summaryrefslogtreecommitdiff
path: root/pages/account/52.php
diff options
context:
space:
mode:
Diffstat (limited to 'pages/account/52.php')
-rw-r--r--pages/account/52.php107
1 files changed, 55 insertions, 52 deletions
diff --git a/pages/account/52.php b/pages/account/52.php
index 77a3bae..6c00c26 100644
--- a/pages/account/52.php
+++ b/pages/account/52.php
@@ -14,45 +14,51 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<? if($_SESSION['profile']['tverify'] <= 0) { echo _("You don't have access to this area."); } else { ?>
-<?
+*/
+
+if($_SESSION['profile']['tverify'] <= 0) {
+ echo _("You don't have access to this area.");
+} else {
$uid = intval($_GET['uid']);
- $query = "select * from `tverify` where `id`='$uid' and `modified`=0";
+ $query = "select * from `tverify` where `id`='".intval($uid)."' and `modified`=0";
$res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
- {
+ if(mysql_num_rows($res) > 0) {
$row = mysql_fetch_assoc($res);
$memid = intval($row['memid']);
- $query2 = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".intval($_SESSION['profile']['id'])."'";
- $rc2 = mysql_num_rows(mysql_query($query2));
- if($rc2 > 0)
- {
+ $query2 = "select * from `tverify-vote` where `tverify`='".intval($uid)."' and `memid`='".intval($_SESSION['profile']['id'])."'";
+ $rc2 = mysql_num_rows(mysql_query($query2));
+ if($rc2 > 0) {
showheader(_("My CAcert.org Account!"));
echo _("You have already voted on this request.");
showfooter();
exit;
}
- $query = "select sum(`points`) as `points` from `notary` where `to`='$memid'";
+ $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($memid)."' and `deleted` = 0";
$notary = mysql_fetch_assoc(mysql_query($query));
- $query = "select * from `users` where `id`='$memid'";
+ $query = "select * from `users` where `id`='".intval($memid)."'";
$user = mysql_fetch_assoc(mysql_query($query));
$tobe = 50 - $notary['points'];
- if($row['URL'] != '' && $row['photoid'] != '')
+ if($row['URL'] != '' && $row['photoid'] != '') {
$tobe = 150 - $notary['points'];
- else if($row['URL'] != '')
+ } else if($row['URL'] != '') {
$tobe = 90 - $notary['points'];
- if(intval($tobe) <= 0)
+ }
+ if(intval($tobe) <= 0) {
$tobe = 0;
+ }
?>
<?=_("Request Details")?>:<br>
-<?=_("Name on file")?>: <?=$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix']?><br>
-<?=_("Primary email address")?>: <?=$user['email']." (".$user['id'].")"?><br>
-<?=_("Certificate Subject")?>: <?=$row['CN']?><br>
-<? if($row['URL'] != '') { ?><?=_("Notary URL")?>: <a href="<?=$row['URL']?>"><?=$row['URL']?></a><br><? } ?>
-<? if($row['photoid'] != '') { ?><?=_("Photo ID URL")?>: <a href="/account.php?id=51&amp;photoid=<?=intval($row['id'])?>"><?=_("Here")?></a><br><? } ?>
+<?=_("Name on file")?>: <?=sanitizeHTML($user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix'])?><br>
+<?=_("Primary email address")?>: <?=sanitizeHTML($user['email'])." (".intval($user['id']).")"?><br>
+<?=_("Certificate Subject")?>: <?=sanitizeHTML($row['CN'])?><br>
+<? if($row['URL'] != '') { ?>
+<?=_("Notary URL")?>: <a href="<?=$row['URL']?>"><?=$row['URL']?></a><br>
+<? } ?>
+<? if($row['photoid'] != '') { ?>
+<?=_("Photo ID URL")?>: <a href="/account.php?id=51&amp;photoid=<?=intval($row['id'])?>"><?=_("Here")?></a><br>
+<? } ?>
<?=_("Current Points")?>: <?=intval($notary['points'])?><br>
<?=_("Potential Points")?>: <?=intval($tobe)?><br>
<?=_("Date of Birth")?>: <?=$user['dob']?> (YYYY-MM-DD)<br>
@@ -63,40 +69,37 @@
<input type="submit" name="agree" value="<?=_("I agree with this Application")?>">
<input type="submit" name="disagree" value="<?=_("I don't agree with this Application")?>">
<input type="hidden" name="oldid" value="<?=intval($_GET['id'])?>">
-<input type="hidden" name="uid" value="<?=$uid?>">
+<input type="hidden" name="uid" value="<?=intval($uid)?>">
</form>
-<? } else {
- $query = "select * from `tverify` where `id`='$uid' and `modified`=1";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
- {
- echo _("This UID has already been voted on.")."<br/>";
+<?
} else {
- if($uid) echo _("Unable to locate a valid request for that UID.")."<br/>";
- }
-
- // Search for open requests:
- $query = "select * from `tverify` where `modified`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
- {
- echo "<br/>"._("The following requests are still open:")."<br/><ul>";
- while($row = mysql_fetch_assoc($res))
- {
- $uid=intval($row['id']);
- $query3 = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".intval($_SESSION['profile']['id'])."'";
- $rc3 = mysql_num_rows(mysql_query($query3));
- if($rc3 <= 0)
- {
- echo "<li><a href='account.php?id=52&amp;uid=".intval($row['id'])."'>".intval($row['id'])."</a></li>\n";
+ $query = "select * from `tverify` where `id`='".intval($uid)."' and `modified`=1";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) > 0) {
+ echo _("This UID has already been voted on.")."<br/>";
+ } else {
+ if($uid) echo _("Unable to locate a valid request for that UID.")."<br/>";
+ }
+
+ // Search for open requests:
+ $query = "select * from `tverify` where `modified`=0";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) > 0) {
+ echo "<br/>"._("The following requests are still open:")."<br/><ul>";
+ while($row = mysql_fetch_assoc($res)) {
+ $uid=intval($row['id']);
+ $query3 = "select * from `tverify-vote` where `tverify`='".intval($uid)."' and `memid`='".intval($_SESSION['profile']['id'])."'";
+ $rc3 = mysql_num_rows(mysql_query($query3));
+ if($rc3 <= 0)
+ {
+ echo "<li><a href='account.php?id=52&amp;uid=".intval($row['id'])."'>".intval($row['id'])."</a></li>\n";
+ }
}
- }
- echo "</ul>\n<br>\n";
- }
- else
- {
- echo "<br/>"._("There are no pending requests where you haven't voted yet.");
+ echo "</ul>\n<br>\n";
+ } else {
+ echo "<br/>"._("There are no pending requests where you haven't voted yet.");
+ }
}
+}
-
- } } ?>
+?>