summaryrefslogtreecommitdiff
path: root/www
diff options
context:
space:
mode:
authorINOPIAE <inopiae@cacert.org>2014-01-26 15:25:08 +0100
committerINOPIAE <inopiae@cacert.org>2014-01-26 15:25:08 +0100
commit461cb4fa36ea02a5e83a1c8af93c916c2bacecce (patch)
tree1a36b0a3e9956d70abe73a193c6f4b948e5c6068 /www
parent3213ce91971fd5976a1f31b0c24a822c01591911 (diff)
downloadcacert-devel-461cb4fa36ea02a5e83a1c8af93c916c2bacecce.tar.gz
cacert-devel-461cb4fa36ea02a5e83a1c8af93c916c2bacecce.tar.xz
cacert-devel-461cb4fa36ea02a5e83a1c8af93c916c2bacecce.zip
bug 1226: added dob to form assure someone wot/5.php, implemented check for dob match to account in not ttpadmin
Diffstat (limited to 'www')
-rw-r--r--www/wot.php13
1 files changed, 12 insertions, 1 deletions
diff --git a/www/wot.php b/www/wot.php
index 7200517..0ce23b4 100644
--- a/www/wot.php
+++ b/www/wot.php
@@ -198,6 +198,17 @@ function send_reminder()
show_page("EnterEmail","",_("User is not yet verified. Please try again in 24 hours!"));
exit;
}
+ if ($_SESSION['profile']['ttpadmin'] != 1) {
+ $_SESSION['assuresomeone']['year'] = mysql_real_escape_string(stripslashes($_POST['year']));
+ $_SESSION['assuresomeone']['month'] = mysql_real_escape_string(stripslashes($_POST['month']));
+ $_SESSION['assuresomeone']['day'] = mysql_real_escape_string(stripslashes($_POST['day']));
+ $dob = $_SESSION['assuresomeone']['year'] . '-' . sprintf('%02d',$_SESSION['assuresomeone']['month']) . '-' . sprintf('%02d', $_SESSION['assuresomeone']['day']);
+
+ if ( $_SESSION['_config']['notarise']['dob'] != $dob) {
+ show_page("EnterEmail","",_("The data entered is not matching with an account."));
+ exit;
+ }
+ }
}
$query = "select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' and `locked`=1";
$res = mysql_query($query);
@@ -236,7 +247,7 @@ function send_reminder()
if($oldid == 6)
{
-$iecho= "c";
+ $iecho= "c";
//date checks
if(trim($_REQUEST['date']) == '')
{