diff options
| -rw-r--r-- | www/disputes.php | 38 |
1 files changed, 36 insertions, 2 deletions
diff --git a/www/disputes.php b/www/disputes.php index 5b78c1e..96f117e 100644 --- a/www/disputes.php +++ b/www/disputes.php @@ -236,6 +236,23 @@ exit; } + //check if email belongs to locked account + $res = mysql_query("select 1 from `email`, `users` where `email`.`email`='$email' and `email`.`memid`=`users`.`id` and (`users`.`assurer_blocked`=1 or `users`.`locked`=1)"); + if(mysql_num_rows($res) > 0) + { + showheader(_("Email Dispute")); + printf(_("Sorry, the email address '%s' cannot be disputed for administrative reasons. To solve this problem please get in contact with %s."), sanitizeHTML($email),"<a href='mailto:support@cacert.org'>support@cacert.org</a>"); + + $body = "Someone has just attempted to dispute this email '".$email."', which belongs to a locked account:\n". + "Username(ID): ".$_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']."(".$_SESSION['profile']['id'].")\n". + "email: ".$_SESSION['profile']['email']."\n". + "IP/Hostname: ".$_SERVER['REMOTE_ADDR'].(array_key_exists('REMOTE_HOST',$_SERVER)?"/".$_SERVER['REMOTE_HOST']:"")."\n". + sendmail("support@cacert.org", "[CAcert.org] failed dispute on locked account", $body, $_SESSION['profile']['email'], "", "", $_SESSION['profile']['fname']); + + showfooter(); + exit; + } + $res = mysql_query("select * from `disputeemail` where `email`='$email' and hash!=''"); if(mysql_num_rows($res) > 0) { @@ -264,7 +281,7 @@ echo _("You aren't allowed to dispute your own email addresses. Can't continue."); showfooter(); exit; - } + } $res = mysql_query("select * from `users` where `id`='$oldmemid'"); $user = mysql_fetch_assoc($res); @@ -308,6 +325,23 @@ exit; } + //check if domain belongs to locked account + $res = mysql_query("select 1 from `domains`, `users` where `domains`.`domain`='$domain' and `domains`.`memid`=`users`.`id` and (`users`.`assurer_blocked`=1 or `users`.`locked`=1)"); + if(mysql_num_rows($res) > 0) + { + showheader(_("Domain Dispute")); + printf(_("Sorry, the domain '%s' cannot be disputed for administrative reasons. To solve this problem please get in contact with %s."), sanitizeHTML($domain),"<a href='mailto:support@cacert.org'>support@cacert.org</a>"); + + $body = "Someone has just attempted to dispute this domain '".$domain."', which belongs to a locked account:\n". + "Username(ID): ".$_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']."(".$_SESSION['profile']['id'].")\n". + "email: ".$_SESSION['profile']['email']."\n". + "IP/Hostname: ".$_SERVER['REMOTE_ADDR'].(array_key_exists('REMOTE_HOST',$_SERVER)?"/".$_SERVER['REMOTE_HOST']:"")."\n". + sendmail("support@cacert.org", "[CAcert.org] failed dispute on locked account", $body, $_SESSION['profile']['email'], "", "", $_SESSION['profile']['fname']); + + showfooter(); + exit; + } + $query = "select * from `disputedomain` where `domain`='$domain' and hash!=''"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) @@ -336,7 +370,7 @@ echo _("You aren't allowed to dispute your own domains. Can't continue."); showfooter(); exit; - } + } $domainid = $row['id']; $_SESSION['_config']['domainid'] = $domainid; |