summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--includes/account.php173
-rw-r--r--includes/general.php20
-rw-r--r--includes/loggedin.php4
-rw-r--r--includes/notary.inc.php856
-rw-r--r--pages/account/13.php3
-rw-r--r--pages/account/43.php1857
-rw-r--r--pages/account/44.php12
-rw-r--r--pages/account/59.php308
-rw-r--r--pages/wot/10.php8
-rw-r--r--www/index.php20
-rw-r--r--www/styles/default.css24
-rw-r--r--www/wot.php2
12 files changed, 2343 insertions, 944 deletions
diff --git a/includes/account.php b/includes/account.php
index 497bf58..6cfb44d 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -83,6 +83,9 @@ function buildSubjectFromSession() {
$orgid = array_key_exists('orgid',$_REQUEST) ? intval($_REQUEST['orgid']) : 0;
$memid = array_key_exists('memid',$_REQUEST) ? intval($_REQUEST['memid']) : 0;
$domid = array_key_exists('domid',$_REQUEST) ? intval($_REQUEST['domid']) : 0;
+ $ticketno = array_key_exists('ticketno',$_REQUEST) ? $_REQUEST['ticketno'] : "";
+ $ticketvalidation = FALSE;
+ $actionrequest = array_key_exists('action',$_REQUEST) ? $_REQUEST['action'] : "";
if(!$_SESSION['mconn'])
@@ -1263,7 +1266,7 @@ function buildSubjectFromSession() {
if($oldid == 13 && $process != "")
{
- $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
+ $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' and `deleted`=0 group by `to`";
$ddres = mysql_query($ddquery);
$ddrow = mysql_fetch_assoc($ddres);
$_SESSION['profile']['points'] = $ddrow['total'];
@@ -1335,7 +1338,7 @@ function buildSubjectFromSession() {
$_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."'"));
$_SESSION['profile']['loggedin'] = 1;
- $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
+ $ddquery = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' and `deleted`=0 group by `to`";
$ddres = mysql_query($ddquery);
$ddrow = mysql_fetch_assoc($ddres);
$_SESSION['profile']['points'] = $ddrow['total'];
@@ -2687,7 +2690,17 @@ function buildSubjectFromSession() {
$oldid=0;
}
- if($oldid == 43 && $_REQUEST['action'] == "updatedob")
+ //check if ticket number was entered
+ if ( $id == 43 || $oldid == 43 || $id == 44 || $oldid == 44 ) {
+ if ($ticketno != "" ) {
+ $ticketno = mysql_real_escape_string(trim($_REQUEST['ticketno']));
+ $ticketvalidation = valid_ticket_number($ticketno);
+ }
+
+ $_SESSION['ticketno'] = $ticketno;
+ }
+
+ if($oldid == 43 && $actionrequest == "updatedob" && $ticketvalidation == TRUE)
{
$id = 43;
$oldid=0;
@@ -2699,20 +2712,25 @@ function buildSubjectFromSession() {
$month = intval($_REQUEST['month']);
$year = intval($_REQUEST['year']);
$userid = intval($_REQUEST['userid']);
- $query = "select `fname`,`mname`,`lname`,`suffix`,`dob` from `users` where `id`='$userid'";
- $details = mysql_fetch_assoc(mysql_query($query));
- $query = "insert into `adminlog` set `when`=NOW(),`old-lname`='${details['lname']}',`old-dob`='${details['dob']}',
- `new-lname`='$lname',`new-dob`='$year-$month-$day',`uid`='$userid',`adminid`='".$_SESSION['profile']['id']."'";
- mysql_query($query);
$query = "update `users` set `fname`='$fname',`mname`='$mname',`lname`='$lname',`suffix`='$suffix',`dob`='$year-$month-$day' where `id`='$userid'";
mysql_query($query);
+ write_se_log($userid, $_SESSION['profile']['id'],'SE Name/DOB Change',$ticketno);
+ }elseif($oldid == 43 && $actionrequest == "updatedob" && $ticketvalidation == FALSE){
+ $id = 43;
+ $oldid=0;
+ $_SESSION['ticketmsg']='No action (name/dob change) taken. Ticket number is missing!';
}
- if($oldid == 43 && $_REQUEST['action'] == 'revokecert')
+ if($oldid == 43 && $actionrequest == 'revokecert' && $ticketvalidation == TRUE)
{
$userid = intval($_REQUEST['userid']);
revoke_all_private_cert($userid);
+ write_se_log($userid, $_SESSION['profile']['id'], 'SE Revoke all certificates',$ticketno);
$id=43;
+ }elseif($oldid == 43 && $actionrequest == "revokecert" && $ticketvalidation == FALSE){
+ $id = 43;
+ $oldid=0;
+ $_SESSION['ticketmsg']='No certificates revokes. Ticket number is missing!';
}
if($oldid == 48 && $_REQUEST['domain'] == "")
@@ -2729,7 +2747,7 @@ function buildSubjectFromSession() {
if($id == 44)
{
- if($_REQUEST['userid'] != "")
+ if(intval($_REQUEST['userid']) != "")
$_REQUEST['userid'] = intval($_REQUEST['userid']);
$row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
if($row['email'] == "")
@@ -2738,7 +2756,7 @@ function buildSubjectFromSession() {
$_REQUEST['email'] = $row['email'];
}
- if($oldid == 44)
+ if($oldid == 44 && $ticketvalidation == TRUE)
{
showheader(_("My CAcert.org Account!"));
if(intval($_REQUEST['userid']) <= 0)
@@ -2758,12 +2776,16 @@ function buildSubjectFromSession() {
sendmail($row['email'], "[CAcert.org] "._("Password Update Notification"), $body,
"support@cacert.org", "", "", "CAcert Support");
+ write_se_log(intval($_REQUEST['userid']), $_SESSION['profile']['id'],'SE reset password',$ticketno);
}
showfooter();
exit;
+ }elseif($oldid == 44 && $ticketvalidation == FALSE){
+ $_SESSION['ticketmsg']='No password reset taken. Ticket number is missing!';
}
+
if($process != "" && $oldid == 45)
{
$CSR = clean_csr($CSR);
@@ -2856,16 +2878,20 @@ function buildSubjectFromSession() {
}
}
- if($id == 43 && array_key_exists('tverify',$_REQUEST) && $_REQUEST['tverify'] > 0)
+ /* presently not needed
+ if($id == 43 && array_key_exists('tverify',$_REQUEST) && $_REQUEST['tverify'] > 0 && $ticketvalidation==TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['tverify']);
$query = "select * from `users` where `id`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['tverify'];
mysql_query("update `users` set `tverify`='$ver' where `id`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'SE Change tverify status',$ticketno);
+ }else{
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
-
- if($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0)
+ */
+ if($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0 && $ticketvalidation == TRUE)
{
csrf_check('admsetassuret');
$memid = $_REQUEST['userid'] = intval($_REQUEST['assurer']);
@@ -2873,18 +2899,26 @@ function buildSubjectFromSession() {
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['assurer'];
mysql_query("update `users` set `assurer`='$ver' where `id`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'SE Change assurer status',$ticketno);
+ }elseif($id == 43 && array_key_exists('assurer',$_REQUEST) && $_REQUEST['assurer'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['assurer']);
+ $_SESSION['ticketmsg']='No action (Change assurer status) taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0)
+ if($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0 && $ticketvalidation == TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['assurer_blocked']);
$query = "select * from `users` where `id`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['assurer_blocked'];
mysql_query("update `users` set `assurer_blocked`='$ver' where `id`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'SE Change assurer blocked status',$ticketno);
+ }elseif($id == 43 && array_key_exists('assurer_blocked',$_REQUEST) && $_REQUEST['assurer_blocked'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['assurer_blocked']);
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('locked',$_REQUEST) && $_REQUEST['locked'] > 0)
+ if($id == 43 && array_key_exists('locked',$_REQUEST) && $_REQUEST['locked'] > 0 && $ticketvalidation == TRUE)
{
csrf_check('admactlock');
$memid = $_REQUEST['userid'] = intval($_REQUEST['locked']);
@@ -2892,9 +2926,13 @@ function buildSubjectFromSession() {
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['locked'];
mysql_query("update `users` set `locked`='$ver' where `id`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'SE Change locked status',$ticketno);
+ }elseif($id == 43 && array_key_exists('locked',$_REQUEST) && $_REQUEST['locked'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['locked']);
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] > 0)
+ if($id == 43 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] > 0 && $ticketvalidation == TRUE)
{
csrf_check('admcodesign');
$memid = $_REQUEST['userid'] = intval($_REQUEST['codesign']);
@@ -2902,9 +2940,13 @@ function buildSubjectFromSession() {
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['codesign'];
mysql_query("update `users` set `codesign`='$ver' where `id`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'SE Change codesign status',$ticketno);
+ }elseif($id == 43 && array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['codesign']);
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('orgadmin',$_REQUEST) && $_REQUEST['orgadmin'] > 0)
+ if($id == 43 && array_key_exists('orgadmin',$_REQUEST) && $_REQUEST['orgadmin'] > 0 && $ticketvalidation == TRUE)
{
csrf_check('admorgadmin');
$memid = $_REQUEST['userid'] = intval($_REQUEST['orgadmin']);
@@ -2912,9 +2954,13 @@ function buildSubjectFromSession() {
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['orgadmin'];
mysql_query("update `users` set `orgadmin`='$ver' where `id`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'SE Change org assuer status',$ticketno);
+ }elseif($id == 43 && array_key_exists('orgadmin',$_REQUEST) && $_REQUEST['orgadmin'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['orgadmin']);
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('ttpadmin',$_REQUEST) && $_REQUEST['ttpadmin'] > 0)
+ if($id == 43 && array_key_exists('ttpadmin',$_REQUEST) && $_REQUEST['ttpadmin'] > 0 && $ticketvalidation == TRUE)
{
csrf_check('admttpadmin');
$memid = $_REQUEST['userid'] = intval($_REQUEST['ttpadmin']);
@@ -2922,9 +2968,13 @@ function buildSubjectFromSession() {
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['ttpadmin'];
mysql_query("update `users` set `ttpadmin`='$ver' where `id`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'SE Change ttp admin status',$ticketno);
+ }elseif($id == 43 && array_key_exists('ttpadmin',$_REQUEST) && $_REQUEST['ttpadmin'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['ttpadmin']);
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('adadmin',$_REQUEST) && $_REQUEST['adadmin'] > 0)
+ if($id == 43 && array_key_exists('adadmin',$_REQUEST) && $_REQUEST['adadmin'] > 0 && $ticketvalidation == TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['adadmin']);
$query = "select * from `users` where `id`='$memid'";
@@ -2933,18 +2983,26 @@ function buildSubjectFromSession() {
if($ver > 2)
$ver = 0;
mysql_query("update `users` set `adadmin`='$ver' where `id`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'SE Change advertising admin status',$ticketno);
+ }elseif($id == 43 && array_key_exists('adadmin',$_REQUEST) && $_REQUEST['adadmin'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['adadmin']);
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('locadmin',$_REQUEST) && $_REQUEST['locadmin'] > 0)
+ if($id == 43 && array_key_exists('locadmin',$_REQUEST) && $_REQUEST['locadmin'] > 0 && $ticketvalidation == TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['locadmin']);
$query = "select * from `users` where `id`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['locadmin'];
mysql_query("update `users` set `locadmin`='$ver' where `id`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'SE Change location admin status',$ticketno);
+ }elseif($id == 43 && array_key_exists('locadmin',$_REQUEST) && $_REQUEST['locadmin'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['locadmin']);
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('admin',$_REQUEST) && $_REQUEST['admin'] > 0)
+ if($id == 43 && array_key_exists('admin',$_REQUEST) && $_REQUEST['admin'] > 0 && $ticketvalidation == TRUE)
{
csrf_check('admsetadmin');
$memid = $_REQUEST['userid'] = intval($_REQUEST['admin']);
@@ -2952,47 +3010,67 @@ function buildSubjectFromSession() {
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['admin'];
mysql_query("update `users` set `admin`='$ver' where `id`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'SE Change SE status',$ticketno);
+ }elseif($id == 43 && array_key_exists('admin',$_REQUEST) && $_REQUEST['admin'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['admin']);
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('general',$_REQUEST) && $_REQUEST['general'] > 0)
+ if($id == 43 && array_key_exists('general',$_REQUEST) && $_REQUEST['general'] > 0 && $ticketvalidation == TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['general']);
$query = "select * from `alerts` where `memid`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['general'];
mysql_query("update `alerts` set `general`='$ver' where `memid`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'SE Change general status',$ticketno);
+ }elseif($id == 43 && array_key_exists('general',$_REQUEST) && $_REQUEST['general'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['general']);
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('country',$_REQUEST) && $_REQUEST['country'] > 0)
+ if($id == 43 && array_key_exists('country',$_REQUEST) && $_REQUEST['country'] > 0 && $ticketvalidation == TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['country']);
$query = "select * from `alerts` where `memid`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['country'];
mysql_query("update `alerts` set `country`='$ver' where `memid`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'SE Change country status',$ticketno);
+ }elseif($id == 43 && array_key_exists('country',$_REQUEST) && $_REQUEST['country'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['country']);
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('regional',$_REQUEST) && $_REQUEST['regional'] > 0)
+ if($id == 43 && array_key_exists('regional',$_REQUEST) && $_REQUEST['regional'] > 0 && $ticketvalidation == TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['regional']);
$query = "select * from `alerts` where `memid`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['regional'];
mysql_query("update `alerts` set `regional`='$ver' where `memid`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'SE Change regional status',$ticketno);
+ }elseif($id == 43 && array_key_exists('regional',$_REQUEST) && $_REQUEST['regional'] > 0 && $ticketvalidation == FALSE){
+ $_REQUEST['userid'] = intval($_REQUEST['regional']);
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
- if($id == 43 && array_key_exists('radius',$_REQUEST) && $_REQUEST['radius'] > 0)
+ if($id == 43 && array_key_exists('radius',$_REQUEST) && $_REQUEST['radius'] > 0 && $ticketvalidation == TRUE)
{
$memid = $_REQUEST['userid'] = intval($_REQUEST['radius']);
$query = "select * from `alerts` where `memid`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$ver = !$row['radius'];
mysql_query("update `alerts` set `radius`='$ver' where `memid`='$memid'");
+ write_se_log($memid, $_SESSION['profile']['id'],'SE Change radius status',$ticketno);
+ }elseif($id == 43 && array_key_exists('radius',$_REQUEST) && $_REQUEST['radius'] > 0 && $ticketvalidation == false){
+ $_REQUEST['userid'] = intval($_REQUEST['radius']);
+ $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
}
if($id == 50)
{
- if(array_key_exists('userid',$_REQUEST) && $_REQUEST['userid'] != "")
+ if(array_key_exists('userid',$_REQUEST) && intval($_REQUEST['userid']) != "")
$_REQUEST['userid'] = intval($_REQUEST['userid']);
$row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
@@ -3014,38 +3092,54 @@ function buildSubjectFromSession() {
if (trim($_REQUEST['arbitrationno'])==""){
showheader(_("My CAcert.org Account!"));
echo _("You did not enter an arbitration number entry.");
+ printf('<br/><a href="account.php?id=43&amp;userid=' . intval($_REQUEST['userid']) . '">' . _('Back to previous page.') .'</a>');
showfooter();
exit;
}
if ( 1 !== preg_match('/^[a-z]\d{8}\.\d+\.\d+$/i',trim($_REQUEST['arbitrationno'])) ) {
showheader(_("My CAcert.org Account!"));
printf(_("'%s' is not a valid arbitration number entry."), sanitizeHTML(trim($_REQUEST['arbitrationno'])));
+ printf('<br/><a href="account.php?id=43&amp;userid=' . intval($_REQUEST['userid']) . '">' . _('Back to previous page.') .'</a>');
showfooter();
exit;
}
if (check_email_exists(trim($_REQUEST['arbitrationno']).'@cacert.org')) {
showheader(_("My CAcert.org Account!"));
printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['arbitrationno'].'@cacert.org'));
+ printf('<br/><a href="account.php?id=43&amp;userid=' . intval($_REQUEST['userid']) . '">' . _('Back to previous page.') .'</a>');
showfooter();
exit;
}
- if (check_client_cert_running($_REQUEST['userid'],1) ||
- check_server_cert_running($_REQUEST['userid'],1) ||
- check_gpg_cert_running($_REQUEST['userid'],1)) {
+ if (check_client_cert_running(intval($_REQUEST['userid']),1) ||
+ check_server_cert_running(intval($_REQUEST['userid']),1) ||
+ check_gpg_cert_running(intval($_REQUEST['userid']),1)) {
showheader(_("My CAcert.org Account!"));
printf(_("The CCA retention time for at least one certificate is not over. Can't continue."));
+ printf('<br/><a href="account.php?id=43&amp;userid=' . intval($_REQUEST['userid']) . '">' . _('Back to previous page.') .'</a>');
showfooter();
exit;
}
- if (check_is_orgadmin($_REQUEST['userid'],1)) {
+ if (check_is_orgadmin(intval($_REQUEST['userid']),1)) {
showheader(_("My CAcert.org Account!"));
printf(_("The user is listed as Organisation Administrator. Can't continue."));
+ printf('<br/><a href="account.php?id=43&amp;userid=' . intval($_REQUEST['userid']) . '">' . _('Back to previous page.') .'</a>');
showfooter();
exit;
}
- account_delete($_REQUEST['userid'], trim($_REQUEST['arbitrationno']), $_SESSION['profile']['id']);
+ account_delete(intval($_REQUEST['userid']), trim($_REQUEST['arbitrationno']), $_SESSION['profile']['id']);
+ write_se_log(intval($_REQUEST['userid']), $_SESSION['profile']['id'], 'SE Account delete', trim($_REQUEST['arbitrationno']));
}
+ if(($id == 51 || $id == 52 || $oldid == 52))
+ {
+ showheader(_("My CAcert.org Account!"));
+ echo _("You don't have access to this area.\nThe Tverify programme is terminated as of 16th November 2010" );
+ showfooter();
+ exit;
+ }
+
+ /* this area not needed as the The Tverify programme is Terminated as of 16th November 2010
+
if(($id == 51 || $id == 52 || $oldid == 52) && $_SESSION['profile']['tverify'] <= 0)
{
showheader(_("My CAcert.org Account!"));
@@ -3053,7 +3147,6 @@ function buildSubjectFromSession() {
showfooter();
exit;
}
-
if($oldid == 52)
{
$uid = intval($_REQUEST['uid']);
@@ -3159,6 +3252,20 @@ function buildSubjectFromSession() {
showfooter();
exit;
}
+ */
+ if($id == 59){
+ if ($oldid == 43 && $_SESSION['profile']['admin'] == 1) {
+ $_SESSION['support']=1;
+ }ELSEIF ($oldid == 13 && intval($_REQUEST['userid']) == $_SESSION['profile']['id']){
+ $_SESSION['support']=0;
+ }ELSE{
+ showheader(_("My CAcert.org Account!"));
+ echo _("You do not have access to this page.");
+ showfooter();
+ exit;
+ }
+ }
+
if(intval($cert) > 0)
$_SESSION['_config']['cert'] = intval($cert);
diff --git a/includes/general.php b/includes/general.php
index d89c0e6..b1e1993 100644
--- a/includes/general.php
+++ b/includes/general.php
@@ -57,7 +57,7 @@
exit;
}
- if(array_key_exists('HTTP_HOST',$_SERVER) &&
+ if(array_key_exists('HTTP_HOST',$_SERVER) &&
($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] ||
$_SERVER['HTTP_HOST'] == $_SESSION['_config']['tverify']))
{
@@ -82,7 +82,7 @@
$locked = mysql_fetch_assoc(mysql_query("select `locked` from `users` where `id`='".$_SESSION['profile']['id']."'"));
if($locked['locked'] == 0)
{
- $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
+ $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' and `deleted`=0 group by `to`";
$res = mysql_query($query);
$row = mysql_fetch_assoc($res);
$_SESSION['profile']['points'] = $row['total'];
@@ -169,19 +169,19 @@
$points++;
//echo "Points due to length and charset: $points<br/>";
-
+
// check for historical password proposal
if ($pwd === "Fr3d Sm|7h") {
return 0;
}
-
+
return $points;
}
function checkpw($pwd, $email, $fname, $mname, $lname, $suffix)
{
$points = checkpwlight($pwd);
-
+
if(@strstr(strtolower($pwd), strtolower($email)))
$points--;
@@ -232,7 +232,7 @@
{
$bits = explode(": ", $_SESSION['_config']['subject'], 2);
$bits = str_replace(", ", "|", str_replace("/", "|", array_key_exists('1',$bits)?$bits['1']:""));
- $bits = explode("|", $bits);
+ $bits = explode("|", $bits);
$_SESSION['_config']['cnc'] = $_SESSION['_config']['subaltc'] = 0;
$_SESSION['_config']['OU'] = "";
@@ -557,7 +557,7 @@
$fp = @fsockopen($domain,25,$errno,$errstr,5);
if($fp)
{
-
+
$line = fgets($fp, 4096);
while(substr($line, 0, 4) == "220-")
$line = fgets($fp, 4096);
@@ -662,7 +662,7 @@
return $ticket;
}
- function sanitizeHTML($input)
+ function sanitizeHTML($input)
{
return htmlentities(strip_tags($input), ENT_QUOTES);
//In case of problems, please use the following line again:
@@ -732,7 +732,7 @@
$text=preg_replace("/[^\w-.@]/","",$text);
return($text);
}
-
+
// returns text message to be shown to the user given the result of is_no_assurer
function no_assurer_text($Status)
@@ -775,7 +775,7 @@
$name="../$type/$kind/".intval($id/1000)."/$kind-".intval($id).".$type";
if (!is_dir("../csr")) { mkdir("../csr",0777); }
if (!is_dir("../crt")) { mkdir("../crt",0777); }
-
+
if (!is_dir("../csr/$kind")) { mkdir("../csr/$kind",0777); }
if (!is_dir("../crt/$kind")) { mkdir("../crt/$kind",0777); }
if (!is_dir("../csr/$kind/".intval($id/1000))) { mkdir("../csr/$kind/".intval($id/1000)); }
diff --git a/includes/loggedin.php b/includes/loggedin.php
index 4f9b8e8..03de18c 100644
--- a/includes/loggedin.php
+++ b/includes/loggedin.php
@@ -49,7 +49,7 @@
else
unset($_SESSION['profile']);
}
-
+
if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && ($_SESSION['profile']['id'] == 0 || $_SESSION['profile']['loggedin'] == 0))
{
$user_id = get_user_id_from_cert($_SERVER['SSL_CLIENT_M_SERIAL'],
@@ -113,7 +113,7 @@
if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] > 0)
{
- $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
+ $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' and `deleted`=0 group by `to`";
$res = mysql_query($query);
$row = mysql_fetch_assoc($res);
$_SESSION['profile']['points'] = $row['total'];
diff --git a/includes/notary.inc.php b/includes/notary.inc.php
index b34b2f4..1451630 100644
--- a/includes/notary.inc.php
+++ b/includes/notary.inc.php
@@ -35,7 +35,7 @@
function get_number_of_assurances ($userid)
{
$res = query_init ("SELECT count(*) AS `list` FROM `notary`
- WHERE `method` = 'Face to Face Meeting' AND `from`='".intval($userid)."' ");
+ WHERE `method` = 'Face to Face Meeting' AND `deleted`=0 AND `from`='".intval($userid)."' ");
$row = query_getnextrow($res);
return intval($row['list']);
@@ -44,7 +44,7 @@
function get_number_of_ttpassurances ($userid)
{
$res = query_init ("SELECT count(*) AS `list` FROM `notary`
- WHERE (`method`='Trusted Third Parties' or `method`='TTP-Assisted') AND `to`='".intval($userid)."' ");
+ WHERE (`method`='Trusted Third Parties' or `method`='TTP-Assisted') AND `deleted`=0 AND `to`='".intval($userid)."' ");
$row = query_getnextrow($res);
return intval($row['list']);
@@ -53,7 +53,7 @@
function get_number_of_assurees ($userid)
{
$res = query_init ("SELECT count(*) AS `list` FROM `notary`
- WHERE `method` = 'Face to Face Meeting' AND `to`='".intval($userid)."' ");
+ WHERE `method` = 'Face to Face Meeting' AND `deleted`=0 AND `to`='".intval($userid)."' ");
$row = query_getnextrow($res);
return intval($row['list']);
@@ -75,27 +75,49 @@
return intval(query_get_number_of_rows($res)+1);
}
- function get_given_assurances ($userid)
+ /**
+ * get_given_assurances()
+ * returns the list of assurances given by the user
+ * @param mixed $userid - user id for the account for report
+ * @param integer $log - for log output = 1
+ * @return
+ */
+ function get_given_assurances ($userid, $log=0)
{
- $res = query_init ("select * from `notary` where `from`='".intval($userid)."' and `from` != `to` order by `id` asc");
+ $deleted='';
+ if ($log == 0) {
+ $deleted = ' and `deleted` = 0 ';
+ }
+ $res = query_init ("select * from `notary` where `from`='".intval($userid)."' and `from` != `to` $deleted order by `id` asc");
return $res;
}
- function get_received_assurances ($userid)
+ /**
+ * get_received_assurances()
+ * returns the list of assurances received by the user
+ * @param mixed $userid - user id for the account for report
+ * @param integer $log - for log output = 1
+ * @return
+ */
+ function get_received_assurances ($userid, $log=0)
{
- $res = query_init ("select * from `notary` where `to`='".intval($userid)."' and `from` != `to` order by `id` asc ");
+ $deleted='';
+ if ($log == 0) {
+ $deleted = ' and `deleted` = 0 ';
+ }
+ $res = query_init ("select * from `notary` where `to`='".intval($userid)."' and `from` != `to` $deleted order by `id` asc ");
return $res;
}
function get_given_assurances_summary ($userid)
{
- $res = query_init ("select count(*) as number,points,awarded,method from notary where `from`='".intval($userid)."' group by points,awarded,method");
+ $res = query_init ("select count(*) as number,points,awarded,method from notary where `from`='".intval($userid)."' AND `deleted`=0 group by points,awarded,method");
return $res;
}
function get_received_assurances_summary ($userid)
{
- $res = query_init ("select count(*) as number,points,awarded,method from notary where `to`='".intval($userid)."' group by points,awarded,method");
+ $res = query_init ("select count(*) as number,points,awarded,method from notary where `to`='".intval($userid)."' AND `deleted`=0 group by points,awarded,method");
return $res;
}
@@ -286,7 +308,7 @@
<?
}
- function output_assurances_row($assuranceid,$date,$when,$email,$name,$awarded,$points,$location,$method,$experience,$userid,$support,$revoked)
+ function output_assurances_row($assuranceid,$date,$when,$email,$name,$awarded,$points,$location,$method,$experience,$userid,$support,$revoked, $ticketno)
{
$tdstyle="";
@@ -333,7 +355,7 @@
<?
} else {
?>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&amp;userid=<?=intval($userid)?>&amp;assurance=<?=intval($assuranceid)?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$assuranceid)?>');"><?=_("Revoke")?></a><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&amp;userid=<?=intval($userid)?>&amp;assurance=<?=intval($assuranceid)?>&amp;csrf=<?=make_csrf('admdelassurance')?>&amp;ticketno=<?=$ticketno?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$assuranceid)?>');"><?=_("Revoke")?></a><?=$emclose?></td>
<?
}
}
@@ -381,7 +403,7 @@
// ************* output given assurances ******************
- function output_given_assurances_content($userid,&$points,&$sum_experience,$support)
+ function output_given_assurances_content($userid,&$points,&$sum_experience,$support, $ticketno)
{
$points = 0;
$sumexperience = 0;
@@ -392,13 +414,13 @@
$apoints = calc_experience ($row,$points,$experience,$sum_experience,$revoked);
$name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['to']));
$email = show_email_link ($fromuser['email'],intval($row['to']));
- output_assurances_row (intval($row['id']),$row['date'],$row['when'],$email,$name,$apoints,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience,$userid,$support,$revoked);
+ output_assurances_row (intval($row['id']),$row['date'],$row['when'],$email,$name,$apoints,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience,$userid,$support,$revoked, $ticketno);
}
}
// ************* output received assurances ******************
- function output_received_assurances_content($userid,&$points,&$sum_experience,$support)
+ function output_received_assurances_content($userid,&$points,&$sum_experience,$support, $ticketno)
{
$points = 0;
$sumexperience = 0;
@@ -409,7 +431,7 @@
calc_assurances ($row,$points,$experience,$sum_experience,$awarded,$revoked);
$name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['from']));
$email = show_email_link ($fromuser['email'],intval($row['from']));
- output_assurances_row (intval($row['id']),$row['date'],$row['when'],$email,$name,$awarded,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience,$userid,$support,$revoked);
+ output_assurances_row (intval($row['id']),$row['date'],$row['when'],$email,$name,$awarded,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience,$userid,$support,$revoked, $ticketno);
}
}
@@ -591,17 +613,17 @@
return $issue_points;
}
- function output_given_assurances($userid,$support=0)
+ function output_given_assurances($userid, $support=0, $ticketno='')
{
output_assurances_header(_("Assurance Points You Issued"),$support);
- output_given_assurances_content($userid,$points,$sum_experience,$support);
+ output_given_assurances_content($userid,$points,$sum_experience,$support, $ticketno);
output_assurances_footer(_("Total Points Issued"),$points,_("Total Experience Points"),$sum_experience,$support);
}
- function output_received_assurances($userid,$support=0)
+ function output_received_assurances($userid,$support=0, $ticketno='')
{
output_assurances_header(_("Your Assurance Points"),$support);
- output_received_assurances_content($userid,$points,$sum_experience,$support);
+ output_received_assurances_content($userid,$points,$sum_experience,$support, $ticketno);
output_assurances_footer(_("Total Assurance Points"),$points,_("Total Experience Points"),$sum_experience,$support);
}
@@ -698,6 +720,17 @@
return $rec;
}
+function get_user_agreement($memid){
+ $query="(SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 1 as `active` FROM user_agreements u WHERE u.`document` = 'CCA' AND (u.`memid`=".$memid." ) order by u.`date` )
+ union
+ (SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 0 as `active` FROM user_agreements u WHERE u.`document` = 'CCA' AND ( u.`secmemid`=".$memid.") order by u.`date`)
+ union
+ (SELECT u.`document`, u.`date`, u.`method`, u.`comment`, 0 as `active` FROM user_agreements u WHERE u.`document` != 'CCA' AND ( u.`memid`=".$memid.") order by u.u.`document`, u.`date`) " ;
+ $res = mysql_query($query);
+
+ return mysql_query($query);
+}
+
/**
* delete_user_agreement()
* deletes all entries for a given type from user_agreement of a given user, if type is not given all
@@ -706,7 +739,6 @@
* @return
*/
function delete_user_agreement($memid, $type=false){
- //deletes all entries to an user for the given type of user agreements
if ($type === false) {
$filter = '';
} else {
@@ -909,11 +941,6 @@
}
//change personal information to arbitration number and DOB=1900-01-01
- $query = "select `fname`,`mname`,`lname`,`suffix`,`dob` from `users` where `id`='$userid'";
- $details = mysql_fetch_assoc(mysql_query($query));
- $query = "insert into `adminlog` set `when`=NOW(),`old-lname`='${details['lname']}',`old-dob`='${details['dob']}',
- `new-lname`='$arbno',`new-dob`='1900-01-01',`uid`='$id',`adminid`='".$adminid."'";
- mysql_query($query);
$query = "update `users` set `fname`='".$arbno."',
`mname`='".$arbno."',
`lname`='".$arbno."',
@@ -1125,3 +1152,782 @@
function check_date_difference($date, $diff=1){
return (strtotime($date)<=time()+$diff*86400);
}
+
+/**
+ * write_se_log()
+ * writes an information to the adminlog
+ *
+ * @param mixed $uid - id of the user account
+ * @param mixed $adminid - id of the admin
+ * @param mixed $type - what was changed
+ * @param mixed $info - the ticket / arbitration no or other information
+ * @return
+ */
+function write_se_log($uid, $adminid, $type, $info){
+ //records all support engineer actions changing a user account
+ $uid = intval($uid);
+ $adminid = intval($adminid);
+ $type = mysql_real_escape_string($type);
+ $info = mysql_real_escape_string($info);
+ $query="insert into `adminlog` (`when`, `uid`, `adminid`,`type`,`information`) values
+ (Now(), $uid, $adminid, '$type', '$info')";
+ mysql_query($query);
+}
+
+/**
+ * valid_ticket_number()
+ * checks if the entered information is a valid ticket or arbitration number
+ * @param mixed $ticketno
+ * @return
+ */
+function valid_ticket_number($ticketno){
+ //return if a given ticket number is valid
+ //a arbitration case
+ //d dispute action
+ //s support case
+ //m board motion
+ $pattern='/[adsmADSM]\d{8}\./';
+ if (preg_match($pattern, $ticketno)) {
+ return true;
+ }
+ return false;
+}
+
+// function for handling account/43.php
+/**
+ * get_user_data()
+ * returns all data of to an account given by the id
+ * @param mixed $userid - account id
+ * @param mixed $deleted - states if deleted data should be visible , default = 0 - not visible
+ * @return
+ */
+function get_user_data($userid, $deleted=0){
+ $userid = intval($userid);
+ $filter='';
+ if (0==$deleted) {
+ $filter=' and `users`.`deleted`=0';
+ }
+ $query = "select * from `users` where `users`.`id`='$userid' ".$filter;
+ return mysql_query($query);
+}
+
+/**
+ * get_alerts()
+ * retrns all alert settings for one user
+ * @param mixed $userid for the requested account
+ * @return
+ */
+function get_alerts($userid){
+ return mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($userid)."'"));
+}
+
+/**
+ * get_email_address()
+ * returns all email address linked to one account
+ * @param mixed $userid
+ * @param string $primary if given the primary email address is not retirned
+ * @param integer $deleted - states if deleted data should be visible , default = 0 - not visible
+ * @return
+ */
+function get_email_address($userid, $primary,$deleted=0){
+ //should be entered in account/2.php
+ $userid = intval($userid);
+ $filter='';
+ if (0==$deleted) {
+ $filter=' and `deleted`=0';
+ }
+ if ($primary) {
+ $filter= $filter." and `email`!='".mysql_real_escape_string($primary)."'";
+ }
+ $query = "select * from `email` where `memid`='".$userid."'".$filter." order by `created`";
+ return mysql_query($query);
+}
+
+/**
+ * get_domains()
+ * returns all domains to an account
+ * @param mixed $userid
+ * @param integer $deleted - states if deleted data should be visible , default = 0 - not visible
+ * @return
+ */
+function get_domains($userid, $deleted=0){
+ //should be entered in account/9.php
+ $userid = intval($userid);
+ $filter='';
+ if (0==$deleted) {
+ $filter=' and `deleted`=0';
+ }
+ $query = "select * from `domains` where `memid`='".$userid."' and `hash`=''".$filter." order by `created`";
+ return mysql_query($query);
+}
+
+/**
+ * get_training_result()
+ * returns all training results to an account
+ * @param mixed $userid
+ * @return
+ */
+function get_training_result($userid){
+ //should be entered in account/55.php
+ $userid = intval($userid);
+ $query = "SELECT `CP`.`pass_date`, `CT`.`type_text`, `CV`.`test_text` ".
+ " FROM `cats_passed` AS CP, `cats_variant` AS CV, `cats_type` AS CT ".
+ " WHERE `CP`.`variant_id`=`CV`.`id` AND `CV`.`type_id`=`CT`.`id` AND `CP`.`user_id` ='".$userid."'".
+ " ORDER BY `CP`.`pass_date`";
+ return mysql_query($query);
+}
+
+/**
+ * get_se_log()
+ * returns all SE log entries to an account
+ * @param mixed $userid
+ * @return
+ */
+function get_se_log($userid){
+ $userid = intval($userid);
+ $query = "SELECT `adminlog`.`when`, `adminlog`.`type`, `adminlog`.`information`, `users`.`fname`, `users`.`lname`
+ FROM `adminlog`, `users`
+ WHERE `adminlog`.`adminid` = `users`.`id` and `adminlog`.`uid`=".$userid."
+ ORDER BY `adminlog`.`when`";
+ return mysql_query($query);
+}
+
+/**
+ * get_client_certs()
+ * returns all client certificates to an account
+ * @param mixed $userid
+ * @param integer $viewall- states if expired certs should be visible , default = 0 - not visible
+ * @return
+ */
+//add to account/5.php
+function get_client_certs($userid,$viewall=0){
+ $userid = intval($userid);
+ $query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`,
+ UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
+ UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`,
+ `emailcerts`.`expire` as `expires`,
+ `emailcerts`.`revoked` as `revoke`,
+ UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`,
+ `emailcerts`.`id`,
+ `emailcerts`.`CN`,
+ `emailcerts`.`serial`,
+ `emailcerts`.`disablelogin` as `disablelogin`,
+ `emailcerts`.`description`
+ from `emailcerts`
+ where `emailcerts`.`memid`='".$userid."'";
+ if($viewall != 1)
+ $query .= " AND `revoked`=0 AND `renewed`=0 ";
+ $query .= " GROUP BY `emailcerts`.`id` ";
+ if($viewall != 1)
+ $query .= " HAVING `timeleft` > 0 ";
+ $query .= " ORDER BY `emailcerts`.`modified` desc";
+ return mysql_query($query);
+}
+
+/**
+ * get_server_certs()
+ * returns all server certs to an account
+ * @param mixed $userid
+ * @param integer $viewall states if expired certs should be visible , default = 0 - not visible
+ * @return
+ */
+function get_server_certs($userid,$viewall=0){
+ //add to account/12.php
+ $userid = intval($userid);
+ $query = "select UNIX_TIMESTAMP(`domaincerts`.`created`) as `created`,
+ UNIX_TIMESTAMP(`domaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
+ UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired`,
+ `domaincerts`.`expire` as `expires`, `revoked` as `revoke`,
+ UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`serial`, `domaincerts`.`id` as `id`,
+ `domaincerts`.`description`
+ from `domaincerts`,`domains`
+ where `memid`='".$userid."' and `domaincerts`.`domid`=`domains`.`id` ";
+ if($viewall != 1)
+ {
+ $query .= "AND `revoked`=0 AND `renewed`=0 ";
+ $query .= "HAVING `timeleft` > 0 ";
+ }
+ $query .= "ORDER BY `domaincerts`.`modified` desc";
+ return mysql_query($query);
+}
+
+/**
+ * get_gpg_certs()
+ * retruns all gpg certs to an account
+ * @param mixed $userid
+ * @param integer $viewall states if expired certs should be visible , default = 0 - not visible
+ * @return
+ */
+function get_gpg_certs($userid,$viewall=0){
+ //add to gpg/2.php
+ $userid = intval($userid);
+ $query = $query = "select UNIX_TIMESTAMP(`issued`) as `issued`,
+ UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() as `timeleft`,
+ UNIX_TIMESTAMP(`expire`) as `expired`,
+ `expire` as `expires`, `id`, `level`,
+ `email`,`keyid`,`description` from `gpg` where `memid`='".$userid."'
+ ORDER BY `issued` desc";
+ return mysql_query($query);
+}
+
+
+
+/**
+ * output_log_email_header()
+ * shows the table header to the email table
+ * @return
+ */
+function output_log_email_header(){
+ ?>
+ <tr>
+ <td class="DataTD bold"><?= _("Email, primary bold") ?></td>
+ <td class="DataTD bold"><?= _("Created") ?></td>
+ <td class="DataTD bold"><?= _("Deleted") ?></td>
+ </tr>
+
+ <?
+}
+/**
+ * output_log_email()
+ * shows all email data
+ * @param mixed $row - sql-query array
+ * @param mixed $primary - if given the primary address is highlighted
+ * @return
+ */
+function output_log_email($row,$primary){
+ $primaryemailaddress='';
+ $deletedemailaddress='';
+ if ($row['deleted'] > 0) {
+ $deletedemailaddress=' deletedemailaddress';
+ }
+ if ($primary==$row['email'] && $row['deleted'] == 0) {
+ $primaryemailaddress= ' primaryemailaddress';
+ }
+ ?>
+ <tr>
+ <td class="DataTD<?= $primaryemailaddress . $deletedemailaddress ?>"><?=$row['email']?></td>
+ <td class="DataTD<?= $primaryemailaddress . $deletedemailaddress ?>"><?=$row['created']?></td>
+ <td class="DataTD<?= $primaryemailaddress . $deletedemailaddress ?>"><?=$row['deleted']?></td>
+ </tr>
+ <?
+}
+
+/**
+ * output_log_domains_header()
+ * shows the table header to the domains table
+ * @return
+ */
+function output_log_domains_header(){
+ ?>
+ <tr>
+ <td class="DataTD bold"><?= _("Domain") ?></td>
+ <td class="DataTD bold"><?= _("Created") ?></td>
+ <td class="DataTD bold"><?= _("Deleted") ?></td>
+ </tr>
+
+ <?
+}
+
+/**
+ * output_log_domains()
+ * shows the domain data
+ * @param mixed $row - sql-query array
+ * @return
+ */
+function output_log_domains($row){
+ $italic='';
+ if (0==$row['deleted']) {
+ $italic='italic ';
+ }
+ ?>
+ <tr>
+ <td class="DataTD <? $italic ?>"><?=$row['domain']?></td>
+ <td class="DataTD <? $italic ?>"><?=$row['created']?></td>
+ <td class="DataTD <? $italic ?>"><?=$row['deleted']?></td>
+ </tr>
+ <?
+}
+
+/**
+ * output_log_agreement_header()
+ * shows the table header to the user agreement table
+ * @return
+ */
+function output_log_agreement_header(){
+ ?>
+ <tr>
+ <td class="DataTD bold"><?= _("Agreement") ?></td>
+ <td class="DataTD bold"><?= _("Date") ?></td>
+ <td class="DataTD bold"><?= _("Method") ?></td>
+ <td class="DataTD bold"><?= _("Active ") ?></td>
+ </tr>
+ <?
+}
+
+/**
+ * output_log_agreement()
+ * shows the agreement data
+ * @param mixed $row - sql-query array
+ * @return
+ */
+function output_log_agreement($row){
+ ?>
+ <tr>
+ <td class="DataTD" ><?=$row['document']?></td>
+ <td class="DataTD" ><?=$row['date']?></td>
+ <td class="DataTD" ><?=$row['method']?></td>
+ <td class="DataTD"><?= ($row['active']==0)? _('passive'):_('active')?></td>
+ </tr>
+ <?
+}
+
+/**
+ * output_log_training_header()
+ * shows the table header to the training table
+ * @return
+ */
+function output_log_training_header(){
+ //should be entered in account/55.php
+ ?>
+ <tr>
+ <td class="DataTD bold"><?= _("Agreement") ?></td>
+ <td class="DataTD bold"><?= _("Test") ?></td>
+ <td class="DataTD bold"><?= _("Variant") ?></td>
+ </tr>
+ <?
+}
+
+/**
+ * output_log_training()
+ * shows the training data
+ * @param mixed $row - sql-query array
+ * @return
+ */
+function output_log_training($row){
+ //should be entered in account/55.php
+ ?>
+ <tr>
+ <td class="DataTD"><?=$row['pass_date']?></td>
+ <td class="DataTD"><?=$row['type_text']?></td>
+ <td class="DataTD"><?=$row['test_text']?></td>
+ </tr>
+ <?
+}
+
+/**
+ * output_log_se_header()
+ * shows the table header to the SE log table
+ * @param integer $support - if support = 1 some columns ar not visible
+ * @return
+ */
+function output_log_se_header($support=0){
+ ?>
+ <tr>
+ <td class="DataTD bold"><?= _("Date") ?></td>
+ <td class="DataTD bold"><?= _("Type") ?></td>
+ <?if (1==$support) {
+ ?>
+ <td class="DataTD bold"><?= _("Information") ?></td>
+ <td class="DataTD bold"><?= _("Admin") ?></td>
+ <?
+ }?>
+ </tr>
+ <?
+}
+
+/**
+ * output_log_se()
+ * show the SE log data
+ * @param mixed $row - sql-query array
+ * @param integer $support - if support = 1 some columns are added
+ * @return
+ */
+function output_log_se($row, $support=0){
+ //should be entered in account/55.php
+ ?>
+ <tr>
+ <td class="DataTD"><?=$row['when']?></td>
+ <td class="DataTD"><?=$row['type']?></td>
+ <?if (1==$support) {
+ ?>
+ <td class="DataTD"><?=$row['information']?></td>
+ <td class="DataTD"><?=$row['fname'].' '.$row['lname']?></td>
+ <?
+ }?>
+ </tr>
+ <?
+}
+
+/**
+ * output_client_cert_header()
+ * shows the table header to the cleint cert table
+ * @param integer $support - if support = 1 some columns ar not visible
+ * @return
+ */
+function output_client_cert_header($support=0){
+ //should be added to account/5.php
+ ?>
+ <tr>
+ <?if ($support !=1) { ?>
+ <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
+ <? } ?>
+ <td class="DataTD"><?=_("Status")?></td>
+ <td class="DataTD"><?=_("Email Address")?></td>
+ <td class="DataTD"><?=_("SerialNumber")?></td>
+ <td class="DataTD"><?=_("Revoked")?></td>
+ <td class="DataTD"><?=_("Expires")?></td>
+ <td class="DataTD"><?=_("Login")?></td>
+ <?if ($support !=1) { ?>
+ <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
+ <? } ?>
+ </tr>
+ <?
+}
+
+/**
+ * output_client_cert()
+ * show the client cert data
+ * @param mixed $row - sql-query array
+ * @param integer $support - if support = 1 some columns are not visible
+ * @return
+ */
+function output_client_cert($row, $support=0){
+ //should be entered in account/5.php
+ $verified="";
+ if($row['timeleft'] > 0)
+ $verified = _("Valid");
+ if($row['timeleft'] < 0)
+ $verified = _("Expired");
+ if($row['expired'] == 0)
+ $verified = _("Pending");
+ if($row['revoked'] > 0)
+ $verified = _("Revoked");
+ if($row['revoked'] == 0)
+ $row['revoke'] = _("Not Revoked");
+ ?>
+ <tr>
+ <?
+ if($verified != _("Pending") && $verified != _("Revoked")) {
+ if ($support !=1) { ?>
+ <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"></td>
+ <? } ?>
+ <td class="DataTD"><?=$verified?></td>
+ <? if ($support !=1) { ?>
+ <td class="DataTD"><a href="account.php?id=6&amp;cert=<?=$row['id']?>"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></a></td>
+ <? } ELSE {?>
+ <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td>
+ <? } ?>
+ <? } else if($verified != _("Revoked")) {
+ if ($support !=1) { ?>
+ <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td>
+ <? } ?>
+ <td class="DataTD"><?=$verified?></td>
+ <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td>
+ <? } else {
+ if ($support !=1) { ?>
+ <td class="DataTD">&nbsp;</td>
+ <? } ?>
+ <td class="DataTD"><?=$verified?></td>
+ <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td>
+ <? } ?>
+
+ <td class="DataTD"><?=$row['serial']?></td>
+ <td class="DataTD"><?=$row['revoke']?></td>
+ <td class="DataTD"><?=$row['expires']?></td>
+
+ <? if ($support !=1) { ?>
+ <td class="DataTD">
+ <input type="checkbox" name="disablelogin_<?=$row['id']?>" value="1" <?=$row['disablelogin']?"":"checked='checked'"?>/>
+ <input type="hidden" name="cert_<?=$row['id']?>" value="1" />
+ </td>
+ <? } ELSE { ?>
+ <td class="DataTD">
+ <input type="checkbox" name="disablelogin_<?=$row['id']?>" value="1" <?=$row['disablelogin']?"":"checked='checked'"?> DISABLED/>
+ </td>
+ <? }
+ if ($support !=1) { ?>
+ <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
+ <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
+ <? }?>
+ </tr>
+
+ <?
+}
+
+/**
+ * output_log_server_certs_header()
+ * shows the table header to the server cert table
+ * @param integer $support - if support = 1 some columns ar not visible
+ * @return
+ */
+function output_log_server_certs_header($support=0){
+ //should be entered in account/12.php
+ ?>
+ <tr>
+ <?if ($support !=1) { ?>
+ <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
+ <? } ?>
+ <td class="DataTD"><?=_("Status")?></td>
+ <td class="DataTD"><?=_("CommonName")?></td>
+ <td class="DataTD"><?=_("SerialNumber")?></td>
+ <td class="DataTD"><?=_("Revoked")?></td>
+ <td class="DataTD"><?=_("Expires")?></td>
+ <?if ($support !=1) { ?>
+ <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
+ <? } ?>
+ </tr>
+ <?
+}
+
+/**
+ * output_log_server_certs()
+ * show the server cert data
+ * @param mixed $row - sql-query array
+ * @param integer $support - if support = 1 some columns are not visible
+ * @return
+ */
+function output_log_server_certs($row, $support=0){
+ //should be entered in account/12.php
+ if($row['timeleft'] > 0)
+ $verified = _("Valid");
+ if($row['timeleft'] < 0)
+ $verified = _("Expired");
+ if($row['expired'] == 0)
+ $verified = _("Pending");
+ if($row['revoked'] > 0)
+ $verified = _("Revoked");
+ if($row['revoked'] == 0)
+ $row['revoke'] = _("Not Revoked");
+ ?>
+ <tr>
+ <? if ($support !=1) {
+ if($verified != _("Pending") && $verified != _("Revoked")) { ?>
+ <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"/></td>
+ <? } else if($verified != _("Revoked")) { ?>
+ <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"/></td>
+ <? } else { ?>
+ <td class="DataTD">&nbsp;</td>
+ <? }
+ }?>
+ <td class="DataTD"><?=$verified?></td>
+ <?if ($support !=1) { ?>
+ <td class="DataTD"><a href="account.php?id=15&amp;cert=<?=$row['id']?>"><?=$row['CN']?></a></td>
+ <? }ELSE{ ?>
+ <td class="DataTD"><?=$row['CN']?></td>
+ <?}?>
+ <td class="DataTD"><?=$row['serial']?></td>
+ <td class="DataTD"><?=$row['revoke']?></td>
+ <td class="DataTD"><?=$row['expires']?></td>
+ <?if ($support !=1) { ?>
+ <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
+ <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
+ <?}?>
+ </tr> <?
+}
+
+/**
+ * output_gpg_certs_header()
+ * shows the table header to the gpg cert table
+ * @param integer $support - if support = 1 some columns ar not visible
+ * @return
+ */
+function output_gpg_certs_header($support=0){
+ ?>
+ <tr>
+ <td class="DataTD"><?=_("Status")?></td>
+ <td class="DataTD"><?=_("Email Address")?></td>
+ <td class="DataTD"><?=_("Expires")?></td>
+ <td class="DataTD"><?=_("Key ID")?></td>
+ <?if ($support !=1) { ?>
+ <td colspan="2" class="DataTD"><?=_("Comment *")?></td>
+ <? }?>
+ </tr>
+ <?
+}
+
+/**
+ * output_gpg_certs()
+ * show the gpg cert data
+ * @param mixed $row - sql-query array
+ * @param integer $support - if support = 1 some columns are not visible
+ * @return
+ */
+function output_gpg_certs($row, $support=0){
+ //should be entered in account/55.php
+ if($row['timeleft'] > 0)
+ $verified = _("Valid");
+ if($row['timeleft'] < 0)
+ $verified = _("Expired");
+ if($row['expired'] == 0)
+ $verified = _("Pending");
+ ?>
+ <tr>
+ <? if($verified == _("Valid")) { ?>
+ <td class="DataTD"><?=$verified?></td>
+ <?if ($support !=1) { ?>
+ <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['email']?></a></td>
+ <? } else { ?>
+ <td class="DataTD"><?=$row['email']?></td>
+ <? } ?>
+ <? } else if($verified == _("Pending")) { ?>
+ <td class="DataTD"><?=$verified?></td>
+ <td class="DataTD"><?=$row['email']?></td>
+ <? } else { ?>
+ <td class="DataTD"><?=$verified?></td>
+ <?if ($support !=1) { ?>
+ <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['email']?></a></td>
+ <? } else { ?>
+ <td class="DataTD"><?=$row['email']?></td>
+ <? } ?>
+ <? } ?>
+ <td class="DataTD"><?=$row['expires']?></td>
+ <?if ($support != 1) { ?>
+ <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['keyid']?></a></td>
+ <? } else { ?>
+ <td class="DataTD"><?=$row['keyid']?></td>
+ <? } ?>
+ <?if ($support !=1) { ?>
+ <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
+ <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
+ <? } ?>
+ </tr>
+ <?
+}
+
+/**
+ * output_log_given_assurances()
+ * returns the list of all given assurances
+ * @param mixed $userid - user id for the output
+ * @param integer $support - support view = 1
+ * @return
+ */
+function output_log_given_assurances($userid, $support=0)
+{
+ output_assurances_header(_("Assurance given"),$support);
+ output_log_given_assurances_content($userid, $support);
+}
+
+/**
+ * output_log_given_assurances_content()
+ *
+ * @param mixed $userid
+ * @param mixed $support
+ * @return
+ */
+function output_log_given_assurances_content($userid, $support)
+{
+ $res = get_given_assurances(intval($userid), 1);
+ while($row = mysql_fetch_assoc($res))
+ {
+ $fromuser = get_user (intval($row['to']));
+ $apoints = calc_experience ($row,$points,$experience,$sum_experience,$revoked);
+ $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['to']));
+ $email = show_email_link ($fromuser['email'],intval($row['to']));
+ $revoked = '';
+ if ($row['date'] != 0) {
+ $revoked = $row['deleted'];
+ }
+ output_log_assurances_row(intval($row['id']),$row['date'],$row['when'],$email,$name,$apoints,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience,$userid,$support,$revoked);
+ }
+}
+
+/**
+ * output_log_received_assurances()
+ *
+ * @param mixed $userid
+ * @param integer $support
+ * @return
+ */
+function output_log_received_assurances($userid, $support=0)
+{
+ output_assurances_header(_("Assurance received"), $support);
+ output_log_received_assurances_content($userid, $support);
+}
+
+/**
+ * output_log_received_assurances_content()
+ *
+ * @param mixed $userid
+ * @param mixed $support
+ * @param mixed $points
+ * @param mixed $sum_experience
+ * @param mixed $ticketno
+ * @return
+ */
+function output_log_received_assurances_content($userid, $support)
+{
+ $res = get_received_assurances(intval($userid), 1);
+ while($row = mysql_fetch_assoc($res))
+ {
+ $fromuser = get_user (intval($row['from']));
+ calc_assurances ($row,$points,$experience,$sum_experience,$awarded,$revoked);
+ $name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['from']));
+ $email = show_email_link ($fromuser['email'],intval($row['from']));
+ $revoked = '';
+ if ($row['date'] != 0) {
+ $revoked = $revoked = $row['deleted'];
+ }
+ output_log_assurances_row(intval($row['id']),$row['date'],$row['when'],$email,$name,$awarded,intval($row['points']),$row['location'],$row['method']==""?"":_(sprintf("%s", $row['method'])),$experience,$userid,$support,$revoked);
+ }
+}
+
+/**
+ * output_log_assurances_row()
+ *
+ * @param mixed $assuranceid
+ * @param mixed $date
+ * @param mixed $when
+ * @param mixed $email
+ * @param mixed $name
+ * @param mixed $awarded
+ * @param mixed $points
+ * @param mixed $location
+ * @param mixed $method
+ * @param mixed $experience
+ * @param mixed $userid
+ * @param mixed $support
+ * @param mixed $revoked
+ * @return
+ */
+function output_log_assurances_row($assuranceid,$date,$when,$email,$name,$awarded,$points,$location,$method,$experience,$userid,$support,$revoked)
+{
+
+ $tdstyle="";
+ $emopen="";
+ $emclose="";
+
+ if ($awarded == $points)
+ {
+ if ($awarded == "0")
+ {
+ if ($when < "2006-09-01")
+ {
+ $tdstyle="style='background-color: #ffff80'";
+ $emopen="<em>";
+ $emclose="</em>";
+ }
+ }
+ }
+ ?>
+ <tr>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$assuranceid?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$date?><?=$emclose?></td>
+ <?
+ if ($support == "1")
+ {
+ ?>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$when?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$email?><?=$emclose?></td>
+ <?
+ }
+ ?>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$awarded?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$location?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$revoked?><?=$emclose?></td>
+ </tr>
+ <?
+}
+
diff --git a/pages/account/13.php b/pages/account/13.php
index 08f325d..7e2adfc 100644
--- a/pages/account/13.php
+++ b/pages/account/13.php
@@ -124,6 +124,9 @@
</tr>
<? } ?>
<tr>
+ <td colspan="2" class="title"><a href="account.php?id=59&amp;oldid=13&amp;userid=<?=$_SESSION['profile']['id']?>"><?=_('Show account history')?></a></td>
+ </tr>
+ <tr>
<td colspan="2" class="title"><a href="account.php?id=13&amp;showdetails=<?=!$showdetails?>"><?=_("View secret question & answers and OTP phrases")?></a></td>
</tr>
<? if($showdetails){ ?>
diff --git a/pages/account/43.php b/pages/account/43.php
index 53b24d3..c0ca26e 100644
--- a/pages/account/43.php
+++ b/pages/account/43.php
@@ -18,26 +18,26 @@
<?
include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
+$ticketno='';
+$ticketvalidation=FALSE;
- if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0)
- {
- $assurance = mysql_escape_string(intval($_REQUEST['assurance']));
- $row = 0;
- $res = mysql_query("select `to` from `notary` where `id`='$assurance'");
- if ($res) {
- $row = mysql_fetch_assoc($res);
- }
- mysql_query("delete from `notary` where `id`='$assurance'");
- if ($row) {
- fix_assurer_flag($row['to']);
- }
- }
- if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
- {
+if (isset($_SESSION['ticketno'])) {
+ $ticketno = $_SESSION['ticketno'];
+ $ticketvalidation = valid_ticket_number($ticketno);
+}
+if (isset($_SESSION['ticketmsg'])) {
+ $ticketmsg = $_SESSION['ticketmsg'];
+} else {
+ $ticketmsg = '';
+}
+
+// search for an account by email search, if more than one is found display list to choose
+if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
+{
$_REQUEST['userid'] = 0;
- $emailsearch = $email = mysql_escape_string(stripslashes($_REQUEST['email']));
+ $emailsearch = $email = mysql_real_escape_string(stripslashes($_REQUEST['email']));
//Disabled to speed up the queries
//if(!strstr($email, "%"))
@@ -45,877 +45,1024 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
// bug-975 ted+uli changes --- begin
if(preg_match("/^[0-9]+$/", $email)) {
- // $email consists of digits only ==> search for IDs
- // Be defensive here (outer join) if primary mail is not listed in email table
- $query = "select `users`.`id` as `id`, `email`.`email` as `email`
- from `users` left outer join `email` on (`users`.`id`=`email`.`memid`)
- where (`email`.`id`='$email' or `users`.`id`='$email')
- and `users`.`deleted`=0
- group by `users`.`id` limit 100";
+ // $email consists of digits only ==> search for IDs
+ // Be defensive here (outer join) if primary mail is not listed in email table
+ $query = "select `users`.`id` as `id`, `email`.`email` as `email`
+ from `users` left outer join `email` on (`users`.`id`=`email`.`memid`)
+ where (`email`.`id`='$email' or `users`.`id`='$email')
+ and `users`.`deleted`=0
+ group by `users`.`id` limit 100";
} else {
- // $email contains non-digits ==> search for mail addresses
- // Be defensive here (outer join) if primary mail is not listed in email table
- $query = "select `users`.`id` as `id`, `email`.`email` as `email`
- from `users` left outer join `email` on (`users`.`id`=`email`.`memid`)
- where (`email`.`email` like '$emailsearch'
- or `users`.`email` like '$emailsearch')
- and `users`.`deleted`=0
- group by `users`.`id` limit 100";
+ // $email contains non-digits ==> search for mail addresses
+ // Be defensive here (outer join) if primary mail is not listed in email table
+ $query = "select `users`.`id` as `id`, `email`.`email` as `email`
+ from `users` left outer join `email` on (`users`.`id`=`email`.`memid`)
+ where (`email`.`email` like '$emailsearch'
+ or `users`.`email` like '$emailsearch')
+ and `users`.`deleted`=0
+ group by `users`.`id` limit 100";
}
// bug-975 ted+uli changes --- end
$res = mysql_query($query);
- if(mysql_num_rows($res) > 1) { ?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="5" class="title"><?=_("Select Specific Account Details")?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("User ID")?></td>
- <td class="DataTD"><?=_("Email")?></td>
- </tr>
-<?
- while($row = mysql_fetch_assoc($res))
- { ?>
- <tr>
- <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>"><?=intval($row['id'])?></a></td>
- <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td>
- </tr>
-<? } if(mysql_num_rows($res) >= 100) { ?>
- <tr>
- <td class="DataTD" colspan="2"><?=_("Only the first 100 rows are displayed.")?></td>
- </tr>
-<? } else { ?>
- <tr>
- <td class="DataTD" colspan="2"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td>
- </tr>
-<? } ?>
-</table><br><br>
-<? } elseif(mysql_num_rows($res) == 1) {
- $row = mysql_fetch_assoc($res);
- $_REQUEST['userid'] = $row['id'];
- } else {
- printf(_("No users found matching %s"), sanitizeHTML($email));
- }
- }
-
- if(intval($_REQUEST['userid']) > 0)
- {
- $userid = intval($_REQUEST['userid']);
- $query = "select * from `users` where `users`.`id`='$userid' and `users`.`deleted`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
- {
- echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
- } else {
- $row = mysql_fetch_assoc($res);
- $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."'";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $alerts = mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($row['id'])."'"));
+ if(mysql_num_rows($res) > 1) {
?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="5" class="title"><? printf(_("%s's Account Details"), sanitizeHTML($row['email'])); ?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Email")?>:</td>
- <td class="DataTD"><?=sanitizeHTML($row['email'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("First Name")?>:</td>
- <td class="DataTD"><form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to modify this DOB and/or last name?")?>')) return false;">
- <input type="hidden" name="csrf" value="<?=make_csrf('admchangepers')?>" />
- <input type="text" name="fname" value="<?=sanitizeHTML($row['fname'])?>"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Middle Name")?>:</td>
- <td class="DataTD"><input type="text" name="mname" value="<?=sanitizeHTML($row['mname'])?>"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Last Name")?>:</td>
- <td class="DataTD"> <input type="hidden" name="oldid" value="43">
- <input type="hidden" name="action" value="updatedob">
- <input type="hidden" name="userid" value="<?=intval($userid)?>">
- <input type="text" name="lname" value="<?=sanitizeHTML($row['lname'])?>"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Suffix")?>:</td>
- <td class="DataTD"><input type="text" name="suffix" value="<?=sanitizeHTML($row['suffix'])?>"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Date of Birth")?>:</td>
- <td class="DataTD">
-<?
- $year = intval(substr($row['dob'], 0, 4));
- $month = intval(substr($row['dob'], 5, 2));
- $day = intval(substr($row['dob'], 8, 2));
- ?><nobr><select name="day">
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><?=_("Select Specific Account Details")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("User ID")?></td>
+ <td class="DataTD"><?=_("Email")?></td>
+ </tr>
<?
- for($i = 1; $i <= 31; $i++)
+ while($row = mysql_fetch_assoc($res))
{
- echo "<option";
- if($day == $i)
- echo " selected='selected'";
- echo ">$i</option>";
- }
?>
- </select>
- <select name="month">
+ <tr>
+ <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>"><?=intval($row['id'])?></a></td>
+ <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td>
+ </tr>
<?
- for($i = 1; $i <= 12; $i++)
- {
- echo "<option value='$i'";
- if($month == $i)
- echo " selected='selected'";
- echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))."</option>";
}
+
+ if(mysql_num_rows($res) >= 100) {
?>
- </select>
- <input type="text" name="year" value="<?=$year?>" size="4">
- <input type="submit" value="Go"></form></nobr></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("CCA accepted")?>:</td>
- <td class="DataTD"><a href="account.php?id=57&amp;userid=<?=intval($row['id'])?>"><?=intval(get_user_agreement_status($row['id'])) ? _("Yes") : _("No") ?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Trainings")?>:</td>
- <td class="DataTD"><a href="account.php?id=55&amp;userid=<?=intval($row['id'])?>">show</a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Is Assurer")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;assurer=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admsetassuret')?>"><?=$row['assurer']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Blocked Assurer")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;assurer_blocked=<?=intval($row['id'])?>"><?=$row['assurer_blocked']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Account Locking")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;locked=<?=$row['id']?>&amp;csrf=<?=make_csrf('admactlock')?>"><?=$row['locked']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Code Signing")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;codesign=<?=$row['id']?>&amp;csrf=<?=make_csrf('admcodesign')?>"><?=$row['codesign']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Org Assurer")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;orgadmin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admorgadmin')?>"><?=$row['orgadmin']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("TTP Admin")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;ttpadmin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admttpadmin')?>"><?=$row['ttpadmin']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Location Admin")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;locadmin=<?=$row['id']?>"><?=$row['locadmin']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Admin")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;admin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admsetadmin')?>"><?=$row['admin']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Ad Admin")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;adadmin=<?=$row['id']?>"><?=$row['adadmin']?></a> (0 = none, 1 = submit, 2 = approve)</td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Tverify Account")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;tverify=<?=$row['id']?>"><?=$row['tverify']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("General Announcements")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;general=<?=$row['id']?>"><?=$alerts['general']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Country Announcements")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;country=<?=$row['id']?>"><?=$alerts['country']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Regional Announcements")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;regional=<?=$row['id']?>"><?=$alerts['regional']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Within 200km Announcements")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;radius=<?=$row['id']?>"><?=$alerts['radius']?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Change Password")?>:</td>
- <td class="DataTD"><a href="account.php?id=44&amp;userid=<?=$row['id']?>"><?=_("Change Password")?></a></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Delete Account")?>:</td>
- <td class="DataTD"><a href="account.php?id=50&amp;userid=<?=$row['id']?>&amp;csrf=<?=make_csrf('admdelaccount')?>"><?=_("Delete Account")?></a></td>
- </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><?=_("Only the first 100 rows are displayed.")?></td>
+ </tr>
<?
- // This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!!
- if(array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes") {
+ } else {
?>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - Q1:</td>
- <td class="DataTD"><?=sanitizeHTML($row['Q1'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - A1:</td>
- <td class="DataTD"><?=sanitizeHTML($row['A1'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - Q2:</td>
- <td class="DataTD"><?=sanitizeHTML($row['Q2'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - A2:</td>
- <td class="DataTD"><?=sanitizeHTML($row['A2'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - Q3:</td>
- <td class="DataTD"><?=sanitizeHTML($row['Q3'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - A3:</td>
- <td class="DataTD"><?=sanitizeHTML($row['A3'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - Q4:</td>
- <td class="DataTD"><?=sanitizeHTML($row['Q4'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - A4:</td>
- <td class="DataTD"><?=sanitizeHTML($row['A4'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - Q5:</td>
- <td class="DataTD"><?=sanitizeHTML($row['Q5'])?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Lost Password")?> - A5:</td>
- <td class="DataTD"><?=sanitizeHTML($row['A5'])?></td>
- </tr>
-<? } else { ?>
- <tr>
- <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;showlostpw=yes"><?=_("Show Lost Password Details")?></a></td>
- </tr>
-<? } ?>
- <tr>
- <td class="DataTD"><?=_("Assurance Points")?>:</td>
- <td class="DataTD"><?=intval($drow['points'])?></td>
- </tr>
-</table>
-<br><?
- $query = "select * from `email` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`=''
- and `email`!='".mysql_escape_string($row['email'])."'";
- $dres = mysql_query($query);
- if(mysql_num_rows($dres) > 0) { ?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="5" class="title"><?=_("Alternate Verified Email Addresses")?></td>
- </tr><?
- $rc = mysql_num_rows($dres);
- while($drow = mysql_fetch_assoc($dres))
- { ?>
- <tr>
- <td class="DataTD"><?=_("Secondary Emails")?>:</td>
- <td class="DataTD"><?=sanitizeHTML($drow['email'])?></td>
- </tr>
-<? } ?>
-</table>
-<br><? } ?>
-<?
- $query = "select * from `domains` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`=''";
- $dres = mysql_query($query);
- if(mysql_num_rows($dres) > 0) { ?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="5" class="title"><?=_("Verified Domains")?></td>
- </tr><?
- $rc = mysql_num_rows($dres);
- while($drow = mysql_fetch_assoc($dres))
- { ?>
- <tr>
- <td class="DataTD"><?=_("Domain")?>:</td>
- <td class="DataTD"><?=sanitizeHTML($drow['domain'])?></td>
- </tr>
-<? } ?>
-</table>
-<br>
-<? } ?>
-<? // Begin - Debug infos ?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="2" class="title"><?=_("Account State")?></td>
- </tr>
-
+ <tr>
+ <td class="DataTD" colspan="2"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td>
+ </tr>
<?
- // --- bug-975 begin ---
- // potential db inconsistency like in a20110804.1
- // Admin console -> don't list user account
- // User login -> impossible
- // Assurer, assure someone -> user displayed
- /* regular user account search with regular settings
-
- --- Admin Console find user query
- $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email`
- where `users`.`id`=`email`.`memid` and
- (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and
- `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0
- group by `users`.`id` limit 100";
- => requirements
- 1. email.hash = ''
- 2. email.deleted = 0
- 3. users.deleted = 0
- 4. email.email = primary-email (???) or'd
- not covered by admin console find user routine, but may block users login
- 5. users.verified = 0|1
- further "special settings"
- 6. users.locked (setting displayed in display form)
- 7. users.assurer_blocked (setting displayed in display form)
-
- --- User login user query
- select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
- `password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0
- => requirements
- 1. users.verified = 1
- 2. users.deleted = 0
- 3. users.locked = 0
- 4. users.email = primary-email
-
- --- Assurer, assure someone find user query
- select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."'
- and `deleted`=0
- => requirements
- 1. users.deleted = 0
- 2. users.email = primary-email
- Admin User Assurer
- bit Console Login assure someone
-
- 1. email.hash = '' Yes No No
- 2. email.deleted = 0 Yes No No
- 3. users.deleted = 0 Yes Yes Yes
- 4. users.verified = 1 No Yes No
- 5. users.locked = 0 No Yes No
- 6. users.email = prim-email No Yes Yes
- 7. email.email = prim-email Yes No No
-
- full usable account needs all 7 requirements fulfilled
- so if one setting isn't set/cleared there is an inconsistency either way
- if eg email.email is not avail, admin console cannot open user info
- but user can login and assurer can display user info
- if user verified is not set to 1, admin console displays user record
- but user cannot login, but assurer can search for the user and the data displays
-
- consistency check:
- 1. search primary-email in users.email
- 2. search primary-email in email.email
- 3. userid = email.memid
- 4. check settings from table 1. - 5.
-
- */
-
- $inconsistency = 0;
- $inconsistencydisp = "";
- $inccause = "";
- // current userid intval($row['id'])
- $query = "select `email` as `uemail`, `deleted` as `udeleted`, `verified`, `locked`
- from `users` where `id`='".intval($row['id'])."' ";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $uemail = $drow['uemail'];
- $udeleted = $drow['udeleted'];
- $uverified = $drow['verified'];
- $ulocked = $drow['locked'];
-
- $query = "select `hash`, `email` as `eemail` from `email`
- where `memid`='".intval($row['id'])."' and
- `email` ='".$uemail."' and
- `deleted` = 0";
- $dres = mysql_query($query);
- if ($drow = mysql_fetch_assoc($dres)) {
- $drow['edeleted'] = 0;
- } else {
- // try if there are deleted entries
- $query = "select `hash`, `deleted` as `edeleted`, `email` as `eemail` from `email`
- where `memid`='".intval($row['id'])."' and
- `email` ='".$uemail."'";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- }
-
- if ($drow) {
- $eemail = $drow['eemail'];
- $edeleted = $drow['edeleted'];
- $ehash = $drow['hash'];
- if ($udeleted!=0) {
- $inconsistency += 1;
- $inccause .= (empty($inccause)?"":"<br>")._("Users record set to deleted");
- }
- if ($uverified!=1) {
- $inconsistency += 2;
- $inccause .= (empty($inccause)?"":"<br>")._("Users record verified not set");
- }
- if ($ulocked!=0) {
- $inconsistency += 4;
- $inccause .= (empty($inccause)?"":"<br>")._("Users record locked set");
- }
- if ($edeleted!=0) {
- $inconsistency += 8;
- $inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted");
- }
- if ($ehash!='') {
- $inconsistency += 16;
- $inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset");
- }
- } else {
- $inconsistency = 32;
- $inccause = _("Prim. email, Email record doesn't exist");
- }
- if ($inconsistency>0) {
- // $inconsistencydisp = _("Yes");
-?>
- <tr>
- <td class="DataTD"><?=_("Account inconsistency")?>:</td>
- <td class="DataTD"><?=$inccause?><br>code: <?=$inconsistency?></td>
- </tr>
- <tr>
- <td colspan="2" class="DataTD" style="max-width: 75ex">
- <?=_("Account inconsistency can cause problems in daily account ".
- "operations and needs to be fixed manually through arbitration/critical ".
- "team.")?>
- </td>
- </tr>
-<? }
-
- // --- bug-975 end ---
+ }
?>
-</table>
-<br>
+ </table><br><br>
<?
- // End - Debug infos
-?>
+ } elseif(mysql_num_rows($res) == 1) {
+ $row = mysql_fetch_assoc($res);
+ $_REQUEST['userid'] = $row['id'];
+ } else {
+ printf(_("No users found matching %s"), sanitizeHTML($email));
+ }
+}
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="6" class="title"><?=_("Certificates")?></td>
- </tr>
-
- <tr>
- <td class="DataTD"><?=_("Cert Type")?>:</td>
- <td class="DataTD"><?=_("Total")?></td>
- <td class="DataTD"><?=_("Valid")?></td>
- <td class="DataTD"><?=_("Expired")?></td>
- <td class="DataTD"><?=_("Revoked")?></td>
- <td class="DataTD"><?=_("Latest Expire")?></td>
- </tr>
-<!-- server certificates -->
- <tr>
- <td class="DataTD"><?=_("Server")?>:</td>
- <?
- $query = "select COUNT(*) as `total`,
- MAX(`domaincerts`.`expire`) as `maxexpire`
- from `domains` inner join `domaincerts`
- on `domains`.`id` = `domaincerts`.`domid`
- where `domains`.`memid` = '".intval($row['id'])."' ";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $total = $drow['total'];
-
- $maxexpire = "0000-00-00 00:00:00";
- if ($drow['maxexpire']) {
- $maxexpire = $drow['maxexpire'];
- }
-
- if($total > 0) {
- $query = "select COUNT(*) as `valid`
- from `domains` inner join `domaincerts`
- on `domains`.`id` = `domaincerts`.`domid`
- where `domains`.`memid` = '".intval($row['id'])."'
- and `revoked` = '0000-00-00 00:00:00'
- and `expire` > NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $valid = $drow['valid'];
-
- $query = "select COUNT(*) as `expired`
- from `domains` inner join `domaincerts`
- on `domains`.`id` = `domaincerts`.`domid`
- where `domains`.`memid` = '".intval($row['id'])."'
- and `expire` <= NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $expired = $drow['expired'];
-
- $query = "select COUNT(*) as `revoked`
- from `domains` inner join `domaincerts`
- on `domains`.`id` = `domaincerts`.`domid`
- where `domains`.`memid` = '".intval($row['id'])."'
- and `revoked` != '0000-00-00 00:00:00'";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $revoked = $drow['revoked'];
- ?>
- <td class="DataTD"><?=intval($total)?></td>
- <td class="DataTD"><?=intval($valid)?></td>
- <td class="DataTD"><?=intval($expired)?></td>
- <td class="DataTD"><?=intval($revoked)?></td>
- <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?
- substr($maxexpire, 0, 10) : _("Pending")?></td>
- <?
- } else { // $total > 0
- ?>
- <td colspan="5" class="DataTD"><?=_("None")?></td>
- <?
- } ?>
- </tr>
-<!-- client certificates -->
- <tr>
- <td class="DataTD"><?=_("Client")?>:</td>
- <?
- $query = "select COUNT(*) as `total`, MAX(`expire`) as `maxexpire`
- from `emailcerts`
- where `memid` = '".intval($row['id'])."' ";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $total = $drow['total'];
-
- $maxexpire = "0000-00-00 00:00:00";
- if ($drow['maxexpire']) {
- $maxexpire = $drow['maxexpire'];
- }
-
- if($total > 0) {
- $query = "select COUNT(*) as `valid`
- from `emailcerts`
- where `memid` = '".intval($row['id'])."'
- and `revoked` = '0000-00-00 00:00:00'
- and `expire` > NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $valid = $drow['valid'];
-
- $query = "select COUNT(*) as `expired`
- from `emailcerts`
- where `memid` = '".intval($row['id'])."'
- and `expire` <= NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $expired = $drow['expired'];
-
- $query = "select COUNT(*) as `revoked`
- from `emailcerts`
- where `memid` = '".intval($row['id'])."'
- and `revoked` != '0000-00-00 00:00:00'";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $revoked = $drow['revoked'];
- ?>
- <td class="DataTD"><?=intval($total)?></td>
- <td class="DataTD"><?=intval($valid)?></td>
- <td class="DataTD"><?=intval($expired)?></td>
- <td class="DataTD"><?=intval($revoked)?></td>
- <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?
- substr($maxexpire, 0, 10) : _("Pending")?></td>
- <?
- } else { // $total > 0
- ?>
- <td colspan="5" class="DataTD"><?=_("None")?></td>
- <?
- } ?>
- </tr>
-<!-- gpg certificates -->
- <tr>
- <td class="DataTD"><?=_("GPG")?>:</td>
- <?
- $query = "select COUNT(*) as `total`, MAX(`expire`) as `maxexpire`
- from `gpg`
- where `memid` = '".intval($row['id'])."' ";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $total = $drow['total'];
-
- $maxexpire = "0000-00-00 00:00:00";
- if ($drow['maxexpire']) {
- $maxexpire = $drow['maxexpire'];
- }
-
- if($total > 0) {
- $query = "select COUNT(*) as `valid`
- from `gpg`
- where `memid` = '".intval($row['id'])."'
- and `expire` > NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $valid = $drow['valid'];
-
- $query = "select COUNT(*) as `expired`
- from `gpg`
- where `memid` = '".intval($row['id'])."'
- and `expire` <= NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $expired = $drow['expired'];
-
- ?>
- <td class="DataTD"><?=intval($total)?></td>
- <td class="DataTD"><?=intval($valid)?></td>
- <td class="DataTD"><?=intval($expired)?></td>
- <td class="DataTD"></td>
- <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?
- substr($maxexpire, 0, 10) : _("Pending")?></td>
- <?
- } else { // $total > 0
- ?>
- <td colspan="5" class="DataTD"><?=_("None")?></td>
- <?
- } ?>
- </tr>
-<!-- org server certificates -->
- <tr>
- <td class="DataTD"><a href="account.php?id=58&amp;userid=<?=intval($row['id'])?>"><?=_("Org Server")?></a>:</td>
- <?
- $query = "select COUNT(*) as `total`,
- MAX(`orgcerts`.`expire`) as `maxexpire`
- from `orgdomaincerts` as `orgcerts` inner join `org`
- on `orgcerts`.`orgid` = `org`.`orgid`
- where `org`.`memid` = '".intval($row['id'])."' ";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $total = $drow['total'];
-
- $maxexpire = "0000-00-00 00:00:00";
- if ($drow['maxexpire']) {
- $maxexpire = $drow['maxexpire'];
- }
-
- if($total > 0) {
- $query = "select COUNT(*) as `valid`
- from `orgdomaincerts` as `orgcerts` inner join `org`
- on `orgcerts`.`orgid` = `org`.`orgid`
- where `org`.`memid` = '".intval($row['id'])."'
- and `orgcerts`.`revoked` = '0000-00-00 00:00:00'
- and `orgcerts`.`expire` > NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $valid = $drow['valid'];
-
- $query = "select COUNT(*) as `expired`
- from `orgdomaincerts` as `orgcerts` inner join `org`
- on `orgcerts`.`orgid` = `org`.`orgid`
- where `org`.`memid` = '".intval($row['id'])."'
- and `orgcerts`.`expire` <= NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $expired = $drow['expired'];
-
- $query = "select COUNT(*) as `revoked`
- from `orgdomaincerts` as `orgcerts` inner join `org`
- on `orgcerts`.`orgid` = `org`.`orgid`
- where `org`.`memid` = '".intval($row['id'])."'
- and `orgcerts`.`revoked` != '0000-00-00 00:00:00'";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $revoked = $drow['revoked'];
- ?>
- <td class="DataTD"><?=intval($total)?></td>
- <td class="DataTD"><?=intval($valid)?></td>
- <td class="DataTD"><?=intval($expired)?></td>
- <td class="DataTD"><?=intval($revoked)?></td>
- <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?
- substr($maxexpire, 0, 10) : _("Pending")?></td>
- <?
- } else { // $total > 0
- ?>
- <td colspan="5" class="DataTD"><?=_("None")?></td>
- <?
- } ?>
- </tr>
-<!-- org client certificates -->
- <tr>
- <td class="DataTD"><?=_("Org Client")?>:</td>
- <?
- $query = "select COUNT(*) as `total`,
- MAX(`orgcerts`.`expire`) as `maxexpire`
- from `orgemailcerts` as `orgcerts` inner join `org`
- on `orgcerts`.`orgid` = `org`.`orgid`
- where `org`.`memid` = '".intval($row['id'])."' ";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $total = $drow['total'];
-
- $maxexpire = "0000-00-00 00:00:00";
- if ($drow['maxexpire']) {
- $maxexpire = $drow['maxexpire'];
- }
-
- if($total > 0) {
- $query = "select COUNT(*) as `valid`
- from `orgemailcerts` as `orgcerts` inner join `org`
- on `orgcerts`.`orgid` = `org`.`orgid`
- where `org`.`memid` = '".intval($row['id'])."'
- and `orgcerts`.`revoked` = '0000-00-00 00:00:00'
- and `orgcerts`.`expire` > NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $valid = $drow['valid'];
-
- $query = "select COUNT(*) as `expired`
- from `orgemailcerts` as `orgcerts` inner join `org`
- on `orgcerts`.`orgid` = `org`.`orgid`
- where `org`.`memid` = '".intval($row['id'])."'
- and `orgcerts`.`expire` <= NOW()";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $expired = $drow['expired'];
-
- $query = "select COUNT(*) as `revoked`
- from `orgemailcerts` as `orgcerts` inner join `org`
- on `orgcerts`.`orgid` = `org`.`orgid`
- where `org`.`memid` = '".intval($row['id'])."'
- and `orgcerts`.`revoked` != '0000-00-00 00:00:00'";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $revoked = $drow['revoked'];
- ?>
- <td class="DataTD"><?=intval($total)?></td>
- <td class="DataTD"><?=intval($valid)?></td>
- <td class="DataTD"><?=intval($expired)?></td>
- <td class="DataTD"><?=intval($revoked)?></td>
- <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?
- substr($maxexpire, 0, 10) : _("Pending")?></td>
- <?
- } else { // $total > 0
- ?>
- <td colspan="5" class="DataTD"><?=_("None")?></td>
- <?
- } ?>
- </tr>
- <tr>
- <td colspan="6" class="title">
- <form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to revoke all private certificates?")?>')) return false;">
- <input type="hidden" name="action" value="revokecert">
- <input type="hidden" name="oldid" value="43">
- <input type="hidden" name="userid" value="<?=intval($userid)?>">
- <input type="submit" value="<?=_('revoke certificates')?>">
- </form>
- </td>
- </tr>
-</table>
-<br>
-
-
-<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredto"><?=_("Show Assurances the user got")?></a>
- (<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredto15"><?=_("New calculation")?></a>)
-<br />
-<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredby"><?=_("Show Assurances the user gave")?></a>
- (<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredby15"><?=_("New calculation")?></a>)
-<br />
+// display user information for given user id
+if(intval($_REQUEST['userid']) > 0) {
+ $userid = intval($_REQUEST['userid']);
+ $res =get_user_data($userid);
+ if(mysql_num_rows($res) <= 0) {
+ echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
+ } else {
+ $row = mysql_fetch_assoc($res);
+ $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."' and `deleted` = 0";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $alerts =get_alerts(intval($row['id']));
-<?
-// if(array_key_exists('assuredto',$_GET) && $_GET['assuredto'] == "yes") {
+//display account data
-function showassuredto()
-{
-?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="8" class="title"><?=_("Assurance Points")?></td>
- </tr>
- <tr>
- <td class="DataTD"><b><?=_("ID")?></b></td>
- <td class="DataTD"><b><?=_("Date")?></b></td>
- <td class="DataTD"><b><?=_("Who")?></b></td>
- <td class="DataTD"><b><?=_("Email")?></b></td>
- <td class="DataTD"><b><?=_("Points")?></b></td>
- <td class="DataTD"><b><?=_("Location")?></b></td>
- <td class="DataTD"><b><?=_("Method")?></b></td>
- <td class="DataTD"><b><?=_("Revoke")?></b></td>
- </tr>
-<?
- $query = "select * from `notary` where `to`='".intval($_GET['userid'])."'";
- $dres = mysql_query($query);
- $points = 0;
- while($drow = mysql_fetch_assoc($dres))
- {
- $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['from'])."'"));
- $points += $drow['points'];
-?>
- <tr>
- <td class="DataTD"><?=$drow['id']?></td>
- <td class="DataTD"><?=sanitizeHTML($drow['date'])?></td>
- <td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['fname'])." ".sanitizeHTML($fromuser['lname'])?></td>
- <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td>
- <td class="DataTD"><?=intval($drow['points'])?></td>
- <td class="DataTD"><?=sanitizeHTML($drow['location'])?></td>
- <td class="DataTD"><?=sanitizeHTML($drow['method'])?></td>
- <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>&amp;assurance=<?=intval($drow['id'])?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$drow['id'])?>');"><?=_("Revoke")?></a></td>
- </tr>
-<? } ?>
- <tr>
- <td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td>
- <td class="DataTD"><?=$points?></td>
- <td class="DataTD" colspan="3">&nbsp;</td>
- </tr>
-</table>
-<? } ?>
+//deletes an assurance
+ if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0 && $ticketvalidation == true)
+ {
+ $assurance = mysql_escape_string(intval($_REQUEST['assurance']));
+ $trow = 0;
+ $res = mysql_query("select `to` from `notary` where `id`='$assurance'");
+ if ($res) {
+ $trow = mysql_fetch_assoc($res);
+ }
+ mysql_query("update `notary` set `deleted`=NOW() where `id`='$assurance'");
+ if ($trow) {
+ fix_assurer_flag($trow['to']);
+ write_se_log($userid, $_SESSION['profile']['id'], 'SE assurance revoke', $ticketno);
+ }
+ } elseif(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0 && $ticketvalidation == FALSE) {
+ $ticketmsg=_('No assurance revoked. Ticket number is missing!');
+ }
-<?
-function showassuredby()
-{
+//Ticket number
?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="8" class="title"><?=_("Assurance Points The User Issued")?></td>
- </tr>
- <tr>
- <td class="DataTD"><b><?=_("ID")?></b></td>
- <td class="DataTD"><b><?=_("Date")?></b></td>
- <td class="DataTD"><b><?=_("Who")?></b></td>
- <td class="DataTD"><b><?=_("Email")?></b></td>
- <td class="DataTD"><b><?=_("Points")?></b></td>
- <td class="DataTD"><b><?=_("Location")?></b></td>
- <td class="DataTD"><b><?=_("Method")?></b></td>
- <td class="DataTD"><b><?=_("Revoke")?></b></td>
- </tr>
+
+<form method="post" action="account.php?id=43&userid=<?=intval($_REQUEST['userid'])?>">
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_('Ticket handling') ?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_('Ticket no')?>:</td>
+ <td class="DataTD"><input type="text" name="ticketno" value="<?=$ticketno?>"/></td>
+ </tr>
+ <tr>
+ <td colspan="2" class="DataTDError"><?=$ticketmsg?></td><?php $_SESSION['ticketmsg']='' ?>
+ </tr>
+ <tr>
+ <td colspan="2" ><input type="submit" value="<?=_('Set ticket number') ?>"></td>
+ </tr>
+ </table>
+</form>
+<br/>
+
+
+<!-- display data table -->
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><? printf(_("%s's Account Details"), sanitizeHTML($row['email'])); ?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Email")?>:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['email'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("First Name")?>:</td>
+ <td class="DataTD"><form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to modify this DOB and/or last name?")?>')) return false;">
+ <input type="hidden" name="csrf" value="<?=make_csrf('admchangepers')?>" />
+ <input type="text" name="fname" value="<?=sanitizeHTML($row['fname'])?>">
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Middle Name")?>:</td>
+ <td class="DataTD"><input type="text" name="mname" value="<?=sanitizeHTML($row['mname'])?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Last Name")?>:</td>
+ <td class="DataTD"> <input type="hidden" name="oldid" value="43">
+ <input type="hidden" name="action" value="updatedob">
+ <input type="hidden" name="userid" value="<?=intval($userid)?>">
+ <input type="text" name="lname" value="<?=sanitizeHTML($row['lname'])?>">
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Suffix")?>:</td>
+ <td class="DataTD"><input type="text" name="suffix" value="<?=sanitizeHTML($row['suffix'])?>"></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Date of Birth")?>:</td>
+ <td class="DataTD">
+ <?
+ $year = intval(substr($row['dob'], 0, 4));
+ $month = intval(substr($row['dob'], 5, 2));
+ $day = intval(substr($row['dob'], 8, 2));
+ ?>
+ <nobr>
+ <select name="day">
+ <?
+ for($i = 1; $i <= 31; $i++) {
+ echo "<option";
+ if($day == $i) {
+ echo " selected='selected'";
+ }
+ echo ">$i</option>";
+ }
+ ?>
+ </select>
+ <select name="month">
+ <?
+ for($i = 1; $i <= 12; $i++) {
+ echo "<option value='$i'";
+ if($month == $i)
+ echo " selected='selected'";
+ echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))."</option>";
+ }
+ ?>
+ </select>
+ <input type="text" name="year" value="<?=$year?>" size="4">
+ <input type="submit" value="Go">
+ <input type="hidden" name="ticketno" value="<?=$ticketno?>"/>
+ </form>
+ </nobr>
+ </td>
+ </tr>
+
+ <? // list of flags ?>
+ <tr>
+ <td class="DataTD"><?=_("CCA accepted")?>:</td>
+ <td class="DataTD"><a href="account.php?id=57&amp;userid=<?=intval($row['id'])?>"><?=intval(get_user_agreement_status($row['id'])) ? _("Yes") : _("No") ?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Trainings")?>:</td>
+ <td class="DataTD"><a href="account.php?id=55&amp;userid=<?=intval($row['id'])?>">show</a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Is Assurer")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;assurer=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admsetassuret')?>&amp;ticketno=<?=$ticketno?>"><?=$row['assurer']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Blocked Assurer")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;assurer_blocked=<?=intval($row['id'])?>&amp;ticketno=<?=$ticketno?>"><?=$row['assurer_blocked']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Account Locking")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;locked=<?=$row['id']?>&amp;csrf=<?=make_csrf('admactlock')?>&amp;ticketno=<?=$ticketno?>"><?=$row['locked']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Code Signing")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;codesign=<?=$row['id']?>&amp;csrf=<?=make_csrf('admcodesign')?>&amp;ticketno=<?=$ticketno?>"><?=$row['codesign']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Org Assurer")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;orgadmin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admorgadmin')?>&amp;ticketno=<?=$ticketno?>"><?=$row['orgadmin']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("TTP Admin")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;ttpadmin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admttpadmin')?>&amp;ticketno=<?=$ticketno?>"><?=$row['ttpadmin']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Location Admin")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;locadmin=<?=$row['id']?>&amp;ticketno=<?=$ticketno?>"><?=$row['locadmin']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Admin")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;admin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admsetadmin')?>&amp;ticketno=<?=$ticketno?>"><?=$row['admin']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Ad Admin")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;adadmin=<?=$row['id']?>&amp;ticketno=<?=$ticketno?>"><?=$row['adadmin']?></a> (0 = none, 1 = submit, 2 = approve)</td>
+ </tr>
+ <!-- presently not needed
+ <tr>
+ <td class="DataTD"><?=_("Tverify Account")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;tverify=<?=$row['id']?>&amp;ticketno=<?=$ticketno?>"><?=$row['tverify']?></a></td>
+ </tr>
+ -->
+ <tr>
+ <td class="DataTD"><?=_("General Announcements")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;general=<?=$row['id']?>&amp;ticketno=<?=$ticketno?>"><?=$alerts['general']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Country Announcements")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;country=<?=$row['id']?>&amp;ticketno=<?=$ticketno?>"><?=$alerts['country']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Regional Announcements")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;regional=<?=$row['id']?>&amp;ticketno=<?=$ticketno?>"><?=$alerts['regional']?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Within 200km Announcements")?>:</td>
+ <td class="DataTD"><a href="account.php?id=43&amp;radius=<?=$row['id']?>&amp;ticketno=<?=$ticketno?>"><?=$alerts['radius']?></a></td>
+ </tr>
+ <? //change password, view secret questions and delete account section ?>
+ <tr>
+ <td class="DataTD"><?=_("Change Password")?>:</td>
+ <td class="DataTD"><a href="account.php?id=44&amp;userid=<?=$row['id']?>&amp;ticketno=<?=$ticketno?>"><?=_("Change Password")?></a></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Delete Account")?>:</td>
+ <td class="DataTD"><a href="account.php?id=50&amp;userid=<?=$row['id']?>&amp;csrf=<?=make_csrf('admdelaccount')?>&amp;ticketno=<?=$ticketno?>"><?=_("Delete Account")?></a></td>
+ </tr>
+ <?
+ // This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!!
+ if(array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==true) {
+ write_se_log($userid, $_SESSION['profile']['id'], 'SE view lost password information', $ticketno);
+ ?>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - Q1:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['Q1'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - A1:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['A1'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - Q2:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['Q2'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - A2:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['A2'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - Q3:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['Q3'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - A3:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['A3'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - Q4:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['Q4'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - A4:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['A4'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - Q5:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['Q5'])?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Lost Password")?> - A5:</td>
+ <td class="DataTD"><?=sanitizeHTML($row['A5'])?></td>
+ </tr>
+ <?
+ } elseif (array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==false) {
+ ?>
+ <tr>
+ <td class="DataTD" colspan="2"><?=_('No access granted. Ticket number is missing')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;showlostpw=yes&amp;ticketno=<?=$ticketno?>"><?=_("Show Lost Password Details")?></a></td>
+ </tr>
+ <?
+ } else {
+ ?>
+ <tr>
+ <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;showlostpw=yes&amp;ticketno=<?=$ticketno?>"><?=_("Show Lost Password Details")?></a></td>
+ </tr>
+ <? }
+
+ // list assurance points
+ ?>
+ <tr>
+ <td class="DataTD"><?=_("Assurance Points")?>:</td>
+ <td class="DataTD"><?=intval($drow['points'])?></td>
+ </tr>
+ <?
+ // show account history
+ ?>
+ <tr>
+ <td class="DataTD" colspan="2"><a href="account.php?id=59&amp;oldid=43&amp;userid=<?=intval($row['id'])?>&amp;ticketno=<?=$ticketno?>"><?=_('Show account history')?></a></td>
+ </tr>
+ </table>
+ <br/>
+ <?
+ //list secondary email addresses
+ $dres = get_email_address(intval($row['id']),mysql_real_escape_string($row['email']));
+ if(mysql_num_rows($dres) > 0) {
+ ?>
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><?=_("Alternate Verified Email Addresses")?></td>
+ </tr>
+ <?
+ $rc = mysql_num_rows($dres);
+ while($drow = mysql_fetch_assoc($dres)) {
+ ?>
+ <tr>
+ <td class="DataTD"><?=_("Secondary Emails")?>:</td>
+ <td class="DataTD"><?=sanitizeHTML($drow['email'])?></td>
+ </tr>
+ <?
+ }
+ ?>
+ </table>
+ <br/>
+ <?
+ }
+
+ // list of domains domains
+ $dres=get_domains(intval($row['id']));
+ if(mysql_num_rows($dres) > 0) {
+ ?>
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><?=_("Verified Domains")?></td>
+ </tr>
+ <?
+ $rc = mysql_num_rows($dres);
+ while($drow = mysql_fetch_assoc($dres)) {
+ ?>
+ <tr>
+ <td class="DataTD"><?=_("Domain")?>:</td>
+ <td class="DataTD"><?=sanitizeHTML($drow['domain'])?></td>
+ </tr>
+ <?
+ }
+ ?>
+ </table>
+ <br/>
+ <?
+ }
+ ?>
+ <? // Begin - Debug infos ?>
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="2" class="title"><?=_("Account State")?></td>
+ </tr>
+
+ <?
+ // --- bug-975 begin ---
+ // potential db inconsistency like in a20110804.1
+ // Admin console -> don't list user account
+ // User login -> impossible
+ // Assurer, assure someone -> user displayed
+ /* regular user account search with regular settings
+
+ --- Admin Console find user query
+ $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email`
+ where `users`.`id`=`email`.`memid` and
+ (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and
+ `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0
+ group by `users`.`id` limit 100";
+ => requirements
+ 1. email.hash = ''
+ 2. email.deleted = 0
+ 3. users.deleted = 0
+ 4. email.email = primary-email (???) or'd
+ not covered by admin console find user routine, but may block users login
+ 5. users.verified = 0|1
+ further "special settings"
+ 6. users.locked (setting displayed in display form)
+ 7. users.assurer_blocked (setting displayed in display form)
+
+ --- User login user query
+ select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
+ `password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0
+ => requirements
+ 1. users.verified = 1
+ 2. users.deleted = 0
+ 3. users.locked = 0
+ 4. users.email = primary-email
+
+ --- Assurer, assure someone find user query
+ select * from `users` where `email`='".mysql_real_escape_string(stripslashes($_POST['email']))."'
+ and `deleted`=0
+ => requirements
+ 1. users.deleted = 0
+ 2. users.email = primary-email
+
+ Admin User Assurer
+ bit Console Login assure someone
+
+ 1. email.hash = '' Yes No No
+ 2. email.deleted = 0 Yes No No
+ 3. users.deleted = 0 Yes Yes Yes
+ 4. users.verified = 1 No Yes No
+ 5. users.locked = 0 No Yes No
+ 6. users.email = prim-email No Yes Yes
+ 7. email.email = prim-email Yes No No
+
+ full usable account needs all 7 requirements fulfilled
+ so if one setting isn't set/cleared there is an inconsistency either way
+ if eg email.email is not avail, admin console cannot open user info
+ but user can login and assurer can display user info
+ if user verified is not set to 1, admin console displays user record
+ but user cannot login, but assurer can search for the user and the data displays
+
+ consistency check:
+ 1. search primary-email in users.email
+ 2. search primary-email in email.email
+ 3. userid = email.memid
+ 4. check settings from table 1. - 5.
+
+ */
+
+ $inconsistency = 0;
+ $inconsistencydisp = "";
+ $inccause = "";
+
+ // current userid intval($row['id'])
+ $query = "select `email` as `uemail`, `deleted` as `udeleted`, `verified`, `locked`
+ from `users` where `id`='".intval($row['id'])."' ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $uemail = $drow['uemail'];
+ $udeleted = $drow['udeleted'];
+ $uverified = $drow['verified'];
+ $ulocked = $drow['locked'];
+
+ $query = "select `hash`, `email` as `eemail` from `email`
+ where `memid`='".intval($row['id'])."' and
+ `email` ='".$uemail."' and
+ `deleted` = 0";
+ $dres = mysql_query($query);
+ if ($drow = mysql_fetch_assoc($dres)) {
+ $drow['edeleted'] = 0;
+ } else {
+ // try if there are deleted entries
+ $query = "select `hash`, `deleted` as `edeleted`, `email` as `eemail` from `email`
+ where `memid`='".intval($row['id'])."' and
+ `email` ='".$uemail."'";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ }
+
+ if ($drow) {
+ $eemail = $drow['eemail'];
+ $edeleted = $drow['edeleted'];
+ $ehash = $drow['hash'];
+ if ($udeleted!=0) {
+ $inconsistency += 1;
+ $inccause .= (empty($inccause)?"":"<br>")._("Users record set to deleted");
+ }
+ if ($uverified!=1) {
+ $inconsistency += 2;
+ $inccause .= (empty($inccause)?"":"<br>")._("Users record verified not set");
+ }
+ if ($ulocked!=0) {
+ $inconsistency += 4;
+ $inccause .= (empty($inccause)?"":"<br>")._("Users record locked set");
+ }
+ if ($edeleted!=0) {
+ $inconsistency += 8;
+ $inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted");
+ }
+ if ($ehash!='') {
+ $inconsistency += 16;
+ $inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset");
+ }
+ } else {
+ $inconsistency = 32;
+ $inccause = _("Prim. email, Email record doesn't exist");
+ }
+ if ($inconsistency>0) {
+ // $inconsistencydisp = _("Yes");
+ ?>
+ <tr>
+ <td class="DataTD"><?=_("Account inconsistency")?>:</td>
+ <td class="DataTD"><?=$inccause?><br>code: <?=$inconsistency?></td>
+ </tr>
+ <tr>
+ <td colspan="2" class="DataTD" style="max-width: 75ex;">
+ <?=_("Account inconsistency can cause problems in daily account operations and needs to be fixed manually through arbitration/critical team.")?>
+ </td>
+ </tr>
+ <?
+ }
+
+ // --- bug-975 end ---
+ ?>
+ </table>
+ <br />
+ <?
+ // End - Debug infos
+
+ // certificate overview
+ ?>
+
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="6" class="title"><?=_("Certificates")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Cert Type")?>:</td>
+ <td class="DataTD"><?=_("Total")?></td>
+ <td class="DataTD"><?=_("Valid")?></td>
+ <td class="DataTD"><?=_("Expired")?></td>
+ <td class="DataTD"><?=_("Revoked")?></td>
+ <td class="DataTD"><?=_("Latest Expire")?></td>
+ </tr>
+ <!-- server certificates -->
+ <tr>
+ <td class="DataTD"><?=_("Server")?>:</td>
+ <?
+ $query = "
+ select COUNT(*) as `total`,
+ MAX(`domaincerts`.`expire`) as `maxexpire`
+ from `domains` inner join `domaincerts`
+ on `domains`.`id` = `domaincerts`.`domid`
+ where `domains`.`memid` = '".intval($row['id'])."'
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $total = $drow['total'];
+
+ $maxexpire = "0000-00-00 00:00:00";
+ if ($drow['maxexpire']) {
+ $maxexpire = $drow['maxexpire'];
+ }
+
+ if($total > 0) {
+ $query = "
+ select COUNT(*) as `valid`
+ from `domains` inner join `domaincerts`
+ on `domains`.`id` = `domaincerts`.`domid`
+ where `domains`.`memid` = '".intval($row['id'])."'
+ and `revoked` = '0000-00-00 00:00:00'
+ and `expire` > NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $valid = $drow['valid'];
+
+ $query = "
+ select COUNT(*) as `expired`
+ from `domains` inner join `domaincerts`
+ on `domains`.`id` = `domaincerts`.`domid`
+ where `domains`.`memid` = '".intval($row['id'])."'
+ and `expire` <= NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $expired = $drow['expired'];
+
+ $query = "
+ select COUNT(*) as `revoked`
+ from `domains` inner join `domaincerts`
+ on `domains`.`id` = `domaincerts`.`domid`
+ where `domains`.`memid` = '".intval($row['id'])."'
+ and `revoked` != '0000-00-00 00:00:00'
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $revoked = $drow['revoked'];
+ ?>
+ <td class="DataTD"><?=intval($total)?></td>
+ <td class="DataTD"><?=intval($valid)?></td>
+ <td class="DataTD"><?=intval($expired)?></td>
+ <td class="DataTD"><?=intval($revoked)?></td>
+ <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
+ <?
+ } else { // $total > 0
+ ?>
+ <td colspan="5" class="DataTD"><?=_("None")?></td>
+ <?
+ }
+ ?>
+ </tr>
+ <!-- client certificates -->
+ <tr>
+ <td class="DataTD"><?=_("Client")?>:</td>
+ <?
+ $query = "
+ select COUNT(*) as `total`, MAX(`expire`) as `maxexpire`
+ from `emailcerts`
+ where `memid` = '".intval($row['id'])."'
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $total = $drow['total'];
+
+ $maxexpire = "0000-00-00 00:00:00";
+ if ($drow['maxexpire']) {
+ $maxexpire = $drow['maxexpire'];
+ }
+
+ if($total > 0) {
+ $query = "
+ select COUNT(*) as `valid`
+ from `emailcerts`
+ where `memid` = '".intval($row['id'])."'
+ and `revoked` = '0000-00-00 00:00:00'
+ and `expire` > NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $valid = $drow['valid'];
+
+ $query = "
+ select COUNT(*) as `expired`
+ from `emailcerts`
+ where `memid` = '".intval($row['id'])."'
+ and `expire` <= NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $expired = $drow['expired'];
+
+ $query = "
+ select COUNT(*) as `revoked`
+ from `emailcerts`
+ where `memid` = '".intval($row['id'])."'
+ and `revoked` != '0000-00-00 00:00:00'
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $revoked = $drow['revoked'];
+ ?>
+ <td class="DataTD"><?=intval($total)?></td>
+ <td class="DataTD"><?=intval($valid)?></td>
+ <td class="DataTD"><?=intval($expired)?></td>
+ <td class="DataTD"><?=intval($revoked)?></td>
+ <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
+ <?
+ } else { // $total > 0
+ ?>
+ <td colspan="5" class="DataTD"><?=_("None")?></td>
+ <?
+ }
+ ?>
+ </tr>
+ <!-- gpg certificates -->
+ <tr>
+ <td class="DataTD"><?=_("GPG")?>:</td>
+ <?
+ $query = "
+ select COUNT(*) as `total`, MAX(`expire`) as `maxexpire`
+ from `gpg`
+ where `memid` = '".intval($row['id'])."'
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $total = $drow['total'];
+
+ $maxexpire = "0000-00-00 00:00:00";
+ if ($drow['maxexpire']) {
+ $maxexpire = $drow['maxexpire'];
+ }
+
+ if($total > 0) {
+ $query = "
+ select COUNT(*) as `valid`
+ from `gpg`
+ where `memid` = '".intval($row['id'])."'
+ and `expire` > NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $valid = $drow['valid'];
+
+ $query = "
+ select COUNT(*) as `expired`
+ from `gpg`
+ where `memid` = '".intval($row['id'])."'
+ and `expire` <= NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $expired = $drow['expired'];
+ ?>
+ <td class="DataTD"><?=intval($total)?></td>
+ <td class="DataTD"><?=intval($valid)?></td>
+ <td class="DataTD"><?=intval($expired)?></td>
+ <td class="DataTD"></td>
+ <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
+ <?
+ } else { // $total > 0
+ ?>
+ <td colspan="5" class="DataTD"><?=_("None")?></td>
+ <?
+ }
+ ?>
+ </tr>
+ <!-- org server certificates -->
+ <tr>
+ <td class="DataTD"><a href="account.php?id=58&amp;userid=<?=intval($row['id'])?>"><?=_("Org Server")?></a>:</td>
+ <?
+ $query = "
+ select COUNT(*) as `total`,
+ MAX(`orgcerts`.`expire`) as `maxexpire`
+ from `orgdomaincerts` as `orgcerts` inner join `org`
+ on `orgcerts`.`orgid` = `org`.`orgid`
+ where `org`.`memid` = '".intval($row['id'])."'
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $total = $drow['total'];
+
+ $maxexpire = "0000-00-00 00:00:00";
+ if ($drow['maxexpire']) {
+ $maxexpire = $drow['maxexpire'];
+ }
+
+ if($total > 0) {
+ $query = "
+ select COUNT(*) as `valid`
+ from `orgdomaincerts` as `orgcerts` inner join `org`
+ on `orgcerts`.`orgid` = `org`.`orgid`
+ where `org`.`memid` = '".intval($row['id'])."'
+ and `orgcerts`.`revoked` = '0000-00-00 00:00:00'
+ and `orgcerts`.`expire` > NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $valid = $drow['valid'];
+
+ $query = "
+ select COUNT(*) as `expired`
+ from `orgdomaincerts` as `orgcerts` inner join `org`
+ on `orgcerts`.`orgid` = `org`.`orgid`
+ where `org`.`memid` = '".intval($row['id'])."'
+ and `orgcerts`.`expire` <= NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $expired = $drow['expired'];
+
+ $query = "
+ select COUNT(*) as `revoked`
+ from `orgdomaincerts` as `orgcerts` inner join `org`
+ on `orgcerts`.`orgid` = `org`.`orgid`
+ where `org`.`memid` = '".intval($row['id'])."'
+ and `orgcerts`.`revoked` != '0000-00-00 00:00:00'
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $revoked = $drow['revoked'];
+ ?>
+ <td class="DataTD"><?=intval($total)?></td>
+ <td class="DataTD"><?=intval($valid)?></td>
+ <td class="DataTD"><?=intval($expired)?></td>
+ <td class="DataTD"><?=intval($revoked)?></td>
+ <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
+ <?
+ } else { // $total > 0
+ ?>
+ <td colspan="5" class="DataTD"><?=_("None")?></td>
+ <?
+ }
+ ?>
+ </tr>
+ <!-- org client certificates -->
+ <tr>
+ <td class="DataTD"><?=_("Org Client")?>:</td>
+ <?
+ $query = "
+ select COUNT(*) as `total`,
+ MAX(`orgcerts`.`expire`) as `maxexpire`
+ from `orgemailcerts` as `orgcerts` inner join `org`
+ on `orgcerts`.`orgid` = `org`.`orgid`
+ where `org`.`memid` = '".intval($row['id'])."'
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $total = $drow['total'];
+
+ $maxexpire = "0000-00-00 00:00:00";
+ if ($drow['maxexpire']) {
+ $maxexpire = $drow['maxexpire'];
+ }
+
+ if($total > 0) {
+ $query = "
+ select COUNT(*) as `valid`
+ from `orgemailcerts` as `orgcerts` inner join `org`
+ on `orgcerts`.`orgid` = `org`.`orgid`
+ where `org`.`memid` = '".intval($row['id'])."'
+ and `orgcerts`.`revoked` = '0000-00-00 00:00:00'
+ and `orgcerts`.`expire` > NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $valid = $drow['valid'];
+
+ $query = "
+ select COUNT(*) as `expired`
+ from `orgemailcerts` as `orgcerts` inner join `org`
+ on `orgcerts`.`orgid` = `org`.`orgid`
+ where `org`.`memid` = '".intval($row['id'])."'
+ and `orgcerts`.`expire` <= NOW()
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $expired = $drow['expired'];
+
+ $query = "
+ select COUNT(*) as `revoked`
+ from `orgemailcerts` as `orgcerts` inner join `org`
+ on `orgcerts`.`orgid` = `org`.`orgid`
+ where `org`.`memid` = '".intval($row['id'])."'
+ and `orgcerts`.`revoked` != '0000-00-00 00:00:00'
+ ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $revoked = $drow['revoked'];
+ ?>
+ <td class="DataTD"><?=intval($total)?></td>
+ <td class="DataTD"><?=intval($valid)?></td>
+ <td class="DataTD"><?=intval($expired)?></td>
+ <td class="DataTD"><?=intval($revoked)?></td>
+ <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
+ <?
+ } else { // $total > 0
+ ?>
+ <td colspan="5" class="DataTD"><?=_("None")?></td>
+ <?
+ }
+ ?>
+ </tr>
+ <tr>
+ <td colspan="6" class="title">
+ <form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to revoke all private certificates?")?>')) return false;">
+ <input type="hidden" name="action" value="revokecert">
+ <input type="hidden" name="oldid" value="43">
+ <input type="hidden" name="userid" value="<?=intval($userid)?>">
+ <input type="submit" value="<?=_('revoke certificates')?>">
+ <input type="hidden" name="ticketno" value="<?=$ticketno?>"/>
+ </form>
+ </td>
+ </tr>
+ </table>
+ <br />
+ <? // list assurances ?>
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td class="DataTD">
+ <a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredto&amp;ticketno=<?=$ticketno?>"><?=_("Show Assurances the user got")?></a>
+ (<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredto15&amp;ticketno=<?=$ticketno?>"><?=_("New calculation")?></a>)
+ </td>
+ </tr>
+ <tr>
+ <td class="DataTD">
+ <a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredby&amp;ticketno=<?=$ticketno?>"><?=_("Show Assurances the user gave")?></a>
+ (<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredby15&amp;ticketno=<?=$ticketno?>"><?=_("New calculation")?></a>)
+ </td>
+ </tr>
+ </table>
+ <?
+ // if(array_key_exists('assuredto',$_GET) && $_GET['assuredto'] == "yes") {
+
+ function showassuredto($ticketno)
+ {
+ ?>
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="8" class="title"><?=_("Assurance Points")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><b><?=_("ID")?></b></td>
+ <td class="DataTD"><b><?=_("Date")?></b></td>
+ <td class="DataTD"><b><?=_("Who")?></b></td>
+ <td class="DataTD"><b><?=_("Email")?></b></td>
+ <td class="DataTD"><b><?=_("Points")?></b></td>
+ <td class="DataTD"><b><?=_("Location")?></b></td>
+ <td class="DataTD"><b><?=_("Method")?></b></td>
+ <td class="DataTD"><b><?=_("Revoke")?></b></td>
+ </tr>
+ <?
+ $query = "select * from `notary` where `to`='".intval($_GET['userid'])."' and `deleted` = 0";
+ $dres = mysql_query($query);
+ $points = 0;
+ while($drow = mysql_fetch_assoc($dres)) {
+ $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['from'])."'"));
+ $points += $drow['points'];
+ ?>
+ <tr>
+ <td class="DataTD"><?=$drow['id']?></td>
+ <td class="DataTD"><?=sanitizeHTML($drow['date'])?></td>
+ <td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['fname'])." ".sanitizeHTML($fromuser['lname'])?></td>
+ <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td>
+ <td class="DataTD"><?=intval($drow['points'])?></td>
+ <td class="DataTD"><?=sanitizeHTML($drow['location'])?></td>
+ <td class="DataTD"><?=sanitizeHTML($drow['method'])?></td>
+ <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>&amp;assurance=<?=intval($drow['id'])?>&amp;csrf=<?=make_csrf('admdelassurance')?>&amp;ticketno=<?=$ticketno?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$drow['id'])?>');"><?=_("Revoke")?></a></td>
+ </tr>
+ <?
+ }
+ ?>
+ <tr>
+ <td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td>
+ <td class="DataTD"><?=$points?></td>
+ <td class="DataTD" colspan="3">&nbsp;</td>
+ </tr>
+ </table>
+ <?
+ }
+
+ function showassuredby($ticketno)
+ {
+ ?>
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="8" class="title"><?=_("Assurance Points The User Issued")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><b><?=_("ID")?></b></td>
+ <td class="DataTD"><b><?=_("Date")?></b></td>
+ <td class="DataTD"><b><?=_("Who")?></b></td>
+ <td class="DataTD"><b><?=_("Email")?></b></td>
+ <td class="DataTD"><b><?=_("Points")?></b></td>
+ <td class="DataTD"><b><?=_("Location")?></b></td>
+ <td class="DataTD"><b><?=_("Method")?></b></td>
+ <td class="DataTD"><b><?=_("Revoke")?></b></td>
+ </tr>
+ <?
+ $query = "select * from `notary` where `from`='".intval($_GET['userid'])."' and `deleted` = 0";
+ $dres = mysql_query($query);
+ $points = 0;
+ while($drow = mysql_fetch_assoc($dres)) {
+ $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$drow['to']."'"));
+ $points += $drow['points'];
+ ?>
+ <tr>
+ <td class="DataTD"><?=$drow['id']?></td>
+ <td class="DataTD"><?=$drow['date']?></td>
+ <td class="DataTD"><a href="wot.php?id=9&userid=<?=$drow['to']?>"><?=$fromuser['fname']." ".$fromuser['lname']?></td>
+ <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td>
+ <td class="DataTD"><?=$drow['points']?></td>
+ <td class="DataTD"><?=$drow['location']?></td>
+ <td class="DataTD"><?=$drow['method']?></td>
+ <td class="DataTD"><a href="account.php?id=43&userid=<?=$drow['from']?>&assurance=<?=$drow['id']?>&amp;csrf=<?=make_csrf('admdelassurance')?>&amp;ticketno=<?=$ticketno?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$drow['id'])?>');"><?=_("Revoke")?></a></td>
+ </tr>
+ <?
+ }
+ ?>
+ <tr>
+ <td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td>
+ <td class="DataTD"><?=$points?></td>
+ <td class="DataTD" colspan="3">&nbsp;</td>
+ </tr>
+ </table>
+ <?} ?>
+<br/><br/>
<?
- $query = "select * from `notary` where `from`='".intval($_GET['userid'])."'";
- $dres = mysql_query($query);
- $points = 0;
- while($drow = mysql_fetch_assoc($dres))
- {
- $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$drow['to']."'"));
- $points += $drow['points'];
-?>
- <tr>
- <td class="DataTD"><?=$drow['id']?></td>
- <td class="DataTD"><?=$drow['date']?></td>
- <td class="DataTD"><a href="wot.php?id=9&userid=<?=$drow['to']?>"><?=$fromuser['fname']." ".$fromuser['lname']?></td>
- <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td>
- <td class="DataTD"><?=$drow['points']?></td>
- <td class="DataTD"><?=$drow['location']?></td>
- <td class="DataTD"><?=$drow['method']?></td>
- <td class="DataTD"><a href="account.php?id=43&userid=<?=$drow['from']?>&assurance=<?=$drow['id']?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$drow['id'])?>');"><?=_("Revoke")?></a></td>
- </tr>
-<? } ?>
- <tr>
- <td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td>
- <td class="DataTD"><?=$points?></td>
- <td class="DataTD" colspan="3">&nbsp;</td>
- </tr>
-</table>
-<? } ?>
-<br><br>
-<? } }
+} }
if(isset($_GET['shownotary'])) {
switch($_GET['shownotary']) {
case 'assuredto':
- showassuredto();
+ showassuredto($ticketno);
break;
case 'assuredby':
- showassuredby();
+ showassuredby($ticketno);
break;
case 'assuredto15':
- output_received_assurances(intval($_GET['userid']),1);
+ output_received_assurances(intval($_GET['userid']),1,$ticketno);
break;
case 'assuredby15':
- output_given_assurances(intval($_GET['userid']),1);
+ output_given_assurances(intval($_GET['userid']),1, $ticketno);
break;
}
}
diff --git a/pages/account/44.php b/pages/account/44.php
index fd34612..16bfa8c 100644
--- a/pages/account/44.php
+++ b/pages/account/44.php
@@ -15,7 +15,16 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
-<? if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") { ?><div color="orange">ERROR: <?=$_SESSION['_config']['error']?></div><? unset($_SESSION['_config']['error']); } ?>
+<? if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") { ?><div color="orange">ERROR: <?=$_SESSION['_config']['error']?></div><? unset($_SESSION['_config']['error']); }
+
+$ticketno = ""; if(array_key_exists('ticketno', $_SESSION)) $ticketno = $_SESSION['ticketno'];
+if (!valid_ticket_number($ticketno)) {
+ printf(_("I'm sorry, you did not enter a ticket number!%sYou cannot reset the password.%s"), '<br/>', '<br/><a href="account.php?id=43&amp;userid=' . intval($_REQUEST['userid']) .'">'. _('Back to previous page.').'</a>');
+ showfooter();
+ exit;
+ }
+?>
+
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
@@ -35,4 +44,5 @@
</table>
<input type="hidden" name="userid" value="<?=intval($_REQUEST['userid'])?>">
<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="ticketno" value="<?=$ticketno?>"/>
</form>
diff --git a/pages/account/59.php b/pages/account/59.php
new file mode 100644
index 0000000..51eb6ef
--- /dev/null
+++ b/pages/account/59.php
@@ -0,0 +1,308 @@
+<?/*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
+
+
+$colspandefault=2;
+$userid = intval($_REQUEST['userid']);
+$res =get_user_data($userid);
+
+
+
+if(mysql_num_rows($res) <= 0)
+{
+ echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
+ exit;
+}
+
+$row = mysql_fetch_assoc($res);
+
+$fname = $row['fname'];
+$mname = $row['mname'];
+$lname = $row['lname'];
+$suffix = $row['suffix'];
+$dob = $row['dob'];
+$username = $fname." ".$mname." ".$lname." ".$suffix;
+$email = $row['email'];
+$alerts =get_alerts($userid);
+$support=0;
+if(intval($_REQUEST['oldid'])==43){
+ $support=$_SESSION['profile']['admin'];
+}
+$ticketno = ""; if(array_key_exists('ticketno', $_SESSION)) $ticketno = $_SESSION['ticketno'];
+if (!valid_ticket_number($ticketno) && $support == 1) {
+ printf(_("I'm sorry, you did not enter a ticket number!%sSupport is not allowed to view the account history without a ticket number.%s"), '<br/>', '<br/><a href="account.php?id=43&amp;userid=' . intval($_REQUEST['userid']) .'">'. _('Back to previous page.').'</a>');
+ showfooter();
+ exit;
+}
+if ( $support == 1) {
+ write_se_log($userid, $_SESSION['profile']['id'], 'SE View account history', $_REQUEST['ticketno']);
+}
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="<?=$colspandefault ?>" class="title"><?=sprintf(_('Account history of %s'),$username)?></td>
+ </tr>
+ <tr>
+ <td colspan="<?=$colspandefault ?>" class="title"><?=_('User actions')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_('User name')?></td>
+ <td class="DataTD"><?=$username?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_('Date of Birth')?></td>
+ <td class="DataTD"><?=$dob?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Is Assurer")?>:</td>
+ <td class="DataTD"><?= ($row['assurer']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Blocked Assurer")?>:</td>
+ <td class="DataTD"><?= ($row['assurer_blocked']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Account Locking")?>:</td>
+ <td class="DataTD"><?= ($row['locked']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Code Signing")?>:</td>
+ <td class="DataTD"><?= ($row['codesign']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Org Assurer")?>:</td>
+ <td class="DataTD"><?= ($row['orgadmin']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("TTP Admin")?>:</td>
+ <td class="DataTD"><?= $row['ttpadmin']._(' - 0 = none, 1 = TTP Admin, 2 = TTP TOPUP admin')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Location Admin")?>:</td>
+ <td class="DataTD"><?= ($row['locadmin']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Admin")?>:</td>
+ <td class="DataTD"><?= ($row['admin']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Ad Admin")?>:</td>
+ <td class="DataTD"><?= $row['adadmin']._(' - 0 = none, 1 = submit, 2 = approve')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("General Announcements")?>:</td>
+ <td class="DataTD"><?= ($alerts['general']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Country Announcements")?>:</td>
+ <td class="DataTD"><?= ($row['id']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Regional Announcements")?>:</td>
+ <td class="DataTD"><?= ($row['id']==0)? _('No'):_('Yes')?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("Within 200km Announcements")?>:</td>
+ <td class="DataTD"><?= ($row['id']==0)? _('No'):_('Yes')?></td>
+ </tr>
+</table>
+<br/>
+<?
+$dres = get_email_address($userid,'',1);
+if(mysql_num_rows($dres) > 0) {
+?>
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="3" class="title"><?=_('Email addresses')?></td>
+ </tr>
+<?
+ output_log_email_header();
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ output_log_email($drow,$email);
+ } ?>
+</table>
+<br/>
+<?}
+$dres = get_domains($userid,'',1);
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="3" class="title"><?=_('Domains')?></td>
+ </tr>
+<?
+if(mysql_num_rows($dres) > 0) {
+ output_log_domains_header();
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ output_log_domains($drow,$email);
+ }
+}ELSE{?>
+ <td colspan="3" ><?=_('no entry avialable')?></td>
+<?}?>
+</table>
+<br/>
+
+<?
+$dres = get_training_result($userid);
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="3" class="title"><?=_('Trainings')?></td>
+ </tr>
+<?
+ if(mysql_num_rows($dres) > 0) {
+ output_log_training_header();
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ output_log_training($drow);
+ }
+ }ELSE{
+ ?><td colspan="3" ><?=_('no entry avialable')?></td><?
+ }?>
+</table>
+<br/>
+
+<?
+$dres = get_user_agreement($userid,'',1);
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="4" class="title"><?=_('User agreements')?></td>
+ </tr>
+<?
+ if(mysql_num_rows($dres) > 0) {
+ output_log_agreement_header();
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ output_log_agreement($drow);
+ }
+ }ELSE{
+ ?><td colspan="4" ><?=_('no entry avialable')?></td><?
+ }?>
+</table>
+<br/>
+
+<?
+$dres = get_client_certs($userid,1);
+$colspan=10;
+if (1==$support) {
+ $colspan=7;
+}
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="<?=$colspan?>" class="title"><?=_('Client certificates')?></td>
+ </tr>
+<?
+ if(mysql_num_rows($dres) > 0) {
+ output_client_cert_header($support);
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ output_client_cert($drow,$support);
+ }
+ }ELSE{
+ ?><td colspan="<?=$colspan?>" ><?=_('no entry avialable')?></td><?
+ }?>
+</table>
+<br/>
+
+<?
+$dres = get_server_certs($userid,1);
+$colspan = 8;
+if (1 == $support) {
+ $colspan = 5;
+}
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="<?=$colspan?>" class="title"><?=_('Server certificates')?></td>
+ </tr>
+<?
+ if(mysql_num_rows($dres) > 0) {
+ output_log_server_certs_header($support);
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ output_log_server_certs($drow,$support);
+ }
+ }ELSE{
+ ?><td colspan="<?=$colspan?>" ><?=_('no entry avialable')?></td><?
+ }?>
+</table>
+<br/>
+
+<?
+$dres = get_gpg_certs($userid,1);
+$colspan = 6;
+if (1 == $support) {
+ $colspan = 4;
+}
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="<?=$colspan?>" class="title"><?=_('GPG/PGP certificates')?></td>
+ </tr>
+<?
+ if(mysql_num_rows($dres) > 0) {
+ output_gpg_certs_header($support);
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ output_gpg_certs($drow,$support);
+ }
+ }ELSE{
+ ?><td colspan="<?=$colspan?>" ><?=_('no entry avialable')?></td><?
+ }?>
+</table>
+<br/>
+
+<?
+
+output_log_given_assurances($userid, $support);
+?><br/><?
+
+output_log_received_assurances($userid, $support);
+?><br/><?
+
+$dres = get_se_log($userid);
+$colspan = 2;
+if (1 == $support) {
+ $colspan = 4;
+}
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="<?=$colspan?>" class="title"><?=_('Admin log')?></td>
+ </tr>
+<?
+ if(mysql_num_rows($dres) > 0) {
+ output_log_se_header($support);
+ while($drow = mysql_fetch_assoc($dres))
+ {
+ output_log_se($drow,$support);
+ }
+ }ELSE{
+ ?><td colspan="<?=$colspan?>" ><?=_('no entry avialable')?></td><?
+ }
+ if ($support==1) {
+ ?><td colspan="<?=$colspan?>" ><a href="account.php?id=43&amp;userid=<?= $userid ?>"><?= _('Back to previous page.')?></a></td><?
+ }
+
+ ?>
+
+</table>
diff --git a/pages/wot/10.php b/pages/wot/10.php
index bc76a86..e490af9 100644
--- a/pages/wot/10.php
+++ b/pages/wot/10.php
@@ -36,8 +36,8 @@
WHERE `users`.`id` = `notary`.`from` AND `notary`.`from` != `notary`.`to`
GROUP BY `notary`.`from` HAVING count(*) > '$rc' ORDER BY `notary`.`when` DESC";
*/
- $query = "SELECT count(*) AS `list` FROM `users`
- inner join `notary` on `users`.`id` = `notary`.`from`
+ $query = "SELECT count(*) AS `list` FROM `users`
+ inner join `notary` on `users`.`id` = `notary`.`from`
GROUP BY `notary`.`from` HAVING count(*) > '$rc'";
$rank = mysql_num_rows(mysql_query($query)) + 1;
@@ -64,7 +64,7 @@
<td class="DataTD"><b><?=_("Method")?></b></td>
</tr>
<?
- $query = "select * from `notary` where `to`='".intval($_SESSION['profile']['id'])."'";
+ $query = "select * from `notary` where `deleted`=0 and `to`='".intval($_SESSION['profile']['id'])."'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
@@ -114,7 +114,7 @@ if ($thawte)
</tr>
<?
$points = 0;
- $query = "select * from `notary` where `from`='".intval($_SESSION['profile']['id'])."' and `to`!='".intval($_SESSION['profile']['id'])."'";
+ $query = "select * from `notary` where `from`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 and `to`!='".intval($_SESSION['profile']['id'])."'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
diff --git a/www/index.php b/www/index.php
index c7cc03e..bb71a63 100644
--- a/www/index.php
+++ b/www/index.php
@@ -125,7 +125,7 @@ require_once('../includes/lib/l10n.php');
showfooter();
exit;
}
- }
+ }
}
if($oldid == 5 && $process != "")
@@ -153,13 +153,13 @@ require_once('../includes/lib/l10n.php');
include_once("../includes/lib/general.php");
$user_id = get_user_id_from_cert($_SERVER['SSL_CLIENT_M_SERIAL'],
$_SERVER['SSL_CLIENT_I_DN_CN']);
-
+
if($user_id >= 0)
{
$_SESSION['profile'] = mysql_fetch_assoc(mysql_query(
- "select * from `users` where
+ "select * from `users` where
`id`='$user_id' and `deleted`=0 and `locked`=0"));
-
+
if($_SESSION['profile']['id'] != 0)
{
$_SESSION['profile']['loggedin'] = 1;
@@ -319,7 +319,7 @@ require_once('../includes/lib/l10n.php');
L10n::set_translation($_SESSION['profile']['language']);
L10n::init_gettext();
}
- $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
+ $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' and `deleted`=0 group by `to`";
$res = mysql_query($query);
$row = mysql_fetch_assoc($res);
$_SESSION['profile']['points'] = $row['total'];
@@ -499,7 +499,7 @@ require_once('../includes/lib/l10n.php');
if($checkemail != "OK")
{
$id = 1;
- if (substr($checkemail, 0, 1) == "4")
+ if (substr($checkemail, 0, 1) == "4")
{
$_SESSION['_config']['errmsg'] .= _("The mail server responsible for your domain indicated a temporary failure. This may be due to anti-SPAM measures, such as greylisting. Please try again in a few minutes.");
} else {
@@ -566,9 +566,9 @@ require_once('../includes/lib/l10n.php');
$subject = stripslashes($_REQUEST['subject']);
$message = stripslashes($_REQUEST['message']);
$secrethash = $_REQUEST['secrethash2'];
-
+
//check for spam via honeypot
- if(!isset($_REQUEST['robotest']) || !empty($_REQUEST['robotest'])){
+ if(!isset($_REQUEST['robotest']) || !empty($_REQUEST['robotest'])){
echo _("Form could not be sent.");
showfooter();
exit;
@@ -641,7 +641,7 @@ require_once('../includes/lib/l10n.php');
$newUrl = $protocol . '://wiki.cacert.org/FAQ/AboutUs';
header('Location: '.$newUrl, true, 301); // 301 = Permanently Moved
}
-
+
if ($id == 19)
{
$protocol = $_SERVER['HTTPS'] ? 'https' : 'http';
@@ -655,7 +655,7 @@ require_once('../includes/lib/l10n.php');
$newUrl = $protocol . '://wiki.cacert.org/Board';
header('Location: '.$newUrl, true, 301); // 301 = Permanently Moved
}
-
+
showheader(_("Welcome to CAcert.org"));
includeit($id);
showfooter();
diff --git a/www/styles/default.css b/www/styles/default.css
index 4d4db6a..a7ba2a8 100644
--- a/www/styles/default.css
+++ b/www/styles/default.css
@@ -14,7 +14,7 @@ body {
margin: 0px;
padding: 0px;
background: #cccccc;
-/* url("/siteimages/bg_grad.jpg") fixed; */
+/* url("/siteimages/bg_grad.jpg") fixed; */
}
@@ -219,7 +219,7 @@ ul.no_indent {
}
#globalNav img {
- margin-bottom: -4px;
+ margin-bottom: -4px;
}
#gnl {
@@ -558,6 +558,19 @@ td.storyLeft {
border-right: 1px #cfcfcf solid;
}
+.DataTDError {
+ border-style: inset;
+ border-width: 1px;
+ font-size: 8pt;
+ color: #ff0000;
+ font-family: Arial, Tahoma, Verdana, Helvetica, sans-serif;
+
+ background: #ffffff;
+ padding: 1px 5px 1px 5px;
+ border: 1px #cfcfcf solid;
+ border-left: 1px #cfcfcf dotted;
+ border-right: 1px #cfcfcf dotted;
+}
.wrapper {
border-collapse: collapse;
font-family: verdana, sans-serif;
@@ -571,7 +584,12 @@ td.greytxt {
text-align: right;
vertical-align: bottom;
}
-
+.bold, .primaryemailaddress {
+ font-weight:bold;
+}
+.italic, .deletedemailaddress {
+ font-style:italic;
+}
.title {
background: #e2e2e2;
font-weight: bold;
diff --git a/www/wot.php b/www/wot.php
index 7200517..fb229b9 100644
--- a/www/wot.php
+++ b/www/wot.php
@@ -225,7 +225,7 @@ function send_reminder()
}
$query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' and
- `to`='".$_SESSION['_config']['notarise']['id']."'";
+ `deleted`=0 and `to`='".$_SESSION['_config']['notarise']['id']."'";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{