summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--includes/account.php83
-rw-r--r--pages/account/43.php43
-rw-r--r--www/styles/default.css13
3 files changed, 72 insertions, 67 deletions
diff --git a/includes/account.php b/includes/account.php
index a1dd059..ce1673a 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -2711,7 +2711,7 @@
$_SESSION['ticketno'] = $ticketno;
}
- if($oldid == 43 && $_REQUEST['action'] == "updatedob" && $ticketvalidation==TRUE)
+ if($oldid == 43 && $_REQUEST['action'] == "updatedob" && $ticketvalidation == TRUE)
{
$id = 43;
$oldid=0;
@@ -2726,8 +2726,10 @@
$query = "update `users` set `fname`='$fname',`mname`='$mname',`lname`='$lname',`suffix`='$suffix',`dob`='$year-$month-$day' where `id`='$userid'";
mysql_query($query);
write_se_log($userid, $_SESSION['profile']['id'],'SE Name/DOB Change',$ticketno);
- }else{
- $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
+ }elseif($oldid == 43 && $_REQUEST['action'] == "updatedob" && $ticketvalidation == FALSE){
+ $id = 43;
+ $oldid=0;
+ $_SESSION['ticketmsg']='No action (name/dob change) taken. Ticket number is missing!';
}
if($oldid == 43 && $_REQUEST['action'] == 'revokecert' && $ticketvalidation==TRUE)
@@ -2736,6 +2738,10 @@
revoke_all_private_cert($userid);
write_se_log($userid, $_SESSION['profile']['id'], 'SE Revoke all certificates',$ticketno);
$id=43;
+ }elseif($oldid == 43 && $_REQUEST['action'] == "revokecert" && $ticketvalidation == FALSE){
+ $id = 43;
+ $oldid=0;
+ $_SESSION['ticketmsg']='No certificates revokes. Ticket number is missing!';
}
if($oldid == 48 && $_REQUEST['domain'] == "")
@@ -2761,7 +2767,7 @@
$_REQUEST['email'] = $row['email'];
}
- if($oldid == 44 && $ticketvalidation==TRUE)
+ if($oldid == 44 && $ticketvalidation == TRUE)
{
showheader(_("My CAcert.org Account!"));
if(intval($_REQUEST['userid']) <= 0)
@@ -2785,7 +2791,7 @@
}
showfooter();
exit;
- }else{
+ }elseif($oldid == 44 && $ticketvalidation == FALSE){
$_SESSION['ticketmsg']='No password reset taken. Ticket number is missing!';
}
@@ -2895,7 +2901,7 @@
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
*/
- if($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0 && $ticketvalidation==TRUE)
+ if($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0 && $ticketvalidation == TRUE)
{
csrf_check('admsetassuret');
$memid = $_REQUEST['userid'] = intval($_REQUEST['assurer']);
@@ -2904,11 +2910,12 @@
$ver = !$row['assurer'];
mysql_query("update `users` set `assurer`='$ver' where `id`='$memid'");
write_se_log($memid, $_SESSION['profile']['id'],'SE Change assurer status',$ticketno);
- }else{
- $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
+ }elseif($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['assurer']);
+ $_SESSION['ticketmsg']='No action (Change assurer status) taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0 && $ticketvalidation==TRUE)
+ if($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0 && $ticketvalidation == TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['assurer_blocked']);
$query = "select * from `users` where `id`='$memid'";
@@ -2916,11 +2923,12 @@
$ver = !$row['assurer_blocked'];
mysql_query("update `users` set `assurer_blocked`='$ver' where `id`='$memid'");
write_se_log($memid, $_SESSION['profile']['id'],'SE Change assurer blocked status',$ticketno);
- }else{
+ }elseif($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['assurer_blocked']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('locked',$_REQUEST) && $_REQUEST['locked'] > 0 && $ticketvalidation==TRUE)
+ if($id == 43 && array_key_exists('locked',$_REQUEST) && $_REQUEST['locked'] > 0 && $ticketvalidation == TRUE)
{
csrf_check('admactlock');
$memid = $_REQUEST['userid'] = intval($_REQUEST['locked']);
@@ -2929,11 +2937,12 @@
$ver = !$row['locked'];
mysql_query("update `users` set `locked`='$ver' where `id`='$memid'");
write_se_log($memid, $_SESSION['profile']['id'],'SE Change locked status',$ticketno);
- }else{
+ }elseif($id == 43 && array_key_exists('locked',$_REQUEST) && $_REQUEST['locked'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['locked']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] > 0 && $ticketvalidation==TRUE)
+ if($id == 43 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] > 0 && $ticketvalidation == TRUE)
{
csrf_check('admcodesign');
$memid = $_REQUEST['userid'] = intval($_REQUEST['codesign']);
@@ -2942,11 +2951,12 @@
$ver = !$row['codesign'];
mysql_query("update `users` set `codesign`='$ver' where `id`='$memid'");
write_se_log($memid, $_SESSION['profile']['id'],'SE Change codesign status',$ticketno);
- }else{
+ }elseif($id == 43 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['codesign']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('orgadmin',$_REQUEST) && $_REQUEST['orgadmin'] > 0 && $ticketvalidation==TRUE)
+ if($id == 43 && array_key_exists('orgadmin',$_REQUEST) && $_REQUEST['orgadmin'] > 0 && $ticketvalidation == TRUE)
{
csrf_check('admorgadmin');
$memid = $_REQUEST['userid'] = intval($_REQUEST['orgadmin']);
@@ -2955,11 +2965,12 @@
$ver = !$row['orgadmin'];
mysql_query("update `users` set `orgadmin`='$ver' where `id`='$memid'");
write_se_log($memid, $_SESSION['profile']['id'],'SE Change org assuer status',$ticketno);
- }else{
+ }elseif($id == 43 && array_key_exists('orgadmin',$_REQUEST) && $_REQUEST['orgadmin'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['orgadmin']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('ttpadmin',$_REQUEST) && $_REQUEST['ttpadmin'] > 0 && $ticketvalidation==TRUE)
+ if($id == 43 && array_key_exists('ttpadmin',$_REQUEST) && $_REQUEST['ttpadmin'] > 0 && $ticketvalidation == TRUE)
{
csrf_check('admttpadmin');
$memid = $_REQUEST['userid'] = intval($_REQUEST['ttpadmin']);
@@ -2968,11 +2979,12 @@
$ver = !$row['ttpadmin'];
mysql_query("update `users` set `ttpadmin`='$ver' where `id`='$memid'");
write_se_log($memid, $_SESSION['profile']['id'],'SE Change ttp admin status',$ticketno);
- }else{
+ }elseif($id == 43 && array_key_exists('ttpadmin',$_REQUEST) && $_REQUEST['ttpadmin'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['ttpadmin']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('adadmin',$_REQUEST) && $_REQUEST['adadmin'] > 0 && $ticketvalidation==TRUE)
+ if($id == 43 && array_key_exists('adadmin',$_REQUEST) && $_REQUEST['adadmin'] > 0 && $ticketvalidation == TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['adadmin']);
$query = "select * from `users` where `id`='$memid'";
@@ -2982,11 +2994,12 @@
$ver = 0;
mysql_query("update `users` set `adadmin`='$ver' where `id`='$memid'");
write_se_log($memid, $_SESSION['profile']['id'],'SE Change advertising admin status',$ticketno);
- }else{
+ }elseif($id == 43 && array_key_exists('adadmin',$_REQUEST) && $_REQUEST['adadmin'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['adadmin']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('locadmin',$_REQUEST) && $_REQUEST['locadmin'] > 0 && $ticketvalidation==TRUE)
+ if($id == 43 && array_key_exists('locadmin',$_REQUEST) && $_REQUEST['locadmin'] > 0 && $ticketvalidation == TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['locadmin']);
$query = "select * from `users` where `id`='$memid'";
@@ -2994,11 +3007,12 @@
$ver = !$row['locadmin'];
mysql_query("update `users` set `locadmin`='$ver' where `id`='$memid'");
write_se_log($memid, $_SESSION['profile']['id'],'SE Change location admin status',$ticketno);
- }else{
+ }elseif($id == 43 && array_key_exists('locadmin',$_REQUEST) && $_REQUEST['locadmin'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['locadmin']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('admin',$_REQUEST) && $_REQUEST['admin'] > 0 && $ticketvalidation==TRUE)
+ if($id == 43 && array_key_exists('admin',$_REQUEST) && $_REQUEST['admin'] > 0 && $ticketvalidation == TRUE)
{
csrf_check('admsetadmin');
$memid = $_REQUEST['userid'] = intval($_REQUEST['admin']);
@@ -3007,11 +3021,12 @@
$ver = !$row['admin'];
mysql_query("update `users` set `admin`='$ver' where `id`='$memid'");
write_se_log($memid, $_SESSION['profile']['id'],'SE Change SE status',$ticketno);
- }else{
+ }elseif($id == 43 && array_key_exists('admin',$_REQUEST) && $_REQUEST['admin'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['admin']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('general',$_REQUEST) && $_REQUEST['general'] > 0 && $ticketvalidation==TRUE)
+ if($id == 43 && array_key_exists('general',$_REQUEST) && $_REQUEST['general'] > 0 && $ticketvalidation == TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['general']);
$query = "select * from `alerts` where `memid`='$memid'";
@@ -3019,11 +3034,12 @@
$ver = !$row['general'];
mysql_query("update `alerts` set `general`='$ver' where `memid`='$memid'");
write_se_log($memid, $_SESSION['profile']['id'],'SE Change general status',$ticketno);
- }else{
+ }elseif($id == 43 && array_key_exists('general',$_REQUEST) && $_REQUEST['general'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['general']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('country',$_REQUEST) && $_REQUEST['country'] > 0 && $ticketvalidation==TRUE)
+ if($id == 43 && array_key_exists('country',$_REQUEST) && $_REQUEST['country'] > 0 && $ticketvalidation == TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['country']);
$query = "select * from `alerts` where `memid`='$memid'";
@@ -3031,11 +3047,12 @@
$ver = !$row['country'];
mysql_query("update `alerts` set `country`='$ver' where `memid`='$memid'");
write_se_log($memid, $_SESSION['profile']['id'],'SE Change country status',$ticketno);
- }else{
+ }elseif($id == 43 && array_key_exists('country',$_REQUEST) && $_REQUEST['country'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['country']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('regional',$_REQUEST) && $_REQUEST['regional'] > 0 && $ticketvalidation==TRUE)
+ if($id == 43 && array_key_exists('regional',$_REQUEST) && $_REQUEST['regional'] > 0 && $ticketvalidation == TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['regional']);
$query = "select * from `alerts` where `memid`='$memid'";
@@ -3043,11 +3060,12 @@
$ver = !$row['regional'];
mysql_query("update `alerts` set `regional`='$ver' where `memid`='$memid'");
write_se_log($memid, $_SESSION['profile']['id'],'SE Change regional status',$ticketno);
- }else{
+ }elseif($id == 43 && array_key_exists('regional',$_REQUEST) && $_REQUEST['regional'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['regional']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('radius',$_REQUEST) && $_REQUEST['radius'] > 0 && $ticketvalidation==TRUE)
+ if($id == 43 && array_key_exists('radius',$_REQUEST) && $_REQUEST['radius'] > 0 && $ticketvalidation == TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['radius']);
$query = "select * from `alerts` where `memid`='$memid'";
@@ -3055,7 +3073,8 @@
$ver = !$row['radius'];
mysql_query("update `alerts` set `radius`='$ver' where `memid`='$memid'");
write_se_log($memid, $_SESSION['profile']['id'],'SE Change radius status',$ticketno);
- }else{
+ }elseif($id == 43 && array_key_exists('radius',$_REQUEST) && $_REQUEST['radius'] > 0 && $ticketvalidation == false){
+ $_REQUEST['userid'] = intval($_REQUEST['radius']);
$_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
diff --git a/pages/account/43.php b/pages/account/43.php
index 2c6156a..2c60226 100644
--- a/pages/account/43.php
+++ b/pages/account/43.php
@@ -21,24 +21,10 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$ticketno='';
$ticketvalidation=FALSE;
-//check if an assurance should be deleted
-if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0)
-{
- $assurance = mysql_real_escape_string(intval($_REQUEST['assurance']));
- $row = 0;
- $res = mysql_query("select `to` from `notary` where `id`='$assurance' and `deleted` = 0");
- if ($res) {
- $row = mysql_fetch_assoc($res);
- }
- mysql_query("update `notary` set `deleted`=NOW() where `id`='$assurance'");
- if ($row) {
- fix_assurer_flag($row['to']);
- }
-}
if (isset($_SESSION['ticketno'])) {
$ticketno = $_SESSION['ticketno'];
- $ticketvalidation = TRUE;
+ $ticketvalidation = valid_ticket_number($ticketno);
}
if (isset($_SESSION['ticketmsg'])) {
$ticketmsg = $_SESSION['ticketmsg'];
@@ -139,20 +125,20 @@ if(intval($_REQUEST['userid']) > 0) {
//display account data
//deletes an assurance
- if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0 && $ticketvalidation==true)
+ if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0 && $ticketvalidation == true)
{
$assurance = mysql_escape_string(intval($_REQUEST['assurance']));
- $row = 0;
+ $trow = 0;
$res = mysql_query("select `to` from `notary` where `id`='$assurance'");
if ($res) {
- $row = mysql_fetch_assoc($res);
+ $trow = mysql_fetch_assoc($res);
}
mysql_query("delete from `notary` where `id`='$assurance'");
- if ($row) {
- fix_assurer_flag($row['to']);
+ if ($trow) {
+ fix_assurer_flag($trow['to']);
write_se_log($userid, $_SESSION['profile']['id'], 'SE assurance revoke', $ticketno);
}
- } else {
+ } elseif(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0 && $ticketvalidation == FALSE) {
$ticketmsg=_('No assurance revoked. Ticket number is missing!');
}
@@ -169,7 +155,7 @@ if(intval($_REQUEST['userid']) > 0) {
<td class="DataTD"><input type="text" name="ticketno" value="<?=$ticketno?>"/></td>
</tr>
<tr>
- <td colspan="2" ><?=$ticketmsg?></td><?php $_SESSION['ticketmsg']='' ?>
+ <td colspan="2" class="DataTDError"><?=$ticketmsg?></td><?php $_SESSION['ticketmsg']='' ?>
</tr>
<tr>
<td colspan="2" ><input type="submit" value="<?=_('Set ticket number') ?>"></td>
@@ -402,19 +388,6 @@ if(intval($_REQUEST['userid']) > 0) {
</table>
<br/>
<?
- //ticket number to track SE log
- ?>
- <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td td colspan="5" class="title"><?=_("Ticket/Arbitration No, needs to be entered to apply any changes")?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_('Ticket/Arbitration No')?></td>
- <td class="DataTD"><input name="ticketno" /></td>
- </tr>
- </table>
- <br/>
- <?
//list secondary email addresses
$dres = get_email_address(intval($row['id']),mysql_real_escape_string($row['email']));
if(mysql_num_rows($dres) > 0) {
diff --git a/www/styles/default.css b/www/styles/default.css
index 424dcb8..a7f6f20 100644
--- a/www/styles/default.css
+++ b/www/styles/default.css
@@ -558,6 +558,19 @@ td.storyLeft {
border-right: 1px #cfcfcf solid;
}
+.DataTDError {
+ border-style: inset;
+ border-width: 1px;
+ font-size: 8pt;
+ color: #ff0000;
+ font-family: Arial, Tahoma, Verdana, Helvetica, sans-serif;
+
+ background: #ffffff;
+ padding: 1px 5px 1px 5px;
+ border: 1px #cfcfcf solid;
+ border-left: 1px #cfcfcf dotted;
+ border-right: 1px #cfcfcf dotted;
+}
.wrapper {
border-collapse: collapse;
font-family: verdana, sans-serif;