diff options
Diffstat (limited to 'pages/account/52.php')
| -rw-r--r-- | pages/account/52.php | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/pages/account/52.php b/pages/account/52.php index ce2025f..cb35548 100644 --- a/pages/account/52.php +++ b/pages/account/52.php @@ -18,14 +18,14 @@ <? if($_SESSION['profile']['tverify'] <= 0) { echo _("You don't have access to this area."); } else { ?> <? $uid = intval($_GET['uid']); - $query = "select * from `tverify` where `id`='$uid' and `modified`=0"; + $query = "select * from `tverify` where `id`='".intval($uid)."' and `modified`=0"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { $row = mysql_fetch_assoc($res); $memid = intval($row['memid']); - $query2 = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".intval($_SESSION['profile']['id'])."'"; + $query2 = "select * from `tverify-vote` where `tverify`='".intval($uid)."' and `memid`='".intval($_SESSION['profile']['id'])."'"; $rc2 = mysql_num_rows(mysql_query($query2)); if($rc2 > 0) { @@ -35,9 +35,9 @@ exit; } - $query = "select sum(`points`) as `points` from `notary` where `to`='$memid' and `deleted` = 0"; + $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($memid)."' and `deleted` = 0"; $notary = mysql_fetch_assoc(mysql_query($query)); - $query = "select * from `users` where `id`='$memid'"; + $query = "select * from `users` where `id`='".intval($memid)."'"; $user = mysql_fetch_assoc(mysql_query($query)); $tobe = 50 - $notary['points']; if($row['URL'] != '' && $row['photoid'] != '') @@ -48,9 +48,9 @@ $tobe = 0; ?> <?=_("Request Details")?>:<br> -<?=_("Name on file")?>: <?=$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix']?><br> -<?=_("Primary email address")?>: <?=$user['email']." (".$user['id'].")"?><br> -<?=_("Certificate Subject")?>: <?=$row['CN']?><br> +<?=_("Name on file")?>: <?=sanitizeHTML($user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix'])?><br> +<?=_("Primary email address")?>: <?=sanitizeHTML($user['email'])." (".intval($user['id']).")"?><br> +<?=_("Certificate Subject")?>: <?=sanitizeHTML($row['CN'])?><br> <? if($row['URL'] != '') { ?><?=_("Notary URL")?>: <a href="<?=$row['URL']?>"><?=$row['URL']?></a><br><? } ?> <? if($row['photoid'] != '') { ?><?=_("Photo ID URL")?>: <a href="/account.php?id=51&photoid=<?=intval($row['id'])?>"><?=_("Here")?></a><br><? } ?> <?=_("Current Points")?>: <?=intval($notary['points'])?><br> @@ -63,10 +63,10 @@ <input type="submit" name="agree" value="<?=_("I agree with this Application")?>"> <input type="submit" name="disagree" value="<?=_("I don't agree with this Application")?>"> <input type="hidden" name="oldid" value="<?=intval($_GET['id'])?>"> -<input type="hidden" name="uid" value="<?=$uid?>"> +<input type="hidden" name="uid" value="<?=intval($uid)?>"> </form> <? } else { - $query = "select * from `tverify` where `id`='$uid' and `modified`=1"; + $query = "select * from `tverify` where `id`='".intval($uid)."' and `modified`=1"; $res = mysql_query($query); if(mysql_num_rows($res) > 0) { @@ -84,7 +84,7 @@ while($row = mysql_fetch_assoc($res)) { $uid=intval($row['id']); - $query3 = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".intval($_SESSION['profile']['id'])."'"; + $query3 = "select * from `tverify-vote` where `tverify`='".intval($uid)."' and `memid`='".intval($_SESSION['profile']['id'])."'"; $rc3 = mysql_num_rows(mysql_query($query3)); if($rc3 <= 0) { |