A4'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - Q5:</td> + <td class="DataTD"><?=sanitizeHTML($row['Q5'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - A5:</td> + <td class="DataTD"><?=sanitizeHTML($row['A5'])?></td> + </tr> +<? + } elseif (array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==false) { +?> + <tr> + <td class="DataTD" colspan="2"><?=_('No access granted. Ticket number is missing')?></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><a href="account.php?id=43&userid=<?=$row['id']?>&showlostpw=yes"><?=_("Show Lost Password Details")?></a></td> + </tr> +<? + } + // list assurance points ?> - <tr> - <td class="DataTD"><?=_("Assurance Points")?>:</td> - <td class="DataTD"><?=intval($drow['points'])?></td> - </tr> -<? // show account history ?> - <tr> - <td class="DataTD" colspan="2"><a href="account.php?id=59&userid=<?=intval($row['id'])?>"><?=_('Show account history')?></a></td> - </tr> - </table> - <br/><? -//ticket number to track SE log ?> - <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td td colspan="5" class="title"><?=_("Ticket/Arbitration No, needs to be entered to apply any changes")?></td> - </tr> - <tr> - <td class="DataTD"><?=_('Ticket/Arbitration No')?></td> - <td class="DataTD"><input name="ticketno" /></td> - </tr> - </table> - <br/> + <tr> + <td class="DataTD"><?=_("Assurance Points")?>:</td> + <td class="DataTD"><?=intval($drow['points'])?></td> + </tr> +<? +// show account history +?> + <tr> + <td class="DataTD" colspan="2"><a href="account.php?id=59&userid=<?=intval($row['id'])?>"><?=_('Show account history')?></a></td> + </tr> +</table> +<br/> +<? +//ticket number to track SE log +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td td colspan="5" class="title"><?=_("Ticket/Arbitration No, needs to be entered to apply any changes")?></td> + </tr> + <tr> + <td class="DataTD"><?=_('Ticket/Arbitration No')?></td> + <td class="DataTD"><input name="ticketno" /></td> + </tr> +</table> +<br/> <? //list secondary email addresses $dres = get_email_address(intval($row['id']),mysql_real_escape_string($row['email'])); - if(mysql_num_rows($dres) > 0) { ?> - <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="5" class="title"><?=_("Alternate Verified Email Addresses")?></td> - </tr><? - $rc = mysql_num_rows($dres); - while($drow = mysql_fetch_assoc($dres)) - { ?> - <tr> - <td class="DataTD"><?=_("Secondary Emails")?>:</td> - <td class="DataTD"><?=sanitizeHTML($drow['email'])?></td> - </tr> - <? } ?> - </table> - <br/> - <? } + if(mysql_num_rows($dres) > 0) { +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="5" class="title"><?=_("Alternate Verified Email Addresses")?></td> + </tr> +<? + $rc = mysql_num_rows($dres); + while($drow = mysql_fetch_assoc($dres)) { +?> + <tr> + <td class="DataTD"><?=_("Secondary Emails")?>:</td> + <td class="DataTD"><?=sanitizeHTML($drow['email'])?></td> + </tr> +<? + } +?> +</table> +<br/> +<? + } + // list of domains domains $dres=get_domains(intval($row['id'])); - if(mysql_num_rows($dres) > 0) { ?> - <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="5" class="title"><?=_("Verified Domains")?></td> - </tr><? - $rc = mysql_num_rows($dres); - while($drow = mysql_fetch_assoc($dres)) - { ?> - <tr> - <td class="DataTD"><?=_("Domain")?>:</td> - <td class="DataTD"><?=sanitizeHTML($drow['domain'])?></td> - </tr> - <? } ?> - </table> - <br/> - <? } ?> + if(mysql_num_rows($dres) > 0) { +?> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="5" class="title"><?=_("Verified Domains")?></td> + </tr> +<? + $rc = mysql_num_rows($dres); + while($drow = mysql_fetch_assoc($dres)) { +?> + <tr> + <td class="DataTD"><?=_("Domain")?>:</td> + <td class="DataTD"><?=sanitizeHTML($drow['domain'])?></td> + </tr> +<? + } +?> +</table> +<br/> +<? + } +?> <? // Begin - Debug infos ?> - <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="2" class="title"><?=_("Account State")?></td> - </tr> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="2" class="title"><?=_("Account State")?></td> + </tr> <? - // --- bug-975 begin --- - // potential db inconsistency like in a20110804.1 - // Admin console -> don't list user account - // User login -> impossible - // Assurer, assure someone -> user displayed - /* regular user account search with regular settings - - --- Admin Console find user query - $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email` - where `users`.`id`=`email`.`memid` and - (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and - `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0 - group by `users`.`id` limit 100"; - => requirements - 1. email.hash = '' - 2. email.deleted = 0 - 3. users.deleted = 0 - 4. email.email = primary-email (???) or'd - not covered by admin console find user routine, but may block users login - 5. users.verified = 0|1 - further "special settings" - 6. users.locked (setting displayed in display form) - 7. users.assurer_blocked (setting displayed in display form) - - --- User login user query - select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or - `password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0 - => requirements - 1. users.verified = 1 - 2. users.deleted = 0 - 3. users.locked = 0 - 4. users.email = primary-email - - --- Assurer, assure someone find user query - select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' - and `deleted`=0 - => requirements - 1. users.deleted = 0 - 2. users.email = primary-email - Admin User Assurer - bit Console Login assure someone - - 1. email.hash = '' Yes No No - 2. email.deleted = 0 Yes No No - 3. users.deleted = 0 Yes Yes Yes - 4. users.verified = 1 No Yes No - 5. users.locked = 0 No Yes No - 6. users.email = prim-email No Yes Yes - 7. email.email = prim-email Yes No No - - full usable account needs all 7 requirements fulfilled - so if one setting isn't set/cleared there is an inconsistency either way - if eg email.email is not avail, admin console cannot open user info - but user can login and assurer can display user info - if user verified is not set to 1, admin console displays user record - but user cannot login, but assurer can search for the user and the data displays - - consistency check: - 1. search primary-email in users.email - 2. search primary-email in email.email - 3. userid = email.memid - 4. check settings from table 1. - 5. - - */ - - $inconsistency = 0; - $inconsistencydisp = ""; - $inccause = ""; - // current userid intval($row['id']) - $query = "select `email` as `uemail`, `deleted` as `udeleted`, `verified`, `locked` - from `users` where `id`='".intval($row['id'])."' "; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $uemail = $drow['uemail']; - $udeleted = $drow['udeleted']; - $uverified = $drow['verified']; - $ulocked = $drow['locked']; + // --- bug-975 begin --- + // potential db inconsistency like in a20110804.1 + // Admin console -> don't list user account + // User login -> impossible + // Assurer, assure someone -> user displayed + /* regular user account search with regular settings - $query = "select `hash`, `email` as `eemail` from `email` - where `memid`='".intval($row['id'])."' and + --- Admin Console find user query + $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email` + where `users`.`id`=`email`.`memid` and + (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and + `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0 + group by `users`.`id` limit 100"; + => requirements + 1. email.hash = '' + 2. email.deleted = 0 + 3. users.deleted = 0 + 4. email.email = primary-email (???) or'd + not covered by admin console find user routine, but may block users login + 5. users.verified = 0|1 + further "special settings" + 6. users.locked (setting displayed in display form) + 7. users.assurer_blocked (setting displayed in display form) + + --- User login user query + select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or + `password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0 + => requirements + 1. users.verified = 1 + 2. users.deleted = 0 + 3. users.locked = 0 + 4. users.email = primary-email + + --- Assurer, assure someone find user query + select * from `users` where `email`='".mysql_real_escape_string(stripslashes($_POST['email']))."' + and `deleted`=0 + => requirements + 1. users.deleted = 0 + 2. users.email = primary-email + + Admin User Assurer + bit Console Login assure someone + + 1. email.hash = '' Yes No No + 2. email.deleted = 0 Yes No No + 3. users.deleted = 0 Yes Yes Yes + 4. users.verified = 1 No Yes No + 5. users.locked = 0 No Yes No + 6. users.email = prim-email No Yes Yes + 7. email.email = prim-email Yes No No + + full usable account needs all 7 requirements fulfilled + so if one setting isn't set/cleared there is an inconsistency either way + if eg email.email is not avail, admin console cannot open user info + but user can login and assurer can display user info + if user verified is not set to 1, admin console displays user record + but user cannot login, but assurer can search for the user and the data displays + + consistency check: + 1. search primary-email in users.email + 2. search primary-email in email.email + 3. userid = email.memid + 4. check settings from table 1. - 5. + + */ + + $inconsistency = 0; + $inconsistencydisp = ""; + $inccause = ""; + + // current userid intval($row['id']) + $query = "select `email` as `uemail`, `deleted` as `udeleted`, `verified`, `locked` + from `users` where `id`='".intval($row['id'])."' "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $uemail = $drow['uemail']; + $udeleted = $drow['udeleted']; + $uverified = $drow['verified']; + $ulocked = $drow['locked']; + + $query = "select `hash`, `email` as `eemail` from `email` + where `memid`='".intval($row['id'])."' and `email` ='".$uemail."' and `deleted` = 0"; - $dres = mysql_query($query); - if ($drow = mysql_fetch_assoc($dres)) { - $drow['edeleted'] = 0; - } else { - // try if there are deleted entries - $query = "select `hash`, `deleted` as `edeleted`, `email` as `eemail` from `email` - where `memid`='".intval($row['id'])."' and + $dres = mysql_query($query); + if ($drow = mysql_fetch_assoc($dres)) { + $drow['edeleted'] = 0; + } else { + // try if there are deleted entries + $query = "select `hash`, `deleted` as `edeleted`, `email` as `eemail` from `email` + where `memid`='".intval($row['id'])."' and `email` ='".$uemail."'"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - } + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + } - if ($drow) { - $eemail = $drow['eemail']; - $edeleted = $drow['edeleted']; - $ehash = $drow['hash']; - if ($udeleted!=0) { - $inconsistency += 1; - $inccause .= (empty($inccause)?"":"<br>")._("Users record set to deleted"); - } - if ($uverified!=1) { - $inconsistency += 2; - $inccause .= (empty($inccause)?"":"<br>")._("Users record verified not set"); - } - if ($ulocked!=0) { - $inconsistency += 4; - $inccause .= (empty($inccause)?"":"<br>")._("Users record locked set"); - } - if ($edeleted!=0) { - $inconsistency += 8; - $inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted"); - } - if ($ehash!='') { - $inconsistency += 16; - $inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset"); - } - } else { - $inconsistency = 32; - $inccause = _("Prim. email, Email record doesn't exist"); + if ($drow) { + $eemail = $drow['eemail']; + $edeleted = $drow['edeleted']; + $ehash = $drow['hash']; + if ($udeleted!=0) { + $inconsistency += 1; + $inccause .= (empty($inccause)?"":"<br>")._("Users record set to deleted"); } - if ($inconsistency>0) { - // $inconsistencydisp = _("Yes"); + if ($uverified!=1) { + $inconsistency += 2; + $inccause .= (empty($inccause)?"":"<br>")._("Users record verified not set"); + } + if ($ulocked!=0) { + $inconsistency += 4; + $inccause .= (empty($inccause)?"":"<br>")._("Users record locked set"); + } + if ($edeleted!=0) { + $inconsistency += 8; + $inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted"); + } + if ($ehash!='') { + $inconsistency += 16; + $inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset"); + } + } else { + $inconsistency = 32; + $inccause = _("Prim. email, Email record doesn't exist"); + } + if ($inconsistency>0) { + // $inconsistencydisp = _("Yes"); ?> - <tr> - <td class="DataTD"><?=_("Account inconsistency")?>:</td> - <td class="DataTD"><?=$inccause?><br>code: <?=$inconsistency?></td> - </tr> - <tr> - <td colspan="2" class="DataTD" style="max-width: 75ex"> - <?=_("Account inconsistency can cause problems in daily account ". - "operations and needs to be fixed manually through arbitration/critical ". - "team.")?> - </td> - </tr> -<? } + <tr> + <td class="DataTD"><?=_("Account inconsistency")?>:</td> + <td class="DataTD"><?=$inccause?><br>code: <?=$inconsistency?></td> + </tr> + <tr> + <td colspan="2" class="DataTD" style="max-width: 75ex;"> + <?=_("Account inconsistency can cause problems in daily account operations and needs to be fixed manually through arbitration/critical team.")?> + </td> + </tr> +<? + } - // --- bug-975 end --- + // --- bug-975 end --- ?> - </table> - <br /> +</table> +<br /> <? - // End - Debug infos +// End - Debug infos // certificate overview ?> - <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="6" class="title"><?=_("Certificates")?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Cert Type")?>:</td> - <td class="DataTD"><?=_("Total")?></td> - <td class="DataTD"><?=_("Valid")?></td> - <td class="DataTD"><?=_("Expired")?></td> - <td class="DataTD"><?=_("Revoked")?></td> - <td class="DataTD"><?=_("Latest Expire")?></td> - </tr> -<!-- server certificates --> - <tr> - <td class="DataTD"><?=_("Server")?>:</td> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="6" class="title"><?=_("Certificates")?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Cert Type")?>:</td> + <td class="DataTD"><?=_("Total")?></td> + <td class="DataTD"><?=_("Valid")?></td> + <td class="DataTD"><?=_("Expired")?></td> + <td class="DataTD"><?=_("Revoked")?></td> + <td class="DataTD"><?=_("Latest Expire")?></td> + </tr> + <!-- server certificates --> + <tr> + <td class="DataTD"><?=_("Server")?>:</td> <? - $query = "select COUNT(*) as `total`, - MAX(`domaincerts`.`expire`) as `maxexpire` - from `domains` inner join `domaincerts` + $query = " + select COUNT(*) as `total`, + MAX(`domaincerts`.`expire`) as `maxexpire` + from `domains` inner join `domaincerts` + on `domains`.`id` = `domaincerts`.`domid` + where `domains`.`memid` = '".intval($row['id'])."' + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $total = $drow['total']; + + $maxexpire = "0000-00-00 00:00:00"; + if ($drow['maxexpire']) { + $maxexpire = $drow['maxexpire']; + } + + if($total > 0) { + $query = " + select COUNT(*) as `valid` + from `domains` inner join `domaincerts` on `domains`.`id` = `domaincerts`.`domid` - where `domains`.`memid` = '".intval($row['id'])."' "; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $total = $drow['total']; - - $maxexpire = "0000-00-00 00:00:00"; - if ($drow['maxexpire']) { - $maxexpire = $drow['maxexpire']; - } - - if($total > 0) { - $query = "select COUNT(*) as `valid` - from `domains` inner join `domaincerts` - on `domains`.`id` = `domaincerts`.`domid` - where `domains`.`memid` = '".intval($row['id'])."' - and `revoked` = '0000-00-00 00:00:00' - and `expire` > NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $valid = $drow['valid']; - - $query = "select COUNT(*) as `expired` - from `domains` inner join `domaincerts` - on `domains`.`id` = `domaincerts`.`domid` - where `domains`.`memid` = '".intval($row['id'])."' - and `expire` <= NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $expired = $drow['expired']; - - $query = "select COUNT(*) as `revoked` - from `domains` inner join `domaincerts` - on `domains`.`id` = `domaincerts`.`domid` - where `domains`.`memid` = '".intval($row['id'])."' - and `revoked` != '0000-00-00 00:00:00'"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $revoked = $drow['revoked']; - ?> - <td class="DataTD"><?=intval($total)?></td> - <td class="DataTD"><?=intval($valid)?></td> - <td class="DataTD"><?=intval($expired)?></td> - <td class="DataTD"><?=intval($revoked)?></td> - <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")? - substr($maxexpire, 0, 10) : _("Pending")?></td> - <? - } else { // $total > 0 - ?> - <td colspan="5" class="DataTD"><?=_("None")?></td> - <? - } ?> - </tr> -<!-- client certificates --> - <tr> - <td class="DataTD"><?=_("Client")?>:</td> - <? - $query = "select COUNT(*) as `total`, MAX(`expire`) as `maxexpire` - from `emailcerts` - where `memid` = '".intval($row['id'])."' "; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $total = $drow['total']; - - $maxexpire = "0000-00-00 00:00:00"; - if ($drow['maxexpire']) { - $maxexpire = $drow['maxexpire']; - } - - if($total > 0) { - $query = "select COUNT(*) as `valid` - from `emailcerts` - where `memid` = '".intval($row['id'])."' - and `revoked` = '0000-00-00 00:00:00' - and `expire` > NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $valid = $drow['valid']; - - $query = "select COUNT(*) as `expired` - from `emailcerts` - where `memid` = '".intval($row['id'])."' - and `expire` <= NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $expired = $drow['expired']; - - $query = "select COUNT(*) as `revoked` - from `emailcerts` - where `memid` = '".intval($row['id'])."' - and `revoked` != '0000-00-00 00:00:00'"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $revoked = $drow['revoked']; - ?> - <td class="DataTD"><?=intval($total)?></td> - <td class="DataTD"><?=intval($valid)?></td> - <td class="DataTD"><?=intval($expired)?></td> - <td class="DataTD"><?=intval($revoked)?></td> - <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")? - substr($maxexpire, 0, 10) : _("Pending")?></td> - <? - } else { // $total > 0 - ?> - <td colspan="5" class="DataTD"><?=_("None")?></td> - <? - } ?> - </tr> -<!-- gpg certificates --> - <tr> - <td class="DataTD"><?=_("GPG")?>:</td> - <? - $query = "select COUNT(*) as `total`, MAX(`expire`) as `maxexpire` - from `gpg` - where `memid` = '".intval($row['id'])."' "; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $total = $drow['total']; - - $maxexpire = "0000-00-00 00:00:00"; - if ($drow['maxexpire']) { - $maxexpire = $drow['maxexpire']; - } - - if($total > 0) { - $query = "select COUNT(*) as `valid` - from `gpg` - where `memid` = '".intval($row['id'])."' - and `expire` > NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $valid = $drow['valid']; - - $query = "select COUNT(*) as `expired` - from `gpg` - where `memid` = '".intval($row['id'])."' - and `expire` <= NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $expired = $drow['expired']; - - ?> - <td class="DataTD"><?=intval($total)?></td> - <td class="DataTD"><?=intval($valid)?></td> - <td class="DataTD"><?=intval($expired)?></td> - <td class="DataTD"></td> - <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")? - substr($maxexpire, 0, 10) : _("Pending")?></td> - <? - } else { // $total > 0 - ?> - <td colspan="5" class="DataTD"><?=_("None")?></td> - <? - } ?> - </tr> -<!-- org server certificates --> - <tr> - <td class="DataTD"><a href="account.php?id=58&userid=<?=intval($row['id'])?>"><?=_("Org Server")?></a>:</td> - <? - $query = "select COUNT(*) as `total`, - MAX(`orgcerts`.`expire`) as `maxexpire` - from `orgdomaincerts` as `orgcerts` inner join `org` - on `orgcerts`.`orgid` = `org`.`orgid` - where `org`.`memid` = '".intval($row['id'])."' "; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $total = $drow['total']; - - $maxexpire = "0000-00-00 00:00:00"; - if ($drow['maxexpire']) { - $maxexpire = $drow['maxexpire']; - } - - if($total > 0) { - $query = "select COUNT(*) as `valid` - from `orgdomaincerts` as `orgcerts` inner join `org` - on `orgcerts`.`orgid` = `org`.`orgid` - where `org`.`memid` = '".intval($row['id'])."' - and `orgcerts`.`revoked` = '0000-00-00 00:00:00' - and `orgcerts`.`expire` > NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $valid = $drow['valid']; - - $query = "select COUNT(*) as `expired` - from `orgdomaincerts` as `orgcerts` inner join `org` - on `orgcerts`.`orgid` = `org`.`orgid` - where `org`.`memid` = '".intval($row['id'])."' - and `orgcerts`.`expire` <= NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $expired = $drow['expired']; - - $query = "select COUNT(*) as `revoked` - from `orgdomaincerts` as `orgcerts` inner join `org` - on `orgcerts`.`orgid` = `org`.`orgid` - where `org`.`memid` = '".intval($row['id'])."' - and `orgcerts`.`revoked` != '0000-00-00 00:00:00'"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $revoked = $drow['revoked']; - ?> - <td class="DataTD"><?=intval($total)?></td> - <td class="DataTD"><?=intval($valid)?></td> - <td class="DataTD"><?=intval($expired)?></td> - <td class="DataTD"><?=intval($revoked)?></td> - <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")? - substr($maxexpire, 0, 10) : _("Pending")?></td> - <? - } else { // $total > 0 - ?> - <td colspan="5" class="DataTD"><?=_("None")?></td> - <? - } ?> - </tr> -<!-- org client certificates --> - <tr> - <td class="DataTD"><?=_("Org Client")?>:</td> - <? - $query = "select COUNT(*) as `total`, - MAX(`orgcerts`.`expire`) as `maxexpire` - from `orgemailcerts` as `orgcerts` inner join `org` - on `orgcerts`.`orgid` = `org`.`orgid` - where `org`.`memid` = '".intval($row['id'])."' "; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $total = $drow['total']; - - $maxexpire = "0000-00-00 00:00:00"; - if ($drow['maxexpire']) { - $maxexpire = $drow['maxexpire']; - } - - if($total > 0) { - $query = "select COUNT(*) as `valid` - from `orgemailcerts` as `orgcerts` inner join `org` - on `orgcerts`.`orgid` = `org`.`orgid` - where `org`.`memid` = '".intval($row['id'])."' - and `orgcerts`.`revoked` = '0000-00-00 00:00:00' - and `orgcerts`.`expire` > NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $valid = $drow['valid']; - - $query = "select COUNT(*) as `expired` - from `orgemailcerts` as `orgcerts` inner join `org` - on `orgcerts`.`orgid` = `org`.`orgid` - where `org`.`memid` = '".intval($row['id'])."' - and `orgcerts`.`expire` <= NOW()"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $expired = $drow['expired']; - - $query = "select COUNT(*) as `revoked` - from `orgemailcerts` as `orgcerts` inner join `org` - on `orgcerts`.`orgid` = `org`.`orgid` - where `org`.`memid` = '".intval($row['id'])."' - and `orgcerts`.`revoked` != '0000-00-00 00:00:00'"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $revoked = $drow['revoked']; - ?> - <td class="DataTD"><?=intval($total)?></td> - <td class="DataTD"><?=intval($valid)?></td> - <td class="DataTD"><?=intval($expired)?></td> - <td class="DataTD"><?=intval($revoked)?></td> - <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")? - substr($maxexpire, 0, 10) : _("Pending")?></td> - <? - } else { // $total > 0 - ?> - <td colspan="5" class="DataTD"><?=_("None")?></td> - <? - } ?> - </tr> - <tr> - <td colspan="6" class="title"> - <form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to revoke all private certificates?")?>')) return false;"> - <input type="hidden" name="action" value="revokecert"> - <input type="hidden" name="oldid" value="43"> - <input type="hidden" name="userid" value="<?=intval($userid)?>"> - <input type="submit" value="<?=_('revoke certificates')?>"> - </form> - </td> - </tr> - </table> - <br /> + where `domains`.`memid` = '".intval($row['id'])."' + and `revoked` = '0000-00-00 00:00:00' + and `expire` > NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $valid = $drow['valid']; + + $query = " + select COUNT(*) as `expired` + from `domains` inner join `domaincerts` + on `domains`.`id` = `domaincerts`.`domid` + where `domains`.`memid` = '".intval($row['id'])."' + and `expire` <= NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $expired = $drow['expired']; + + $query = " + select COUNT(*) as `revoked` + from `domains` inner join `domaincerts` + on `domains`.`id` = `domaincerts`.`domid` + where `domains`.`memid` = '".intval($row['id'])."' + and `revoked` != '0000-00-00 00:00:00' + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $revoked = $drow['revoked']; +?> + <td class="DataTD"><?=intval($total)?></td> + <td class="DataTD"><?=intval($valid)?></td> + <td class="DataTD"><?=intval($expired)?></td> + <td class="DataTD"><?=intval($revoked)?></td> + <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td> +<? + } else { // $total > 0 +?> + <td colspan="5" class="DataTD"><?=_("None")?></td> +<? + } +?> + </tr> + <!-- client certificates --> + <tr> + <td class="DataTD"><?=_("Client")?>:</td> +<? + $query = " + select COUNT(*) as `total`, MAX(`expire`) as `maxexpire` + from `emailcerts` + where `memid` = '".intval($row['id'])."' + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $total = $drow['total']; + + $maxexpire = "0000-00-00 00:00:00"; + if ($drow['maxexpire']) { + $maxexpire = $drow['maxexpire']; + } + + if($total > 0) { + $query = " + select COUNT(*) as `valid` + from `emailcerts` + where `memid` = '".intval($row['id'])."' + and `revoked` = '0000-00-00 00:00:00' + and `expire` > NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $valid = $drow['valid']; + + $query = " + select COUNT(*) as `expired` + from `emailcerts` + where `memid` = '".intval($row['id'])."' + and `expire` <= NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $expired = $drow['expired']; + + $query = " + select COUNT(*) as `revoked` + from `emailcerts` + where `memid` = '".intval($row['id'])."' + and `revoked` != '0000-00-00 00:00:00' + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $revoked = $drow['revoked']; +?> + <td class="DataTD"><?=intval($total)?></td> + <td class="DataTD"><?=intval($valid)?></td> + <td class="DataTD"><?=intval($expired)?></td> + <td class="DataTD"><?=intval($revoked)?></td> + <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td> +<? + } else { // $total > 0 +?> + <td colspan="5" class="DataTD"><?=_("None")?></td> +<? + } +?> + </tr> + <!-- gpg certificates --> + <tr> + <td class="DataTD"><?=_("GPG")?>:</td> +<? + $query = " + select COUNT(*) as `total`, MAX(`expire`) as `maxexpire` + from `gpg` + where `memid` = '".intval($row['id'])."' + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $total = $drow['total']; + + $maxexpire = "0000-00-00 00:00:00"; + if ($drow['maxexpire']) { + $maxexpire = $drow['maxexpire']; + } + + if($total > 0) { + $query = " + select COUNT(*) as `valid` + from `gpg` + where `memid` = '".intval($row['id'])."' + and `expire` > NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $valid = $drow['valid']; + + $query = " + select COUNT(*) as `expired` + from `gpg` + where `memid` = '".intval($row['id'])."' + and `expire` <= NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $expired = $drow['expired']; +?> + <td class="DataTD"><?=intval($total)?></td> + <td class="DataTD"><?=intval($valid)?></td> + <td class="DataTD"><?=intval($expired)?></td> + <td class="DataTD"></td> + <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td> +<? + } else { // $total > 0 +?> + <td colspan="5" class="DataTD"><?=_("None")?></td> +<? + } +?> + </tr> + <!-- org server certificates --> + <tr> + <td class="DataTD"><a href="account.php?id=58&userid=<?=intval($row['id'])?>"><?=_("Org Server")?></a>:</td> +<? + $query = " + select COUNT(*) as `total`, + MAX(`orgcerts`.`expire`) as `maxexpire` + from `orgdomaincerts` as `orgcerts` inner join `org` + on `orgcerts`.`orgid` = `org`.`orgid` + where `org`.`memid` = '".intval($row['id'])."' + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $total = $drow['total']; + + $maxexpire = "0000-00-00 00:00:00"; + if ($drow['maxexpire']) { + $maxexpire = $drow['maxexpire']; + } + + if($total > 0) { + $query = " + select COUNT(*) as `valid` + from `orgdomaincerts` as `orgcerts` inner join `org` + on `orgcerts`.`orgid` = `org`.`orgid` + where `org`.`memid` = '".intval($row['id'])."' + and `orgcerts`.`revoked` = '0000-00-00 00:00:00' + and `orgcerts`.`expire` > NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $valid = $drow['valid']; + + $query = " + select COUNT(*) as `expired` + from `orgdomaincerts` as `orgcerts` inner join `org` + on `orgcerts`.`orgid` = `org`.`orgid` + where `org`.`memid` = '".intval($row['id'])."' + and `orgcerts`.`expire` <= NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $expired = $drow['expired']; + + $query = " + select COUNT(*) as `revoked` + from `orgdomaincerts` as `orgcerts` inner join `org` + on `orgcerts`.`orgid` = `org`.`orgid` + where `org`.`memid` = '".intval($row['id'])."' + and `orgcerts`.`revoked` != '0000-00-00 00:00:00' + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $revoked = $drow['revoked']; +?> + <td class="DataTD"><?=intval($total)?></td> + <td class="DataTD"><?=intval($valid)?></td> + <td class="DataTD"><?=intval($expired)?></td> + <td class="DataTD"><?=intval($revoked)?></td> + <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td> +<? + } else { // $total > 0 +?> + <td colspan="5" class="DataTD"><?=_("None")?></td> +<? + } +?> + </tr> + <!-- org client certificates --> + <tr> + <td class="DataTD"><?=_("Org Client")?>:</td> +<? + $query = " + select COUNT(*) as `total`, + MAX(`orgcerts`.`expire`) as `maxexpire` + from `orgemailcerts` as `orgcerts` inner join `org` + on `orgcerts`.`orgid` = `org`.`orgid` + where `org`.`memid` = '".intval($row['id'])."' + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $total = $drow['total']; + + $maxexpire = "0000-00-00 00:00:00"; + if ($drow['maxexpire']) { + $maxexpire = $drow['maxexpire']; + } + + if($total > 0) { + $query = " + select COUNT(*) as `valid` + from `orgemailcerts` as `orgcerts` inner join `org` + on `orgcerts`.`orgid` = `org`.`orgid` + where `org`.`memid` = '".intval($row['id'])."' + and `orgcerts`.`revoked` = '0000-00-00 00:00:00' + and `orgcerts`.`expire` > NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $valid = $drow['valid']; + + $query = " + select COUNT(*) as `expired` + from `orgemailcerts` as `orgcerts` inner join `org` + on `orgcerts`.`orgid` = `org`.`orgid` + where `org`.`memid` = '".intval($row['id'])."' + and `orgcerts`.`expire` <= NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $expired = $drow['expired']; + + $query = " + select COUNT(*) as `revoked` + from `orgemailcerts` as `orgcerts` inner join `org` + on `orgcerts`.`orgid` = `org`.`orgid` + where `org`.`memid` = '".intval($row['id'])."' + and `orgcerts`.`revoked` != '0000-00-00 00:00:00' + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $revoked = $drow['revoked']; +?> + <td class="DataTD"><?=intval($total)?></td> + <td class="DataTD"><?=intval($valid)?></td> + <td class="DataTD"><?=intval($expired)?></td> + <td class="DataTD"><?=intval($revoked)?></td> + <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td> +<? + } else { // $total > 0 +?> + <td colspan="5" class="DataTD"><?=_("None")?></td> +<? + } +?> + </tr> + <tr> + <td colspan="6" class="title"> + <form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to revoke all private certificates?")?>')) return false;"> + <input type="hidden" name="action" value="revokecert"> + <input type="hidden" name="oldid" value="43"> + <input type="hidden" name="userid" value="<?=intval($userid)?>"> + <input type="submit" value="<?=_('revoke certificates')?>"> + </form> + </td> + </tr> +</table> +<br /> <? // list assurances ?> - <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td class="DataTD"><a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredto"><?=_("Show Assurances the user got")?></a> - (<a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredto15"><?=_("New calculation")?></a>)</td> - </tr> - <tr> - <td class="DataTD"><a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredby"><?=_("Show Assurances the user gave")?></a> - (<a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredby15"><?=_("New calculation")?></a>)</td> - </tr> - </table> - <? +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td class="DataTD"> + <a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredto"><?=_("Show Assurances the user got")?></a> + (<a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredto15"><?=_("New calculation")?></a>) + </td> + </tr> + <tr> + <td class="DataTD"> + <a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredby"><?=_("Show Assurances the user gave")?></a> + (<a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredby15"><?=_("New calculation")?></a>) + </td> + </tr> +</table> +<? // if(array_key_exists('assuredto',$_GET) && $_GET['assuredto'] == "yes") { function showassuredto() { ?> - <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="8" class="title"><?=_("Assurance Points")?></td> - </tr> - <tr> - <td class="DataTD"><b><?=_("ID")?></b></td> - <td class="DataTD"><b><?=_("Date")?></b></td> - <td class="DataTD"><b><?=_("Who")?></b></td> - <td class="DataTD"><b><?=_("Email")?></b></td> - <td class="DataTD"><b><?=_("Points")?></b></td> - <td class="DataTD"><b><?=_("Location")?></b></td> - <td class="DataTD"><b><?=_("Method")?></b></td> - <td class="DataTD"><b><?=_("Revoke")?></b></td> - </tr> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="8" class="title"><?=_("Assurance Points")?></td> + </tr> + <tr> + <td class="DataTD"><b><?=_("ID")?></b></td> + <td class="DataTD"><b><?=_("Date")?></b></td> + <td class="DataTD"><b><?=_("Who")?></b></td> + <td class="DataTD"><b><?=_("Email")?></b></td> + <td class="DataTD"><b><?=_("Points")?></b></td> + <td class="DataTD"><b><?=_("Location")?></b></td> + <td class="DataTD"><b><?=_("Method")?></b></td> + <td class="DataTD"><b><?=_("Revoke")?></b></td> + </tr> <? - $query = "select * from `notary` where `to`='".intval($_GET['userid'])."'"; - $dres = mysql_query($query); - $points = 0; - while($drow = mysql_fetch_assoc($dres)) - { - $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['from'])."'")); - $points += $drow['points']; ?> - <tr> - <td class="DataTD"><?=$drow['id']?></td> - <td class="DataTD"><?=sanitizeHTML($drow['date'])?></td> - <td class="DataTD"><a href="wot.php?id=9&userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['fname'])." ".sanitizeHTML($fromuser['lname'])?></td> - <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td> - <td class="DataTD"><?=intval($drow['points'])?></td> - <td class="DataTD"><?=sanitizeHTML($drow['location'])?></td> - <td class="DataTD"><?=sanitizeHTML($drow['method'])?></td> - <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['to'])?>&assurance=<?=intval($drow['id'])?>&csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID "%s"?"),$drow['id'])?>');"><?=_("Revoke")?></a></td> - </tr> -<? } ?> - <tr> - <td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td> - <td class="DataTD"><?=$points?></td> - <td class="DataTD" colspan="3"> </td> - </tr> - </table> -<? } + $query = "select * from `notary` where `to`='".intval($_GET['userid'])."' and `deleted` = 0"; + $dres = mysql_query($query); + $points = 0; + while($drow = mysql_fetch_assoc($dres)) { + $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['from'])."'")); + $points += $drow['points']; +?> + <tr> + <td class="DataTD"><?=$drow['id']?></td> + <td class="DataTD"><?=sanitizeHTML($drow['date'])?></td> + <td class="DataTD"><a href="wot.php?id=9&userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['fname'])." ".sanitizeHTML($fromuser['lname'])?></td> + <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td> + <td class="DataTD"><?=intval($drow['points'])?></td> + <td class="DataTD"><?=sanitizeHTML($drow['location'])?></td> + <td class="DataTD"><?=sanitizeHTML($drow['method'])?></td> + <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['to'])?>&assurance=<?=intval($drow['id'])?>&csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID "%s"?"),$drow['id'])?>');"><?=_("Revoke")?></a></td> + </tr> +<? + } +?> + <tr> + <td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td> + <td class="DataTD"><?=$points?></td> + <td class="DataTD" colspan="3"> </td> + </tr> +</table> +<? +} function showassuredby() { ?> - <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="8" class="title"><?=_("Assurance Points The User Issued")?></td> - </tr> - <tr> - <td class="DataTD"><b><?=_("ID")?></b></td> - <td class="DataTD"><b><?=_("Date")?></b></td> - <td class="DataTD"><b><?=_("Who")?></b></td> - <td class="DataTD"><b><?=_("Email")?></b></td> - <td class="DataTD"><b><?=_("Points")?></b></td> - <td class="DataTD"><b><?=_("Location")?></b></td> - <td class="DataTD"><b><?=_("Method")?></b></td> - <td class="DataTD"><b><?=_("Revoke")?></b></td> - </tr> +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="8" class="title"><?=_("Assurance Points The User Issued")?></td> + </tr> + <tr> + <td class="DataTD"><b><?=_("ID")?></b></td> + <td class="DataTD"><b><?=_("Date")?></b></td> + <td class="DataTD"><b><?=_("Who")?></b></td> + <td class="DataTD"><b><?=_("Email")?></b></td> + <td class="DataTD"><b><?=_("Points")?></b></td> + <td class="DataTD"><b><?=_("Location")?></b></td> + <td class="DataTD"><b><?=_("Method")?></b></td> + <td class="DataTD"><b><?=_("Revoke")?></b></td> + </tr> <? - $query = "select * from `notary` where `from`='".intval($_GET['userid'])."'"; - $dres = mysql_query($query); - $points = 0; - while($drow = mysql_fetch_assoc($dres)) - { - $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$drow['to']."'")); - $points += $drow['points']; -?> - <tr> - <td class="DataTD"><?=$drow['id']?></td> - <td class="DataTD"><?=$drow['date']?></td> - <td class="DataTD"><a href="wot.php?id=9&userid=<?=$drow['to']?>"><?=$fromuser['fname']." ".$fromuser['lname']?></td> - <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['to'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td> - <td class="DataTD"><?=$drow['points']?></td> - <td class="DataTD"><?=$drow['location']?></td> - <td class="DataTD"><?=$drow['method']?></td> - <td class="DataTD"><a href="account.php?id=43&userid=<?=$drow['from']?>&assurance=<?=$drow['id']?>&csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID "%s"?"),$drow['id'])?>');"><?=_("Revoke")?></a></td> - </tr> -<? } ?> - <tr> - <td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td> - <td class="DataTD"><?=$points?></td> - <td class="DataTD" colspan="3"> </td> - </tr> - </table> -<br /><br/> -<? } + $query = "select * from `notary` where `from`='".intval($_GET['userid'])."' and `deleted` = 0"; + $dres = mysql_query($query); + $points = 0; + while($drow = mysql_fetch_assoc($dres)) { + $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$drow['to']."'")); + $points += $drow['points']; +?> + <tr> + <td class="DataTD"><?=$drow['id']?></td> + <td class="DataTD"><?=$drow['date']?></td> + <td class="DataTD"><a href="wot.php?id=9&userid=<?=$drow['to']?>"><?=$fromuser['fname']." ".$fromuser['lname']?></td> + <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['to'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td> + <td class="DataTD"><?=$drow['points']?></td> + <td class="DataTD"><?=$drow['location']?></td> + <td class="DataTD"><?=$drow['method']?></td> + <td class="DataTD"><a href="account.php?id=43&userid=<?=$drow['from']?>&assurance=<?=$drow['id']?>&csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID "%s"?"),$drow['id'])?>');"><?=_("Revoke")?></a></td> + </tr> +<? + } +?> + <tr> + <td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td> + <td class="DataTD"><?=$points?></td> + <td class="DataTD" colspan="3"> </td> + </tr> +</table> +<br/><br/> +<? +} if(isset($_GET['shownotary'])) { switch($_GET['shownotary']) { |