diff options
| author | INOPIAE <inopiae@cacert.org> | 2014-01-12 16:33:06 +0100 |
|---|---|---|
| committer | INOPIAE <inopiae@cacert.org> | 2014-01-12 16:33:06 +0100 |
| commit | f6da9654332b62844b282a6aea5d64a4561fda6e (patch) | |
| tree | 43398abbfd5f2106e133f0b58eca1b4e7d5e840a /pages | |
| parent | 8a84799434903505da69f41df87c2028b9105edb (diff) | |
| download | cacert-devel-f6da9654332b62844b282a6aea5d64a4561fda6e.tar.gz cacert-devel-f6da9654332b62844b282a6aea5d64a4561fda6e.tar.xz cacert-devel-f6da9654332b62844b282a6aea5d64a4561fda6e.zip | |
bug 1138: fixed typo indentation
Diffstat (limited to 'pages')
| -rw-r--r-- | pages/account/43.php | 1805 |
1 files changed, 903 insertions, 902 deletions
diff --git a/pages/account/43.php b/pages/account/43.php index a9ca89e..8e2d503 100644 --- a/pages/account/43.php +++ b/pages/account/43.php @@ -35,125 +35,126 @@ if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0) fix_assurer_flag($row['to']); } } - if (isset($_SESSION['ticketno'])) { - $ticketno=$_SESSION['ticketno']; - $ticketvalidation=TRUE; - } - if (isset($_SESSION['ticketmsg'])) { - $ticketmsg=$_SESSION['ticketmsg']; - } else { - $ticketmsg=''; - } + +if (isset($_SESSION['ticketno'])) { + $ticketno=$_SESSION['ticketno']; + $ticketvalidation=TRUE; +} +if (isset($_SESSION['ticketmsg'])) { + $ticketmsg=$_SESSION['ticketmsg']; +} else { + $ticketmsg=''; +} // search for an account by email search, if more than one is found display list to choose - if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0) - { - $_REQUEST['userid'] = 0; +if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0) +{ + $_REQUEST['userid'] = 0; - $emailsearch = $email = mysql_real_escape_string(stripslashes($_REQUEST['email'])); + $emailsearch = $email = mysql_real_escape_string(stripslashes($_REQUEST['email'])); - //Disabled to speed up the queries - //if(!strstr($email, "%")) - // $emailsearch = "%$email%"; + //Disabled to speed up the queries + //if(!strstr($email, "%")) + // $emailsearch = "%$email%"; - // bug-975 ted+uli changes --- begin - if(preg_match("/^[0-9]+$/", $email)) { - // $email consists of digits only ==> search for IDs - // Be defensive here (outer join) if primary mail is not listed in email table - $query = "select `users`.`id` as `id`, `email`.`email` as `email` - from `users` left outer join `email` on (`users`.`id`=`email`.`memid`) - where (`email`.`id`='$email' or `users`.`id`='$email') - and `users`.`deleted`=0 - group by `users`.`id` limit 100"; - } else { - // $email contains non-digits ==> search for mail addresses - // Be defensive here (outer join) if primary mail is not listed in email table - $query = "select `users`.`id` as `id`, `email`.`email` as `email` - from `users` left outer join `email` on (`users`.`id`=`email`.`memid`) - where (`email`.`email` like '$emailsearch' - or `users`.`email` like '$emailsearch') - and `users`.`deleted`=0 - group by `users`.`id` limit 100"; - } - // bug-975 ted+uli changes --- end - $res = mysql_query($query); - if(mysql_num_rows($res) > 1) { + // bug-975 ted+uli changes --- begin + if(preg_match("/^[0-9]+$/", $email)) { + // $email consists of digits only ==> search for IDs + // Be defensive here (outer join) if primary mail is not listed in email table + $query = "select `users`.`id` as `id`, `email`.`email` as `email` + from `users` left outer join `email` on (`users`.`id`=`email`.`memid`) + where (`email`.`id`='$email' or `users`.`id`='$email') + and `users`.`deleted`=0 + group by `users`.`id` limit 100"; + } else { + // $email contains non-digits ==> search for mail addresses + // Be defensive here (outer join) if primary mail is not listed in email table + $query = "select `users`.`id` as `id`, `email`.`email` as `email` + from `users` left outer join `email` on (`users`.`id`=`email`.`memid`) + where (`email`.`email` like '$emailsearch' + or `users`.`email` like '$emailsearch') + and `users`.`deleted`=0 + group by `users`.`id` limit 100"; + } + // bug-975 ted+uli changes --- end + $res = mysql_query($query); + if(mysql_num_rows($res) > 1) { ?> - <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="5" class="title"><?=_("Select Specific Account Details")?></td> - </tr> - <tr> - <td class="DataTD"><?=_("User ID")?></td> - <td class="DataTD"><?=_("Email")?></td> - </tr> + <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="5" class="title"><?=_("Select Specific Account Details")?></td> + </tr> + <tr> + <td class="DataTD"><?=_("User ID")?></td> + <td class="DataTD"><?=_("Email")?></td> + </tr> <? - while($row = mysql_fetch_assoc($res)) - { + while($row = mysql_fetch_assoc($res)) + { ?> - <tr> - <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($row['id'])?>"><?=intval($row['id'])?></a></td> - <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td> - </tr> + <tr> + <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($row['id'])?>"><?=intval($row['id'])?></a></td> + <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td> + </tr> <? - } + } - if(mysql_num_rows($res) >= 100) { + if(mysql_num_rows($res) >= 100) { ?> - <tr> - <td class="DataTD" colspan="2"><?=_("Only the first 100 rows are displayed.")?></td> - </tr> + <tr> + <td class="DataTD" colspan="2"><?=_("Only the first 100 rows are displayed.")?></td> + </tr> <? - } else { + } else { ?> - <tr> - <td class="DataTD" colspan="2"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td> - </tr> + <tr> + <td class="DataTD" colspan="2"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td> + </tr> <? - } + } ?> - </table><br><br> + </table><br><br> <? - } elseif(mysql_num_rows($res) == 1) { - $row = mysql_fetch_assoc($res); - $_REQUEST['userid'] = $row['id']; - } else { - printf(_("No users found matching %s"), sanitizeHTML($email)); - } + } elseif(mysql_num_rows($res) == 1) { + $row = mysql_fetch_assoc($res); + $_REQUEST['userid'] = $row['id']; + } else { + printf(_("No users found matching %s"), sanitizeHTML($email)); } +} // display user information for given user id - if(intval($_REQUEST['userid']) > 0) { - $userid = intval($_REQUEST['userid']); - $res =get_user_data($userid); - if(mysql_num_rows($res) <= 0) { - echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!"); - } else { - $row = mysql_fetch_assoc($res); - $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."' and `deleted` = 0"; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $alerts =get_alerts(intval($row['id'])); +if(intval($_REQUEST['userid']) > 0) { + $userid = intval($_REQUEST['userid']); + $res =get_user_data($userid); + if(mysql_num_rows($res) <= 0) { + echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!"); + } else { + $row = mysql_fetch_assoc($res); + $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."' and `deleted` = 0"; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $alerts =get_alerts(intval($row['id'])); //display account data //deletes an assurance - if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0 && $ticketvalidation==true) - { - $assurance = mysql_escape_string(intval($_REQUEST['assurance'])); - $row = 0; - $res = mysql_query("select `to` from `notary` where `id`='$assurance'"); - if ($res) { - $row = mysql_fetch_assoc($res); - } - mysql_query("delete from `notary` where `id`='$assurance'"); - if ($row) { - fix_assurer_flag($row['to']); - write_se_log($uid, $adminid, 'AD assurance revoke', $ticketno); - } - } else { - $ticketmsg=_('No assurance revoked. Ticket number is missing!'); + if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0 && $ticketvalidation==true) + { + $assurance = mysql_escape_string(intval($_REQUEST['assurance'])); + $row = 0; + $res = mysql_query("select `to` from `notary` where `id`='$assurance'"); + if ($res) { + $row = mysql_fetch_assoc($res); } + mysql_query("delete from `notary` where `id`='$assurance'"); + if ($row) { + fix_assurer_flag($row['to']); + write_se_log($uid, $adminid, 'AD assurance revoke', $ticketno); + } + } else { + $ticketmsg=_('No assurance revoked. Ticket number is missing!'); + } //Ticket number ?> @@ -179,892 +180,892 @@ if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0) --> <!-- display data table --> -<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="5" class="title"><? printf(_("%s's Account Details"), sanitizeHTML($row['email'])); ?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Email")?>:</td> - <td class="DataTD"><?=sanitizeHTML($row['email'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("First Name")?>:</td> - <td class="DataTD"><form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to modify this DOB and/or last name?")?>')) return false;"> - <input type="hidden" name="csrf" value="<?=make_csrf('admchangepers')?>" /> - <input type="text" name="fname" value="<?=sanitizeHTML($row['fname'])?>"> - </td> - </tr> - <tr> - <td class="DataTD"><?=_("Middle Name")?>:</td> - <td class="DataTD"><input type="text" name="mname" value="<?=sanitizeHTML($row['mname'])?>"></td> - </tr> - <tr> - <td class="DataTD"><?=_("Last Name")?>:</td> - <td class="DataTD"> <input type="hidden" name="oldid" value="43"> - <input type="hidden" name="action" value="updatedob"> - <input type="hidden" name="userid" value="<?=intval($userid)?>"> - <input type="text" name="lname" value="<?=sanitizeHTML($row['lname'])?>"> - </td> - </tr> - <tr> - <td class="DataTD"><?=_("Suffix")?>:</td> - <td class="DataTD"><input type="text" name="suffix" value="<?=sanitizeHTML($row['suffix'])?>"></td> - </tr> - <tr> - <td class="DataTD"><?=_("Date of Birth")?>:</td> - <td class="DataTD"> - <? - $year = intval(substr($row['dob'], 0, 4)); - $month = intval(substr($row['dob'], 5, 2)); - $day = intval(substr($row['dob'], 8, 2)); -?> - <nobr> - <select name="day"> -<? - for($i = 1; $i <= 31; $i++) { - echo "<option"; - if($day == $i) { - echo " selected='selected'"; - } - echo ">$i</option>"; - } -?> - </select> - <select name="month"> -<? - for($i = 1; $i <= 12; $i++) { - echo "<option value='$i'"; - if($month == $i) + <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="5" class="title"><? printf(_("%s's Account Details"), sanitizeHTML($row['email'])); ?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Email")?>:</td> + <td class="DataTD"><?=sanitizeHTML($row['email'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("First Name")?>:</td> + <td class="DataTD"><form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to modify this DOB and/or last name?")?>')) return false;"> + <input type="hidden" name="csrf" value="<?=make_csrf('admchangepers')?>" /> + <input type="text" name="fname" value="<?=sanitizeHTML($row['fname'])?>"> + </td> + </tr> + <tr> + <td class="DataTD"><?=_("Middle Name")?>:</td> + <td class="DataTD"><input type="text" name="mname" value="<?=sanitizeHTML($row['mname'])?>"></td> + </tr> + <tr> + <td class="DataTD"><?=_("Last Name")?>:</td> + <td class="DataTD"> <input type="hidden" name="oldid" value="43"> + <input type="hidden" name="action" value="updatedob"> + <input type="hidden" name="userid" value="<?=intval($userid)?>"> + <input type="text" name="lname" value="<?=sanitizeHTML($row['lname'])?>"> + </td> + </tr> + <tr> + <td class="DataTD"><?=_("Suffix")?>:</td> + <td class="DataTD"><input type="text" name="suffix" value="<?=sanitizeHTML($row['suffix'])?>"></td> + </tr> + <tr> + <td class="DataTD"><?=_("Date of Birth")?>:</td> + <td class="DataTD"> + <? + $year = intval(substr($row['dob'], 0, 4)); + $month = intval(substr($row['dob'], 5, 2)); + $day = intval(substr($row['dob'], 8, 2)); + ?> + <nobr> + <select name="day"> + <? + for($i = 1; $i <= 31; $i++) { + echo "<option"; + if($day == $i) { echo " selected='selected'"; - echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))."</option>"; - } -?> - </select> - <input type="text" name="year" value="<?=$year?>" size="4"> - <input type="submit" value="Go"> - </form> - </nobr> - </td> - </tr> - -<? // list of flags ?> - <tr> - <td class="DataTD"><?=_("CCA accepted")?>:</td> - <td class="DataTD"><a href="account.php?id=57&userid=<?=intval($row['id'])?>"><?=intval(get_user_agreement_status($row['id'])) ? _("Yes") : _("No") ?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Trainings")?>:</td> - <td class="DataTD"><a href="account.php?id=55&userid=<?=intval($row['id'])?>">show</a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Is Assurer")?>:</td> - <td class="DataTD"><a href="account.php?id=43&assurer=<?=intval($row['id'])?>&csrf=<?=make_csrf('admsetassuret')?>"><?=$row['assurer']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Blocked Assurer")?>:</td> - <td class="DataTD"><a href="account.php?id=43&assurer_blocked=<?=intval($row['id'])?>"><?=$row['assurer_blocked']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Account Locking")?>:</td> - <td class="DataTD"><a href="account.php?id=43&locked=<?=$row['id']?>&csrf=<?=make_csrf('admactlock')?>"><?=$row['locked']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Code Signing")?>:</td> - <td class="DataTD"><a href="account.php?id=43&codesign=<?=$row['id']?>&csrf=<?=make_csrf('admcodesign')?>"><?=$row['codesign']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Org Assurer")?>:</td> - <td class="DataTD"><a href="account.php?id=43&orgadmin=<?=$row['id']?>&csrf=<?=make_csrf('admorgadmin')?>"><?=$row['orgadmin']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("TTP Admin")?>:</td> - <td class="DataTD"><a href="account.php?id=43&ttpadmin=<?=$row['id']?>&csrf=<?=make_csrf('admttpadmin')?>"><?=$row['ttpadmin']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Location Admin")?>:</td> - <td class="DataTD"><a href="account.php?id=43&locadmin=<?=$row['id']?>"><?=$row['locadmin']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Admin")?>:</td> - <td class="DataTD"><a href="account.php?id=43&admin=<?=$row['id']?>&csrf=<?=make_csrf('admsetadmin')?>"><?=$row['admin']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Ad Admin")?>:</td> - <td class="DataTD"><a href="account.php?id=43&adadmin=<?=$row['id']?>"><?=$row['adadmin']?></a> (0 = none, 1 = submit, 2 = approve)</td> - </tr> -<!-- presently not needed - <tr> - <td class="DataTD"><?=_("Tverify Account")?>:</td> - <td class="DataTD"><a href="account.php?id=43&tverify=<?=$row['id']?>"><?=$row['tverify']?></a></td> - </tr> ---> - <tr> - <td class="DataTD"><?=_("General Announcements")?>:</td> - <td class="DataTD"><a href="account.php?id=43&general=<?=$row['id']?>"><?=$alerts['general']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Country Announcements")?>:</td> - <td class="DataTD"><a href="account.php?id=43&country=<?=$row['id']?>"><?=$alerts['country']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Regional Announcements")?>:</td> - <td class="DataTD"><a href="account.php?id=43&regional=<?=$row['id']?>"><?=$alerts['regional']?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Within 200km Announcements")?>:</td> - <td class="DataTD"><a href="account.php?id=43&radius=<?=$row['id']?>"><?=$alerts['radius']?></a></td> - </tr> -<? //change password, view secret questions and delete account section ?> - <tr> - <td class="DataTD"><?=_("Change Password")?>:</td> - <td class="DataTD"><a href="account.php?id=44&userid=<?=$row['id']?>"><?=_("Change Password")?></a></td> - </tr> - <tr> - <td class="DataTD"><?=_("Delete Account")?>:</td> - <td class="DataTD"><a href="account.php?id=50&userid=<?=$row['id']?>&csrf=<?=make_csrf('admdelaccount')?>"><?=_("Delete Account")?></a></td> - </tr> -<? - // This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!! - if(array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==true) { - write_se_log($uid, $adminid, 'AD view lost password information', $ticketno); -?> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - Q1:</td> - <td class="DataTD"><?=sanitizeHTML($row['Q1'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - A1:</td> - <td class="DataTD"><?=sanitizeHTML($row['A1'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - Q2:</td> - <td class="DataTD"><?=sanitizeHTML($row['Q2'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - A2:</td> - <td class="DataTD"><?=sanitizeHTML($row['A2'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - Q3:</td> - <td class="DataTD"><?=sanitizeHTML($row['Q3'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - A3:</td> - <td class="DataTD"><?=sanitizeHTML($row['A3'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - Q4:</td> - <td class="DataTD"><?=sanitizeHTML($row['Q4'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - A4:</td> - <td class="DataTD"><?=sanitizeHTML($row['A4'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - Q5:</td> - <td class="DataTD"><?=sanitizeHTML($row['Q5'])?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Lost Password")?> - A5:</td> - <td class="DataTD"><?=sanitizeHTML($row['A5'])?></td> - </tr> -<? - } elseif (array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==false) { -?> - <tr> - <td class="DataTD" colspan="2"><?=_('No access granted. Ticket number is missing')?></td> - </tr> - <tr> - <td class="DataTD" colspan="2"><a href="account.php?id=43&userid=<?=$row['id']?>&showlostpw=yes"><?=_("Show Lost Password Details")?></a></td> - </tr> -<? - } + } + echo ">$i</option>"; + } + ?> + </select> + <select name="month"> + <? + for($i = 1; $i <= 12; $i++) { + echo "<option value='$i'"; + if($month == $i) + echo " selected='selected'"; + echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))."</option>"; + } + ?> + </select> + <input type="text" name="year" value="<?=$year?>" size="4"> + <input type="submit" value="Go"> + </form> + </nobr> + </td> + </tr> -// list assurance points -?> - <tr> - <td class="DataTD"><?=_("Assurance Points")?>:</td> - <td class="DataTD"><?=intval($drow['points'])?></td> - </tr> -<? -// show account history -?> - <tr> - <td class="DataTD" colspan="2"><a href="account.php?id=59&userid=<?=intval($row['id'])?>"><?=_('Show account history')?></a></td> - </tr> -</table> -<br/> -<? -//ticket number to track SE log -?> -<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td td colspan="5" class="title"><?=_("Ticket/Arbitration No, needs to be entered to apply any changes")?></td> - </tr> - <tr> - <td class="DataTD"><?=_('Ticket/Arbitration No')?></td> - <td class="DataTD"><input name="ticketno" /></td> - </tr> -</table> -<br/> -<? -//list secondary email addresses - $dres = get_email_address(intval($row['id']),mysql_real_escape_string($row['email'])); - if(mysql_num_rows($dres) > 0) { -?> -<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="5" class="title"><?=_("Alternate Verified Email Addresses")?></td> - </tr> -<? - $rc = mysql_num_rows($dres); - while($drow = mysql_fetch_assoc($dres)) { -?> - <tr> - <td class="DataTD"><?=_("Secondary Emails")?>:</td> - <td class="DataTD"><?=sanitizeHTML($drow['email'])?></td> - </tr> -<? + <? // list of flags ?> + <tr> + <td class="DataTD"><?=_("CCA accepted")?>:</td> + <td class="DataTD"><a href="account.php?id=57&userid=<?=intval($row['id'])?>"><?=intval(get_user_agreement_status($row['id'])) ? _("Yes") : _("No") ?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Trainings")?>:</td> + <td class="DataTD"><a href="account.php?id=55&userid=<?=intval($row['id'])?>">show</a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Is Assurer")?>:</td> + <td class="DataTD"><a href="account.php?id=43&assurer=<?=intval($row['id'])?>&csrf=<?=make_csrf('admsetassuret')?>"><?=$row['assurer']?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Blocked Assurer")?>:</td> + <td class="DataTD"><a href="account.php?id=43&assurer_blocked=<?=intval($row['id'])?>"><?=$row['assurer_blocked']?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Account Locking")?>:</td> + <td class="DataTD"><a href="account.php?id=43&locked=<?=$row['id']?>&csrf=<?=make_csrf('admactlock')?>"><?=$row['locked']?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Code Signing")?>:</td> + <td class="DataTD"><a href="account.php?id=43&codesign=<?=$row['id']?>&csrf=<?=make_csrf('admcodesign')?>"><?=$row['codesign']?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Org Assurer")?>:</td> + <td class="DataTD"><a href="account.php?id=43&orgadmin=<?=$row['id']?>&csrf=<?=make_csrf('admorgadmin')?>"><?=$row['orgadmin']?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("TTP Admin")?>:</td> + <td class="DataTD"><a href="account.php?id=43&ttpadmin=<?=$row['id']?>&csrf=<?=make_csrf('admttpadmin')?>"><?=$row['ttpadmin']?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Location Admin")?>:</td> + <td class="DataTD"><a href="account.php?id=43&locadmin=<?=$row['id']?>"><?=$row['locadmin']?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Admin")?>:</td> + <td class="DataTD"><a href="account.php?id=43&admin=<?=$row['id']?>&csrf=<?=make_csrf('admsetadmin')?>"><?=$row['admin']?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Ad Admin")?>:</td> + <td class="DataTD"><a href="account.php?id=43&adadmin=<?=$row['id']?>"><?=$row['adadmin']?></a> (0 = none, 1 = submit, 2 = approve)</td> + </tr> + <!-- presently not needed + <tr> + <td class="DataTD"><?=_("Tverify Account")?>:</td> + <td class="DataTD"><a href="account.php?id=43&tverify=<?=$row['id']?>"><?=$row['tverify']?></a></td> + </tr> + --> + <tr> + <td class="DataTD"><?=_("General Announcements")?>:</td> + <td class="DataTD"><a href="account.php?id=43&general=<?=$row['id']?>"><?=$alerts['general']?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Country Announcements")?>:</td> + <td class="DataTD"><a href="account.php?id=43&country=<?=$row['id']?>"><?=$alerts['country']?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Regional Announcements")?>:</td> + <td class="DataTD"><a href="account.php?id=43&regional=<?=$row['id']?>"><?=$alerts['regional']?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Within 200km Announcements")?>:</td> + <td class="DataTD"><a href="account.php?id=43&radius=<?=$row['id']?>"><?=$alerts['radius']?></a></td> + </tr> + <? //change password, view secret questions and delete account section ?> + <tr> + <td class="DataTD"><?=_("Change Password")?>:</td> + <td class="DataTD"><a href="account.php?id=44&userid=<?=$row['id']?>"><?=_("Change Password")?></a></td> + </tr> + <tr> + <td class="DataTD"><?=_("Delete Account")?>:</td> + <td class="DataTD"><a href="account.php?id=50&userid=<?=$row['id']?>&csrf=<?=make_csrf('admdelaccount')?>"><?=_("Delete Account")?></a></td> + </tr> + <? + // This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!! + if(array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==true) { + write_se_log($uid, $adminid, 'AD view lost password information', $ticketno); + ?> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - Q1:</td> + <td class="DataTD"><?=sanitizeHTML($row['Q1'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - A1:</td> + <td class="DataTD"><?=sanitizeHTML($row['A1'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - Q2:</td> + <td class="DataTD"><?=sanitizeHTML($row['Q2'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - A2:</td> + <td class="DataTD"><?=sanitizeHTML($row['A2'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - Q3:</td> + <td class="DataTD"><?=sanitizeHTML($row['Q3'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - A3:</td> + <td class="DataTD"><?=sanitizeHTML($row['A3'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - Q4:</td> + <td class="DataTD"><?=sanitizeHTML($row['Q4'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - A4:</td> + <td class="DataTD"><?=sanitizeHTML($row['A4'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - Q5:</td> + <td class="DataTD"><?=sanitizeHTML($row['Q5'])?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Lost Password")?> - A5:</td> + <td class="DataTD"><?=sanitizeHTML($row['A5'])?></td> + </tr> + <? + } elseif (array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==false) { + ?> + <tr> + <td class="DataTD" colspan="2"><?=_('No access granted. Ticket number is missing')?></td> + </tr> + <tr> + <td class="DataTD" colspan="2"><a href="account.php?id=43&userid=<?=$row['id']?>&showlostpw=yes"><?=_("Show Lost Password Details")?></a></td> + </tr> + <? } -?> -</table> -<br/> -<? - } -// list of domains domains - $dres=get_domains(intval($row['id'])); - if(mysql_num_rows($dres) > 0) { -?> -<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="5" class="title"><?=_("Verified Domains")?></td> - </tr> -<? - $rc = mysql_num_rows($dres); - while($drow = mysql_fetch_assoc($dres)) { -?> - <tr> - <td class="DataTD"><?=_("Domain")?>:</td> - <td class="DataTD"><?=sanitizeHTML($drow['domain'])?></td> - </tr> -<? + // list assurance points + ?> + <tr> + <td class="DataTD"><?=_("Assurance Points")?>:</td> + <td class="DataTD"><?=intval($drow['points'])?></td> + </tr> + <? + // show account history + ?> + <tr> + <td class="DataTD" colspan="2"><a href="account.php?id=59&userid=<?=intval($row['id'])?>"><?=_('Show account history')?></a></td> + </tr> + </table> + <br/> + <? + //ticket number to track SE log + ?> + <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td td colspan="5" class="title"><?=_("Ticket/Arbitration No, needs to be entered to apply any changes")?></td> + </tr> + <tr> + <td class="DataTD"><?=_('Ticket/Arbitration No')?></td> + <td class="DataTD"><input name="ticketno" /></td> + </tr> + </table> + <br/> + <? + //list secondary email addresses + $dres = get_email_address(intval($row['id']),mysql_real_escape_string($row['email'])); + if(mysql_num_rows($dres) > 0) { + ?> + <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="5" class="title"><?=_("Alternate Verified Email Addresses")?></td> + </tr> + <? + $rc = mysql_num_rows($dres); + while($drow = mysql_fetch_assoc($dres)) { + ?> + <tr> + <td class="DataTD"><?=_("Secondary Emails")?>:</td> + <td class="DataTD"><?=sanitizeHTML($drow['email'])?></td> + </tr> + <? + } + ?> + </table> + <br/> + <? } -?> -</table> -<br/> -<? - } -?> -<? // Begin - Debug infos ?> -<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="2" class="title"><?=_("Account State")?></td> - </tr> -<? - // --- bug-975 begin --- - // potential db inconsistency like in a20110804.1 - // Admin console -> don't list user account - // User login -> impossible - // Assurer, assure someone -> user displayed - /* regular user account search with regular settings + // list of domains domains + $dres=get_domains(intval($row['id'])); + if(mysql_num_rows($dres) > 0) { + ?> + <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="5" class="title"><?=_("Verified Domains")?></td> + </tr> + <? + $rc = mysql_num_rows($dres); + while($drow = mysql_fetch_assoc($dres)) { + ?> + <tr> + <td class="DataTD"><?=_("Domain")?>:</td> + <td class="DataTD"><?=sanitizeHTML($drow['domain'])?></td> + </tr> + <? + } + ?> + </table> + <br/> + <? + } + ?> + <? // Begin - Debug infos ?> + <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="2" class="title"><?=_("Account State")?></td> + </tr> - --- Admin Console find user query - $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email` - where `users`.`id`=`email`.`memid` and - (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and - `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0 - group by `users`.`id` limit 100"; - => requirements - 1. email.hash = '' - 2. email.deleted = 0 - 3. users.deleted = 0 - 4. email.email = primary-email (???) or'd - not covered by admin console find user routine, but may block users login - 5. users.verified = 0|1 - further "special settings" - 6. users.locked (setting displayed in display form) - 7. users.assurer_blocked (setting displayed in display form) + <? + // --- bug-975 begin --- + // potential db inconsistency like in a20110804.1 + // Admin console -> don't list user account + // User login -> impossible + // Assurer, assure someone -> user displayed + /* regular user account search with regular settings - --- User login user query - select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or - `password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0 - => requirements - 1. users.verified = 1 - 2. users.deleted = 0 - 3. users.locked = 0 - 4. users.email = primary-email + --- Admin Console find user query + $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email` + where `users`.`id`=`email`.`memid` and + (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and + `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0 + group by `users`.`id` limit 100"; + => requirements + 1. email.hash = '' + 2. email.deleted = 0 + 3. users.deleted = 0 + 4. email.email = primary-email (???) or'd + not covered by admin console find user routine, but may block users login + 5. users.verified = 0|1 + further "special settings" + 6. users.locked (setting displayed in display form) + 7. users.assurer_blocked (setting displayed in display form) - --- Assurer, assure someone find user query - select * from `users` where `email`='".mysql_real_escape_string(stripslashes($_POST['email']))."' - and `deleted`=0 - => requirements - 1. users.deleted = 0 - 2. users.email = primary-email + --- User login user query + select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or + `password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0 + => requirements + 1. users.verified = 1 + 2. users.deleted = 0 + 3. users.locked = 0 + 4. users.email = primary-email - Admin User Assurer - bit Console Login assure someone + --- Assurer, assure someone find user query + select * from `users` where `email`='".mysql_real_escape_string(stripslashes($_POST['email']))."' + and `deleted`=0 + => requirements + 1. users.deleted = 0 + 2. users.email = primary-email - 1. email.hash = '' Yes No No - 2. email.deleted = 0 Yes No No - 3. users.deleted = 0 Yes Yes Yes - 4. users.verified = 1 No Yes No - 5. users.locked = 0 No Yes No - 6. users.email = prim-email No Yes Yes - 7. email.email = prim-email Yes No No + Admin User Assurer + bit Console Login assure someone - full usable account needs all 7 requirements fulfilled - so if one setting isn't set/cleared there is an inconsistency either way - if eg email.email is not avail, admin console cannot open user info - but user can login and assurer can display user info - if user verified is not set to 1, admin console displays user record - but user cannot login, but assurer can search for the user and the data displays + 1. email.hash = '' Yes No No + 2. email.deleted = 0 Yes No No + 3. users.deleted = 0 Yes Yes Yes + 4. users.verified = 1 No Yes No + 5. users.locked = 0 No Yes No + 6. users.email = prim-email No Yes Yes + 7. email.email = prim-email Yes No No - consistency check: - 1. search primary-email in users.email - 2. search primary-email in email.email - 3. userid = email.memid - 4. check settings from table 1. - 5. + full usable account needs all 7 requirements fulfilled + so if one setting isn't set/cleared there is an inconsistency either way + if eg email.email is not avail, admin console cannot open user info + but user can login and assurer can display user info + if user verified is not set to 1, admin console displays user record + but user cannot login, but assurer can search for the user and the data displays - */ + consistency check: + 1. search primary-email in users.email + 2. search primary-email in email.email + 3. userid = email.memid + 4. check settings from table 1. - 5. - $inconsistency = 0; - $inconsistencydisp = ""; - $inccause = ""; + */ - // current userid intval($row['id']) - $query = "select `email` as `uemail`, `deleted` as `udeleted`, `verified`, `locked` - from `users` where `id`='".intval($row['id'])."' "; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $uemail = $drow['uemail']; - $udeleted = $drow['udeleted']; - $uverified = $drow['verified']; - $ulocked = $drow['locked']; + $inconsistency = 0; + $inconsistencydisp = ""; + $inccause = ""; - $query = "select `hash`, `email` as `eemail` from `email` - where `memid`='".intval($row['id'])."' and - `email` ='".$uemail."' and - `deleted` = 0"; - $dres = mysql_query($query); - if ($drow = mysql_fetch_assoc($dres)) { - $drow['edeleted'] = 0; - } else { - // try if there are deleted entries - $query = "select `hash`, `deleted` as `edeleted`, `email` as `eemail` from `email` - where `memid`='".intval($row['id'])."' and - `email` ='".$uemail."'"; + // current userid intval($row['id']) + $query = "select `email` as `uemail`, `deleted` as `udeleted`, `verified`, `locked` + from `users` where `id`='".intval($row['id'])."' "; $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); - } + $uemail = $drow['uemail']; + $udeleted = $drow['udeleted']; + $uverified = $drow['verified']; + $ulocked = $drow['locked']; - if ($drow) { - $eemail = $drow['eemail']; - $edeleted = $drow['edeleted']; - $ehash = $drow['hash']; - if ($udeleted!=0) { - $inconsistency += 1; - $inccause .= (empty($inccause)?"":"<br>")._("Users record set to deleted"); - } - if ($uverified!=1) { - $inconsistency += 2; - $inccause .= (empty($inccause)?"":"<br>")._("Users record verified not set"); - } - if ($ulocked!=0) { - $inconsistency += 4; - $inccause .= (empty($inccause)?"":"<br>")._("Users record locked set"); + $query = "select `hash`, `email` as `eemail` from `email` + where `memid`='".intval($row['id'])."' and + `email` ='".$uemail."' and + `deleted` = 0"; + $dres = mysql_query($query); + if ($drow = mysql_fetch_assoc($dres)) { + $drow['edeleted'] = 0; + } else { + // try if there are deleted entries + $query = "select `hash`, `deleted` as `edeleted`, `email` as `eemail` from `email` + where `memid`='".intval($row['id'])."' and + `email` ='".$uemail."'"; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); } - if ($edeleted!=0) { - $inconsistency += 8; - $inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted"); + + if ($drow) { + $eemail = $drow['eemail']; + $edeleted = $drow['edeleted']; + $ehash = $drow['hash']; + if ($udeleted!=0) { + $inconsistency += 1; + $inccause .= (empty($inccause)?"":"<br>")._("Users record set to deleted"); + } + if ($uverified!=1) { + $inconsistency += 2; + $inccause .= (empty($inccause)?"":"<br>")._("Users record verified not set"); + } + if ($ulocked!=0) { + $inconsistency += 4; + $inccause .= (empty($inccause)?"":"<br>")._("Users record locked set"); + } + if ($edeleted!=0) { + $inconsistency += 8; + $inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted"); + } + if ($ehash!='') { + $inconsistency += 16; + $inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset"); + } + } else { + $inconsistency = 32; + $inccause = _("Prim. email, Email record doesn't exist"); } - if ($ehash!='') { - $inconsistency += 16; - $inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset"); + if ($inconsistency>0) { + // $inconsistencydisp = _("Yes"); + ?> + <tr> + <td class="DataTD"><?=_("Account inconsistency")?>:</td> + <td class="DataTD"><?=$inccause?><br>code: <?=$inconsistency?></td> + </tr> + <tr> + <td colspan="2" class="DataTD" style="max-width: 75ex;"> + <?=_("Account inconsistency can cause problems in daily account operations and needs to be fixed manually through arbitration/critical team.")?> + </td> + </tr> + <? } - } else { - $inconsistency = 32; - $inccause = _("Prim. email, Email record doesn't exist"); - } - if ($inconsistency>0) { - // $inconsistencydisp = _("Yes"); -?> - <tr> - <td class="DataTD"><?=_("Account inconsistency")?>:</td> - <td class="DataTD"><?=$inccause?><br>code: <?=$inconsistency?></td> - </tr> - <tr> - <td colspan="2" class="DataTD" style="max-width: 75ex;"> - <?=_("Account inconsistency can cause problems in daily account operations and needs to be fixed manually through arbitration/critical team.")?> - </td> - </tr> -<? - } - - // --- bug-975 end --- -?> -</table> -<br /> -<? -// End - Debug infos - -// certificate overview -?> -<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="6" class="title"><?=_("Certificates")?></td> - </tr> - <tr> - <td class="DataTD"><?=_("Cert Type")?>:</td> - <td class="DataTD"><?=_("Total")?></td> - <td class="DataTD"><?=_("Valid")?></td> - <td class="DataTD"><?=_("Expired")?></td> - <td class="DataTD"><?=_("Revoked")?></td> - <td class="DataTD"><?=_("Latest Expire")?></td> - </tr> - <!-- server certificates --> - <tr> - <td class="DataTD"><?=_("Server")?>:</td> -<? - $query = " - select COUNT(*) as `total`, - MAX(`domaincerts`.`expire`) as `maxexpire` - from `domains` inner join `domaincerts` - on `domains`.`id` = `domaincerts`.`domid` - where `domains`.`memid` = '".intval($row['id'])."' - "; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $total = $drow['total']; + // --- bug-975 end --- + ?> + </table> + <br /> + <? + // End - Debug infos - $maxexpire = "0000-00-00 00:00:00"; - if ($drow['maxexpire']) { - $maxexpire = $drow['maxexpire']; - } + // certificate overview + ?> - if($total > 0) { + <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="6" class="title"><?=_("Certificates")?></td> + </tr> + <tr> + <td class="DataTD"><?=_("Cert Type")?>:</td> + <td class="DataTD"><?=_("Total")?></td> + <td class="DataTD"><?=_("Valid")?></td> + <td class="DataTD"><?=_("Expired")?></td> + <td class="DataTD"><?=_("Revoked")?></td> + <td class="DataTD"><?=_("Latest Expire")?></td> + </tr> + <!-- server certificates --> + <tr> + <td class="DataTD"><?=_("Server")?>:</td> + <? $query = " - select COUNT(*) as `valid` + select COUNT(*) as `total`, + MAX(`domaincerts`.`expire`) as `maxexpire` from `domains` inner join `domaincerts` on `domains`.`id` = `domaincerts`.`domid` where `domains`.`memid` = '".intval($row['id'])."' - and `revoked` = '0000-00-00 00:00:00' - and `expire` > NOW() "; $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); - $valid = $drow['valid']; + $total = $drow['total']; - $query = " - select COUNT(*) as `expired` - from `domains` inner join `domaincerts` - on `domains`.`id` = `domaincerts`.`domid` - where `domains`.`memid` = '".intval($row['id'])."' - and `expire` <= NOW() - "; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $expired = $drow['expired']; + $maxexpire = "0000-00-00 00:00:00"; + if ($drow['maxexpire']) { + $maxexpire = $drow['maxexpire']; + } - $query = " - select COUNT(*) as `revoked` - from `domains` inner join `domaincerts` - on `domains`.`id` = `domaincerts`.`domid` - where `domains`.`memid` = '".intval($row['id'])."' - and `revoked` != '0000-00-00 00:00:00' - "; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $revoked = $drow['revoked']; -?> - <td class="DataTD"><?=intval($total)?></td> - <td class="DataTD"><?=intval($valid)?></td> - <td class="DataTD"><?=intval($expired)?></td> - <td class="DataTD"><?=intval($revoked)?></td> - <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td> -<? - } else { // $total > 0 -?> - <td colspan="5" class="DataTD"><?=_("None")?></td> -<? - } -?> - </tr> - <!-- client certificates --> - <tr> - <td class="DataTD"><?=_("Client")?>:</td> -<? - $query = " - select COUNT(*) as `total`, MAX(`expire`) as `maxexpire` - from `emailcerts` - where `memid` = '".intval($row['id'])."' - "; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $total = $drow['total']; + if($total > 0) { + $query = " + select COUNT(*) as `valid` + from `domains` inner join `domaincerts` + on `domains`.`id` = `domaincerts`.`domid` + where `domains`.`memid` = '".intval($row['id'])."' + and `revoked` = '0000-00-00 00:00:00' + and `expire` > NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $valid = $drow['valid']; - $maxexpire = "0000-00-00 00:00:00"; - if ($drow['maxexpire']) { - $maxexpire = $drow['maxexpire']; - } + $query = " + select COUNT(*) as `expired` + from `domains` inner join `domaincerts` + on `domains`.`id` = `domaincerts`.`domid` + where `domains`.`memid` = '".intval($row['id'])."' + and `expire` <= NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $expired = $drow['expired']; - if($total > 0) { + $query = " + select COUNT(*) as `revoked` + from `domains` inner join `domaincerts` + on `domains`.`id` = `domaincerts`.`domid` + where `domains`.`memid` = '".intval($row['id'])."' + and `revoked` != '0000-00-00 00:00:00' + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $revoked = $drow['revoked']; + ?> + <td class="DataTD"><?=intval($total)?></td> + <td class="DataTD"><?=intval($valid)?></td> + <td class="DataTD"><?=intval($expired)?></td> + <td class="DataTD"><?=intval($revoked)?></td> + <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td> + <? + } else { // $total > 0 + ?> + <td colspan="5" class="DataTD"><?=_("None")?></td> + <? + } + ?> + </tr> + <!-- client certificates --> + <tr> + <td class="DataTD"><?=_("Client")?>:</td> + <? $query = " - select COUNT(*) as `valid` + select COUNT(*) as `total`, MAX(`expire`) as `maxexpire` from `emailcerts` where `memid` = '".intval($row['id'])."' - and `revoked` = '0000-00-00 00:00:00' - and `expire` > NOW() "; $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); - $valid = $drow['valid']; + $total = $drow['total']; - $query = " - select COUNT(*) as `expired` - from `emailcerts` - where `memid` = '".intval($row['id'])."' - and `expire` <= NOW() - "; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $expired = $drow['expired']; + $maxexpire = "0000-00-00 00:00:00"; + if ($drow['maxexpire']) { + $maxexpire = $drow['maxexpire']; + } - $query = " - select COUNT(*) as `revoked` - from `emailcerts` - where `memid` = '".intval($row['id'])."' - and `revoked` != '0000-00-00 00:00:00' - "; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $revoked = $drow['revoked']; -?> - <td class="DataTD"><?=intval($total)?></td> - <td class="DataTD"><?=intval($valid)?></td> - <td class="DataTD"><?=intval($expired)?></td> - <td class="DataTD"><?=intval($revoked)?></td> - <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td> -<? - } else { // $total > 0 -?> - <td colspan="5" class="DataTD"><?=_("None")?></td> -<? - } -?> - </tr> - <!-- gpg certificates --> - <tr> - <td class="DataTD"><?=_("GPG")?>:</td> -<? - $query = " - select COUNT(*) as `total`, MAX(`expire`) as `maxexpire` - from `gpg` - where `memid` = '".intval($row['id'])."' - "; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $total = $drow['total']; + if($total > 0) { + $query = " + select COUNT(*) as `valid` + from `emailcerts` + where `memid` = '".intval($row['id'])."' + and `revoked` = '0000-00-00 00:00:00' + and `expire` > NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $valid = $drow['valid']; - $maxexpire = "0000-00-00 00:00:00"; - if ($drow['maxexpire']) { - $maxexpire = $drow['maxexpire']; - } + $query = " + select COUNT(*) as `expired` + from `emailcerts` + where `memid` = '".intval($row['id'])."' + and `expire` <= NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $expired = $drow['expired']; - if($total > 0) { + $query = " + select COUNT(*) as `revoked` + from `emailcerts` + where `memid` = '".intval($row['id'])."' + and `revoked` != '0000-00-00 00:00:00' + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $revoked = $drow['revoked']; + ?> + <td class="DataTD"><?=intval($total)?></td> + <td class="DataTD"><?=intval($valid)?></td> + <td class="DataTD"><?=intval($expired)?></td> + <td class="DataTD"><?=intval($revoked)?></td> + <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td> + <? + } else { // $total > 0 + ?> + <td colspan="5" class="DataTD"><?=_("None")?></td> + <? + } + ?> + </tr> + <!-- gpg certificates --> + <tr> + <td class="DataTD"><?=_("GPG")?>:</td> + <? $query = " - select COUNT(*) as `valid` + select COUNT(*) as `total`, MAX(`expire`) as `maxexpire` from `gpg` where `memid` = '".intval($row['id'])."' - and `expire` > NOW() "; $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); - $valid = $drow['valid']; + $total = $drow['total']; - $query = " - select COUNT(*) as `expired` - from `gpg` - where `memid` = '".intval($row['id'])."' - and `expire` <= NOW() - "; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $expired = $drow['expired']; -?> - <td class="DataTD"><?=intval($total)?></td> - <td class="DataTD"><?=intval($valid)?></td> - <td class="DataTD"><?=intval($expired)?></td> - <td class="DataTD"></td> - <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td> -<? - } else { // $total > 0 -?> - <td colspan="5" class="DataTD"><?=_("None")?></td> -<? - } -?> - </tr> - <!-- org server certificates --> - <tr> - <td class="DataTD"><a href="account.php?id=58&userid=<?=intval($row['id'])?>"><?=_("Org Server")?></a>:</td> -<? - $query = " - select COUNT(*) as `total`, - MAX(`orgcerts`.`expire`) as `maxexpire` - from `orgdomaincerts` as `orgcerts` inner join `org` - on `orgcerts`.`orgid` = `org`.`orgid` - where `org`.`memid` = '".intval($row['id'])."' - "; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $total = $drow['total']; + $maxexpire = "0000-00-00 00:00:00"; + if ($drow['maxexpire']) { + $maxexpire = $drow['maxexpire']; + } - $maxexpire = "0000-00-00 00:00:00"; - if ($drow['maxexpire']) { - $maxexpire = $drow['maxexpire']; - } + if($total > 0) { + $query = " + select COUNT(*) as `valid` + from `gpg` + where `memid` = '".intval($row['id'])."' + and `expire` > NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $valid = $drow['valid']; - if($total > 0) { + $query = " + select COUNT(*) as `expired` + from `gpg` + where `memid` = '".intval($row['id'])."' + and `expire` <= NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $expired = $drow['expired']; + ?> + <td class="DataTD"><?=intval($total)?></td> + <td class="DataTD"><?=intval($valid)?></td> + <td class="DataTD"><?=intval($expired)?></td> + <td class="DataTD"></td> + <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td> + <? + } else { // $total > 0 + ?> + <td colspan="5" class="DataTD"><?=_("None")?></td> + <? + } + ?> + </tr> + <!-- org server certificates --> + <tr> + <td class="DataTD"><a href="account.php?id=58&userid=<?=intval($row['id'])?>"><?=_("Org Server")?></a>:</td> + <? $query = " - select COUNT(*) as `valid` + select COUNT(*) as `total`, + MAX(`orgcerts`.`expire`) as `maxexpire` from `orgdomaincerts` as `orgcerts` inner join `org` on `orgcerts`.`orgid` = `org`.`orgid` where `org`.`memid` = '".intval($row['id'])."' - and `orgcerts`.`revoked` = '0000-00-00 00:00:00' - and `orgcerts`.`expire` > NOW() "; $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); - $valid = $drow['valid']; + $total = $drow['total']; - $query = " - select COUNT(*) as `expired` - from `orgdomaincerts` as `orgcerts` inner join `org` - on `orgcerts`.`orgid` = `org`.`orgid` - where `org`.`memid` = '".intval($row['id'])."' - and `orgcerts`.`expire` <= NOW() - "; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $expired = $drow['expired']; + $maxexpire = "0000-00-00 00:00:00"; + if ($drow['maxexpire']) { + $maxexpire = $drow['maxexpire']; + } - $query = " - select COUNT(*) as `revoked` - from `orgdomaincerts` as `orgcerts` inner join `org` - on `orgcerts`.`orgid` = `org`.`orgid` - where `org`.`memid` = '".intval($row['id'])."' - and `orgcerts`.`revoked` != '0000-00-00 00:00:00' - "; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $revoked = $drow['revoked']; -?> - <td class="DataTD"><?=intval($total)?></td> - <td class="DataTD"><?=intval($valid)?></td> - <td class="DataTD"><?=intval($expired)?></td> - <td class="DataTD"><?=intval($revoked)?></td> - <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td> -<? - } else { // $total > 0 -?> - <td colspan="5" class="DataTD"><?=_("None")?></td> -<? - } -?> - </tr> - <!-- org client certificates --> - <tr> - <td class="DataTD"><?=_("Org Client")?>:</td> -<? - $query = " - select COUNT(*) as `total`, - MAX(`orgcerts`.`expire`) as `maxexpire` - from `orgemailcerts` as `orgcerts` inner join `org` - on `orgcerts`.`orgid` = `org`.`orgid` - where `org`.`memid` = '".intval($row['id'])."' - "; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $total = $drow['total']; + if($total > 0) { + $query = " + select COUNT(*) as `valid` + from `orgdomaincerts` as `orgcerts` inner join `org` + on `orgcerts`.`orgid` = `org`.`orgid` + where `org`.`memid` = '".intval($row['id'])."' + and `orgcerts`.`revoked` = '0000-00-00 00:00:00' + and `orgcerts`.`expire` > NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $valid = $drow['valid']; - $maxexpire = "0000-00-00 00:00:00"; - if ($drow['maxexpire']) { - $maxexpire = $drow['maxexpire']; - } + $query = " + select COUNT(*) as `expired` + from `orgdomaincerts` as `orgcerts` inner join `org` + on `orgcerts`.`orgid` = `org`.`orgid` + where `org`.`memid` = '".intval($row['id'])."' + and `orgcerts`.`expire` <= NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $expired = $drow['expired']; - if($total > 0) { + $query = " + select COUNT(*) as `revoked` + from `orgdomaincerts` as `orgcerts` inner join `org` + on `orgcerts`.`orgid` = `org`.`orgid` + where `org`.`memid` = '".intval($row['id'])."' + and `orgcerts`.`revoked` != '0000-00-00 00:00:00' + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $revoked = $drow['revoked']; + ?> + <td class="DataTD"><?=intval($total)?></td> + <td class="DataTD"><?=intval($valid)?></td> + <td class="DataTD"><?=intval($expired)?></td> + <td class="DataTD"><?=intval($revoked)?></td> + <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td> + <? + } else { // $total > 0 + ?> + <td colspan="5" class="DataTD"><?=_("None")?></td> + <? + } + ?> + </tr> + <!-- org client certificates --> + <tr> + <td class="DataTD"><?=_("Org Client")?>:</td> + <? $query = " - select COUNT(*) as `valid` + select COUNT(*) as `total`, + MAX(`orgcerts`.`expire`) as `maxexpire` from `orgemailcerts` as `orgcerts` inner join `org` on `orgcerts`.`orgid` = `org`.`orgid` where `org`.`memid` = '".intval($row['id'])."' - and `orgcerts`.`revoked` = '0000-00-00 00:00:00' - and `orgcerts`.`expire` > NOW() "; $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); - $valid = $drow['valid']; + $total = $drow['total']; - $query = " - select COUNT(*) as `expired` - from `orgemailcerts` as `orgcerts` inner join `org` - on `orgcerts`.`orgid` = `org`.`orgid` - where `org`.`memid` = '".intval($row['id'])."' - and `orgcerts`.`expire` <= NOW() - "; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $expired = $drow['expired']; + $maxexpire = "0000-00-00 00:00:00"; + if ($drow['maxexpire']) { + $maxexpire = $drow['maxexpire']; + } - $query = " - select COUNT(*) as `revoked` - from `orgemailcerts` as `orgcerts` inner join `org` - on `orgcerts`.`orgid` = `org`.`orgid` - where `org`.`memid` = '".intval($row['id'])."' - and `orgcerts`.`revoked` != '0000-00-00 00:00:00' - "; - $dres = mysql_query($query); - $drow = mysql_fetch_assoc($dres); - $revoked = $drow['revoked']; -?> - <td class="DataTD"><?=intval($total)?></td> - <td class="DataTD"><?=intval($valid)?></td> - <td class="DataTD"><?=intval($expired)?></td> - <td class="DataTD"><?=intval($revoked)?></td> - <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td> -<? - } else { // $total > 0 -?> - <td colspan="5" class="DataTD"><?=_("None")?></td> -<? - } -?> - </tr> - <tr> - <td colspan="6" class="title"> - <form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to revoke all private certificates?")?>')) return false;"> - <input type="hidden" name="action" value="revokecert"> - <input type="hidden" name="oldid" value="43"> - <input type="hidden" name="userid" value="<?=intval($userid)?>"> - <input type="submit" value="<?=_('revoke certificates')?>"> - </form> - </td> - </tr> -</table> -<br /> -<? // list assurances ?> -<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td class="DataTD"> - <a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredto"><?=_("Show Assurances the user got")?></a> - (<a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredto15"><?=_("New calculation")?></a>) - </td> - </tr> - <tr> - <td class="DataTD"> - <a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredby"><?=_("Show Assurances the user gave")?></a> - (<a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredby15"><?=_("New calculation")?></a>) - </td> - </tr> -</table> -<? -// if(array_key_exists('assuredto',$_GET) && $_GET['assuredto'] == "yes") { + if($total > 0) { + $query = " + select COUNT(*) as `valid` + from `orgemailcerts` as `orgcerts` inner join `org` + on `orgcerts`.`orgid` = `org`.`orgid` + where `org`.`memid` = '".intval($row['id'])."' + and `orgcerts`.`revoked` = '0000-00-00 00:00:00' + and `orgcerts`.`expire` > NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $valid = $drow['valid']; -function showassuredto() -{ -?> -<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="8" class="title"><?=_("Assurance Points")?></td> - </tr> - <tr> - <td class="DataTD"><b><?=_("ID")?></b></td> - <td class="DataTD"><b><?=_("Date")?></b></td> - <td class="DataTD"><b><?=_("Who")?></b></td> - <td class="DataTD"><b><?=_("Email")?></b></td> - <td class="DataTD"><b><?=_("Points")?></b></td> - <td class="DataTD"><b><?=_("Location")?></b></td> - <td class="DataTD"><b><?=_("Method")?></b></td> - <td class="DataTD"><b><?=_("Revoke")?></b></td> - </tr> -<? - $query = "select * from `notary` where `to`='".intval($_GET['userid'])."' and `deleted` = 0"; - $dres = mysql_query($query); - $points = 0; - while($drow = mysql_fetch_assoc($dres)) { - $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['from'])."'")); - $points += $drow['points']; -?> - <tr> - <td class="DataTD"><?=$drow['id']?></td> - <td class="DataTD"><?=sanitizeHTML($drow['date'])?></td> - <td class="DataTD"><a href="wot.php?id=9&userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['fname'])." ".sanitizeHTML($fromuser['lname'])?></td> - <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td> - <td class="DataTD"><?=intval($drow['points'])?></td> - <td class="DataTD"><?=sanitizeHTML($drow['location'])?></td> - <td class="DataTD"><?=sanitizeHTML($drow['method'])?></td> - <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['to'])?>&assurance=<?=intval($drow['id'])?>&csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID "%s"?"),$drow['id'])?>');"><?=_("Revoke")?></a></td> - </tr> -<? - } -?> - <tr> - <td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td> - <td class="DataTD"><?=$points?></td> - <td class="DataTD" colspan="3"> </td> - </tr> -</table> -<? -} + $query = " + select COUNT(*) as `expired` + from `orgemailcerts` as `orgcerts` inner join `org` + on `orgcerts`.`orgid` = `org`.`orgid` + where `org`.`memid` = '".intval($row['id'])."' + and `orgcerts`.`expire` <= NOW() + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $expired = $drow['expired']; -function showassuredby() -{ -?> -<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> - <tr> - <td colspan="8" class="title"><?=_("Assurance Points The User Issued")?></td> - </tr> - <tr> - <td class="DataTD"><b><?=_("ID")?></b></td> - <td class="DataTD"><b><?=_("Date")?></b></td> - <td class="DataTD"><b><?=_("Who")?></b></td> - <td class="DataTD"><b><?=_("Email")?></b></td> - <td class="DataTD"><b><?=_("Points")?></b></td> - <td class="DataTD"><b><?=_("Location")?></b></td> - <td class="DataTD"><b><?=_("Method")?></b></td> - <td class="DataTD"><b><?=_("Revoke")?></b></td> - </tr> -<? - $query = "select * from `notary` where `from`='".intval($_GET['userid'])."' and `deleted` = 0"; - $dres = mysql_query($query); - $points = 0; - while($drow = mysql_fetch_assoc($dres)) { - $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$drow['to']."'")); - $points += $drow['points']; -?> - <tr> - <td class="DataTD"><?=$drow['id']?></td> - <td class="DataTD"><?=$drow['date']?></td> - <td class="DataTD"><a href="wot.php?id=9&userid=<?=$drow['to']?>"><?=$fromuser['fname']." ".$fromuser['lname']?></td> - <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['to'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td> - <td class="DataTD"><?=$drow['points']?></td> - <td class="DataTD"><?=$drow['location']?></td> - <td class="DataTD"><?=$drow['method']?></td> - <td class="DataTD"><a href="account.php?id=43&userid=<?=$drow['from']?>&assurance=<?=$drow['id']?>&csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID "%s"?"),$drow['id'])?>');"><?=_("Revoke")?></a></td> - </tr> -<? + $query = " + select COUNT(*) as `revoked` + from `orgemailcerts` as `orgcerts` inner join `org` + on `orgcerts`.`orgid` = `org`.`orgid` + where `org`.`memid` = '".intval($row['id'])."' + and `orgcerts`.`revoked` != '0000-00-00 00:00:00' + "; + $dres = mysql_query($query); + $drow = mysql_fetch_assoc($dres); + $revoked = $drow['revoked']; + ?> + <td class="DataTD"><?=intval($total)?></td> + <td class="DataTD"><?=intval($valid)?></td> + <td class="DataTD"><?=intval($expired)?></td> + <td class="DataTD"><?=intval($revoked)?></td> + <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td> + <? + } else { // $total > 0 + ?> + <td colspan="5" class="DataTD"><?=_("None")?></td> + <? + } + ?> + </tr> + <tr> + <td colspan="6" class="title"> + <form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to revoke all private certificates?")?>')) return false;"> + <input type="hidden" name="action" value="revokecert"> + <input type="hidden" name="oldid" value="43"> + <input type="hidden" name="userid" value="<?=intval($userid)?>"> + <input type="submit" value="<?=_('revoke certificates')?>"> + </form> + </td> + </tr> + </table> + <br /> + <? // list assurances ?> + <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td class="DataTD"> + <a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredto"><?=_("Show Assurances the user got")?></a> + (<a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredto15"><?=_("New calculation")?></a>) + </td> + </tr> + <tr> + <td class="DataTD"> + <a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredby"><?=_("Show Assurances the user gave")?></a> + (<a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredby15"><?=_("New calculation")?></a>) + </td> + </tr> + </table> + <? + // if(array_key_exists('assuredto',$_GET) && $_GET['assuredto'] == "yes") { + + function showassuredto() + { + ?> + <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="8" class="title"><?=_("Assurance Points")?></td> + </tr> + <tr> + <td class="DataTD"><b><?=_("ID")?></b></td> + <td class="DataTD"><b><?=_("Date")?></b></td> + <td class="DataTD"><b><?=_("Who")?></b></td> + <td class="DataTD"><b><?=_("Email")?></b></td> + <td class="DataTD"><b><?=_("Points")?></b></td> + <td class="DataTD"><b><?=_("Location")?></b></td> + <td class="DataTD"><b><?=_("Method")?></b></td> + <td class="DataTD"><b><?=_("Revoke")?></b></td> + </tr> + <? + $query = "select * from `notary` where `to`='".intval($_GET['userid'])."' and `deleted` = 0"; + $dres = mysql_query($query); + $points = 0; + while($drow = mysql_fetch_assoc($dres)) { + $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['from'])."'")); + $points += $drow['points']; + ?> + <tr> + <td class="DataTD"><?=$drow['id']?></td> + <td class="DataTD"><?=sanitizeHTML($drow['date'])?></td> + <td class="DataTD"><a href="wot.php?id=9&userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['fname'])." ".sanitizeHTML($fromuser['lname'])?></td> + <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td> + <td class="DataTD"><?=intval($drow['points'])?></td> + <td class="DataTD"><?=sanitizeHTML($drow['location'])?></td> + <td class="DataTD"><?=sanitizeHTML($drow['method'])?></td> + <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['to'])?>&assurance=<?=intval($drow['id'])?>&csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID "%s"?"),$drow['id'])?>');"><?=_("Revoke")?></a></td> + </tr> + <? + } + ?> + <tr> + <td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td> + <td class="DataTD"><?=$points?></td> + <td class="DataTD" colspan="3"> </td> + </tr> + </table> + <? } -?> - <tr> - <td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td> - <td class="DataTD"><?=$points?></td> - <td class="DataTD" colspan="3"> </td> - </tr> -</table> - <?} ?> + + function showassuredby() + { + ?> + <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> + <tr> + <td colspan="8" class="title"><?=_("Assurance Points The User Issued")?></td> + </tr> + <tr> + <td class="DataTD"><b><?=_("ID")?></b></td> + <td class="DataTD"><b><?=_("Date")?></b></td> + <td class="DataTD"><b><?=_("Who")?></b></td> + <td class="DataTD"><b><?=_("Email")?></b></td> + <td class="DataTD"><b><?=_("Points")?></b></td> + <td class="DataTD"><b><?=_("Location")?></b></td> + <td class="DataTD"><b><?=_("Method")?></b></td> + <td class="DataTD"><b><?=_("Revoke")?></b></td> + </tr> + <? + $query = "select * from `notary` where `from`='".intval($_GET['userid'])."' and `deleted` = 0"; + $dres = mysql_query($query); + $points = 0; + while($drow = mysql_fetch_assoc($dres)) { + $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$drow['to']."'")); + $points += $drow['points']; + ?> + <tr> + <td class="DataTD"><?=$drow['id']?></td> + <td class="DataTD"><?=$drow['date']?></td> + <td class="DataTD"><a href="wot.php?id=9&userid=<?=$drow['to']?>"><?=$fromuser['fname']." ".$fromuser['lname']?></td> + <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['to'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td> + <td class="DataTD"><?=$drow['points']?></td> + <td class="DataTD"><?=$drow['location']?></td> + <td class="DataTD"><?=$drow['method']?></td> + <td class="DataTD"><a href="account.php?id=43&userid=<?=$drow['from']?>&assurance=<?=$drow['id']?>&csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID "%s"?"),$drow['id'])?>');"><?=_("Revoke")?></a></td> + </tr> + <? + } + ?> + <tr> + <td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td> + <td class="DataTD"><?=$points?></td> + <td class="DataTD" colspan="3"> </td> + </tr> + </table> + <?} ?> <br/><br/> <? } } |