summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--includes/account.php20
-rw-r--r--includes/notary.inc.php19
-rw-r--r--pages/account/44.php6
-rw-r--r--pages/account/59.php18
4 files changed, 41 insertions, 22 deletions
diff --git a/includes/account.php b/includes/account.php
index 05c7687..ec109ae 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -83,7 +83,9 @@ function buildSubjectFromSession() {
$orgid = array_key_exists('orgid',$_REQUEST) ? intval($_REQUEST['orgid']) : 0;
$memid = array_key_exists('memid',$_REQUEST) ? intval($_REQUEST['memid']) : 0;
$domid = array_key_exists('domid',$_REQUEST) ? intval($_REQUEST['domid']) : 0;
- $ticketno=""; if(array_key_exists('ticketno',$_REQUEST)) $ticketno=$_REQUEST['ticketno'];
+ $ticketno = array_key_exists('ticketno',$_REQUEST) ? $_REQUEST['ticketno'] : "";
+ $ticketvalidation = FALSE;
+ $actionrequest = array_key_exists('action',$_REQUEST) ? $_REQUEST['action'] : "";
if(!$_SESSION['mconn'])
@@ -2676,8 +2678,7 @@ function buildSubjectFromSession() {
}
//check if ticket number was entered
- if ( $id == 43 || $oldid == 43 || $id == 44 || $oldid == 44) {
- $ticketvalidation = FALSE;
+ if ( $id == 43 || $oldid == 43 || $id == 44 || $oldid == 44 ) {
if ($ticketno != "" ) {
$ticketno = mysql_real_escape_string(trim($_REQUEST['ticketno']));
$ticketvalidation = valid_ticket_number($ticketno);
@@ -2686,7 +2687,7 @@ function buildSubjectFromSession() {
$_SESSION['ticketno'] = $ticketno;
}
- if($oldid == 43 && $_REQUEST['action'] == "updatedob" && $ticketvalidation == TRUE)
+ if($oldid == 43 && $actionrequest == "updatedob" && $ticketvalidation == TRUE)
{
$id = 43;
$oldid=0;
@@ -2701,19 +2702,19 @@ function buildSubjectFromSession() {
$query = "update `users` set `fname`='$fname',`mname`='$mname',`lname`='$lname',`suffix`='$suffix',`dob`='$year-$month-$day' where `id`='$userid'";
mysql_query($query);
write_se_log($userid, $_SESSION['profile']['id'],'SE Name/DOB Change',$ticketno);
- }elseif($oldid == 43 && $_REQUEST['action'] == "updatedob" && $ticketvalidation == FALSE){
+ }elseif($oldid == 43 && $actionrequest == "updatedob" && $ticketvalidation == FALSE){
$id = 43;
$oldid=0;
$_SESSION['ticketmsg']='No action (name/dob change) taken. Ticket number is missing!';
}
- if($oldid == 43 && $_REQUEST['action'] == 'revokecert' && $ticketvalidation==TRUE)
+ if($oldid == 43 && $actionrequest == 'revokecert' && $ticketvalidation == TRUE)
{
$userid = intval($_REQUEST['userid']);
revoke_all_private_cert($userid);
write_se_log($userid, $_SESSION['profile']['id'], 'SE Revoke all certificates',$ticketno);
$id=43;
- }elseif($oldid == 43 && $_REQUEST['action'] == "revokecert" && $ticketvalidation == FALSE){
+ }elseif($oldid == 43 && $actionrequest == "revokecert" && $ticketvalidation == FALSE){
$id = 43;
$oldid=0;
$_SESSION['ticketmsg']='No certificates revokes. Ticket number is missing!';
@@ -3078,18 +3079,21 @@ function buildSubjectFromSession() {
if (trim($_REQUEST['arbitrationno'])==""){
showheader(_("My CAcert.org Account!"));
echo _("You did not enter an arbitration number entry.");
+ printf('<br/><a href="account.php?id=43&amp;userid=' . $_REQUEST['userid'] . '">' . _('Back to previous page.') .'</a>');
showfooter();
exit;
}
if ( 1 !== preg_match('/^[a-z]\d{8}\.\d+\.\d+$/i',trim($_REQUEST['arbitrationno'])) ) {
showheader(_("My CAcert.org Account!"));
printf(_("'%s' is not a valid arbitration number entry."), sanitizeHTML(trim($_REQUEST['arbitrationno'])));
+ printf('<br/><a href="account.php?id=43&amp;userid=' . $_REQUEST['userid'] . '">' . _('Back to previous page.') .'</a>');
showfooter();
exit;
}
if (check_email_exists(trim($_REQUEST['arbitrationno']).'@cacert.org')) {
showheader(_("My CAcert.org Account!"));
printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['arbitrationno'].'@cacert.org'));
+ printf('<br/><a href="account.php?id=43&amp;userid=' . $_REQUEST['userid'] . '">' . _('Back to previous page.') .'</a>');
showfooter();
exit;
}
@@ -3098,12 +3102,14 @@ function buildSubjectFromSession() {
check_gpg_cert_running($_REQUEST['userid'],1)) {
showheader(_("My CAcert.org Account!"));
printf(_("The CCA retention time for at least one certificate is not over. Can't continue."));
+ printf('<br/><a href="account.php?id=43&amp;userid=' . $_REQUEST['userid'] . '">' . _('Back to previous page.') .'</a>');
showfooter();
exit;
}
if (check_is_orgadmin($_REQUEST['userid'],1)) {
showheader(_("My CAcert.org Account!"));
printf(_("The user is listed as Organisation Administrator. Can't continue."));
+ printf('<br/><a href="account.php?id=43&amp;userid=' . $_REQUEST['userid'] . '">' . _('Back to previous page.') .'</a>');
showfooter();
exit;
}
diff --git a/includes/notary.inc.php b/includes/notary.inc.php
index 7f068bd..0695450 100644
--- a/includes/notary.inc.php
+++ b/includes/notary.inc.php
@@ -941,11 +941,6 @@ function get_user_agreement($memid){
}
//change personal information to arbitration number and DOB=1900-01-01
- $query = "select `fname`,`mname`,`lname`,`suffix`,`dob` from `users` where `id`='$userid'";
- $details = mysql_fetch_assoc(mysql_query($query));
- $query = "insert into `adminlog` set `when`=NOW(),`old-lname`='${details['lname']}',`old-dob`='${details['dob']}',
- `new-lname`='$arbno',`new-dob`='1900-01-01',`uid`='$id',`adminid`='".$adminid."'";
- mysql_query($query);
$query = "update `users` set `fname`='".$arbno."',
`mname`='".$arbno."',
`lname`='".$arbno."',
@@ -1402,17 +1397,17 @@ function output_log_email_header(){
function output_log_email($row,$primary){
$italic='';
$bold='';
- if (0==$row['deleted']) {
- $italic='italic ';
+ if ($row['deleted'] > 0) {
+ $italic=' italic';
}
- if ($primary==$row['email']) {
- $bold= 'bold ';
+ if ($primary==$row['email'] && $row['deleted'] == 0) {
+ $bold= ' bold';
}
?>
<tr>
- <td class="DataTD <? $bold . $italic ?>"><?=$row['email']?></td>
- <td class="DataTD <? $bold . $italic ?>"><?=$row['created']?></td>
- <td class="DataTD <? $bold . $italic ?>"><?=$row['deleted']?></td>
+ <td class="DataTD<?= $bold . $italic ?>"><?=$row['email']?></td>
+ <td class="DataTD<?= $bold . $italic ?>"><?=$row['created']?></td>
+ <td class="DataTD<?= $bold . $italic ?>"><?=$row['deleted']?></td>
</tr>
<?
}
diff --git a/pages/account/44.php b/pages/account/44.php
index 9e4e194..0b4a9b9 100644
--- a/pages/account/44.php
+++ b/pages/account/44.php
@@ -18,7 +18,11 @@
<? if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") { ?><div color="orange">ERROR: <?=$_SESSION['_config']['error']?></div><? unset($_SESSION['_config']['error']); }
$ticketno = ""; if(array_key_exists('ticketno', $_SESSION)) $ticketno = $_SESSION['ticketno'];
-
+if (!valid_ticket_number($ticketno)) {
+ echo printf(_("I'm sorry, you did not enter a ticket number!%sYou cannot reset the password.%s"), '<br/>', '<br/><a href="account.php?id=43&amp;userid=' . intval($_REQUEST['userid']) .'">'. _('Back to previous page.').'</a>');
+ showfooter();
+ exit;
+ }
?>
<form method="post" action="account.php">
diff --git a/pages/account/59.php b/pages/account/59.php
index 4cf81c0..7ad3f9d 100644
--- a/pages/account/59.php
+++ b/pages/account/59.php
@@ -17,10 +17,13 @@
*/
include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
+
$colspandefault=2;
$userid = intval($_REQUEST['userid']);
$res =get_user_data($userid);
+
+
if(mysql_num_rows($res) <= 0)
{
echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
@@ -41,7 +44,12 @@ $support=0;
if(intval($_REQUEST['oldid'])==43){
$support=$_SESSION['profile']['admin'];
}
-
+$ticketno = ""; if(array_key_exists('ticketno', $_SESSION)) $ticketno = $_SESSION['ticketno'];
+if (!valid_ticket_number($ticketno) && $support == 1) {
+ echo printf(_("I'm sorry, you did not enter a ticket number!%sSupport is not allowed to view the account history without a ticket number.%s"), '<br/>', '<br/><a href="account.php?id=43&amp;userid=' . intval($_REQUEST['userid']) .'">'. _('Back to previous page.').'</a>');
+ showfooter();
+ exit;
+}
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
@@ -287,5 +295,11 @@ if (1 == $support) {
}
}ELSE{
?><td colspan="<?=$colspan?>" ><?=_('no entry avialable')?></td><?
- }?>
+ }
+ if ($support==1) {
+ ?><td colspan="<?=$colspan?>" ><a href="account.php?id=43&amp;userid=<?= $userid ?>"><?= _('Back to previous page.')?></a></td><?
+ }
+
+ ?>
+
</table>