summaryrefslogtreecommitdiff
path: root/pages/account
diff options
context:
space:
mode:
Diffstat (limited to 'pages/account')
-rw-r--r--pages/account/13.php15
-rw-r--r--pages/account/14.php6
-rw-r--r--pages/account/24.php62
-rw-r--r--pages/account/25.php2
-rw-r--r--pages/account/27.php50
-rw-r--r--pages/account/40.php41
-rw-r--r--pages/account/41.php2
-rw-r--r--pages/account/43.php46
-rw-r--r--pages/account/48.php3
-rw-r--r--pages/account/49.php51
-rw-r--r--pages/account/51.php34
-rw-r--r--pages/account/52.php105
-rw-r--r--pages/account/53.php2
-rw-r--r--pages/account/54.php2
-rw-r--r--pages/account/55.php3
-rw-r--r--pages/account/6.php7
16 files changed, 139 insertions, 292 deletions
diff --git a/pages/account/13.php b/pages/account/13.php
index ea28c0e..767e721 100644
--- a/pages/account/13.php
+++ b/pages/account/13.php
@@ -14,8 +14,8 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<?
+*/
+
$query = "select * from `users` where `id`='".intval($_SESSION['profile']['id'])."' and `users`.`deleted`=0";
$res = mysql_query($query);
$user = mysql_fetch_assoc($res);
@@ -27,16 +27,23 @@
if($showdetails){
$body = sprintf(_("Hi %s,"),$user['fname'])."\n\n";
- $body .= _("You receive this automatic mail since you yourself or someone ".
+ $ip = anonymizeIp($_SERVER['REMOTE_ADDR']);
+ if($ip === false) {
+ $ip = _("Error anonymising IP/network information");
+ }
+ $body .= sprintf(_("You receive this automatic mail since you yourself or someone ".
"else looked up your secret questions and answers for a forgotten ".
"password.\n\n".
+ "Network: %s\nTime: %s\n\n".
"If it was you who looked up or changed that data, or clicked ".
"through the menu in your account, everything is in best order ".
"and you can ignore this mail.\n\n".
"But if you received this mail without a recognisable reason, ".
"there is a danger that an unauthorised person accessed your ".
"account, and you should promptly change your password and your ".
- "secret questions and answers.")."\n\n";
+ "secret questions and answers."),
+ $ip,
+ date("Y-m-d H:i:s T"))."\n\n";
$body .= _("Best regards")."\n"._("CAcert Support");
diff --git a/pages/account/14.php b/pages/account/14.php
index 29aeb21..97f6f05 100644
--- a/pages/account/14.php
+++ b/pages/account/14.php
@@ -37,15 +37,15 @@
</tr>
<? } ?>
<tr>
- <td class="DataTD"><?=_("New Pass Phrase")?><font color="red">*</font>: </td>
+ <td class="DataTD"><?=_("New Pass Phrase")?><span class="error_indicator">*</span>: </td>
<td class="DataTD"><input type="password" name="pword1"></td>
</tr>
<tr>
- <td class="DataTD"><?=_("Pass Phrase Again")?><font color="red">*</font>: </td>
+ <td class="DataTD"><?=_("Pass Phrase Again")?><span class="error_indicator">*</span>: </td>
<td class="DataTD"><input type="password" name="pword2"></td>
</tr>
<tr>
- <td class="DataTD" colspan="2"><font color="red">*</font><?=_("Please note, in the interests of good security, the pass phrase must be made up of an upper case letter, lower case letter, number and symbol (all white spaces at the beginning and end are removed).")?></td>
+ <td class="DataTD" colspan="2"><span class="error_indicator">*</span><?=_("Please note, in the interests of good security, the pass phrase must be made up of an upper case letter, lower case letter, number and symbol (all white spaces at the beginning and end are removed).")?></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update Pass Phrase")?>"></td>
diff --git a/pages/account/24.php b/pages/account/24.php
index 14a47c0..2ad526e 100644
--- a/pages/account/24.php
+++ b/pages/account/24.php
@@ -16,51 +16,25 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
<?
- // Reset session variables regarding Org's, present empty form
- if (array_key_exists('O',$_SESSION['_config'])) $_SESSION['_config']['O'] = "";
- if (array_key_exists('contact',$_SESSION['_config'])) $_SESSION['_config']['contact'] = "";
- if (array_key_exists('L',$_SESSION['_config'])) $_SESSION['_config']['L'] = "";
- if (array_key_exists('ST',$_SESSION['_config'])) $_SESSION['_config']['ST'] = "";
- if (array_key_exists('C',$_SESSION['_config'])) $_SESSION['_config']['C'] = "";
- if (array_key_exists('comments',$_SESSION['_config'])) $_SESSION['_config']['comments'] = "";
-
+$orgname = '';
+$contactmail = '';
+$town = '';
+$state = '';
+$country = '';
+$comment = '';
+
+ // Reset session variables regarding Org's, present empty form
+if (array_key_exists('O',$_SESSION['_config'])) $_SESSION['_config']['O'] = "";
+if (array_key_exists('contact',$_SESSION['_config'])) $_SESSION['_config']['contact'] = "";
+if (array_key_exists('L',$_SESSION['_config'])) $_SESSION['_config']['L'] = "";
+if (array_key_exists('ST',$_SESSION['_config'])) $_SESSION['_config']['ST'] = "";
+if (array_key_exists('C',$_SESSION['_config'])) $_SESSION['_config']['C'] = "";
+if (array_key_exists('comments',$_SESSION['_config'])) $_SESSION['_config']['comments'] = "";
+
?>
<form method="post" action="account.php">
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="2" class="title"><?=_("New Organisation")?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Organisation Name")?>:</td>
- <td class="DataTD"><input type="text" name="O" value="" maxlength="50" size="90"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Contact Email")?>:</td>
- <td class="DataTD"><input type="text" name="contact" value="" size="90"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Town/Suburb")?>:</td>
- <td class="DataTD"><input type="text" name="L" value="" size="90"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("State/Province")?>:</td>
- <td class="DataTD"><input type="text" name="ST" value="" size="90"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Country")?>:</td>
- <td class="DataTD"><input type="text" name="C" value="" size="5">
- <?php printf(_('(2 letter %s ISO code %s )'),
- '<a href="http://www.iso.org/iso/home/standards/country_codes/iso-3166-1_decoding_table.htm">',
- '</a>')?>
- </td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Comments")?>:</td>
- <td class="DataTD"><textarea name="comments" cols="60" rows="10"></textarea></td>
- </tr>
- <tr>
- <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
- </tr>
-</table>
+<?
+org_edit_org_table($orgname, $contactmail, $town, $state, $country, $comment, 0);
+?>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>
diff --git a/pages/account/25.php b/pages/account/25.php
index a70f608..db63529 100644
--- a/pages/account/25.php
+++ b/pages/account/25.php
@@ -63,7 +63,7 @@
$domcount = mysql_num_rows($r2);
?>
<tr>
- <td class="DataTD"><?=htmlspecialchars($row['O'])?>, <?=htmlspecialchars($row['ST'])?> <?=htmlspecialchars($row['C'])?></td>
+ <td class="DataTD"><?=sanitizeHTML($row['O'])?>, <?=sanitizeHTML($row['ST'])?> <?=sanitizeHTML($row['C'])?></td>
<td class="DataTD"><a href="account.php?id=26&amp;orgid=<?=intval($row['id'])?>"><?=_("Domains")?> (<?=$domcount?>)</a></td>
<td class="DataTD"><a href="account.php?id=32&amp;orgid=<?=$row['id']?>"><?=_("Admins")?> (<?=$admincount?>)</a></td>
<td class="DataTD"><a href="account.php?id=27&amp;orgid=<?=$row['id']?>"><?=_("Edit")?></a></td>
diff --git a/pages/account/27.php b/pages/account/27.php
index a1086d4..d07a781 100644
--- a/pages/account/27.php
+++ b/pages/account/27.php
@@ -16,46 +16,20 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
<?
- $row = mysql_fetch_assoc(mysql_query("select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'"));
+ $orgid = intval($_REQUEST['orgid']);
+ $row = mysql_fetch_assoc(mysql_query("select * from `orginfo` where `id`='" . $orgid . "'"));
+ $orgname = $row['O'];
+ $contactmail = $row['contact'];
+ $town = $row['L'];
+ $state = $row['ST'];
+ $country = $row['C'];
+ $comment = $row['comments'];
?>
<form method="post" action="account.php">
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="2" class="title"><?=_("Edit Organisation")?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Organisation Name")?>:</td>
- <td class="DataTD"><input type="text" name="O" value="<?=$row['O']?>" size="90"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Contact Email")?>:</td>
- <td class="DataTD"><input type="text" name="contact" value="<?=($row['contact'])?>" size="90"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Town/Suburb")?>:</td>
- <td class="DataTD"><input type="text" name="L" value="<?=($row['L'])?>" size="90"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("State/Province")?>:</td>
- <td class="DataTD"><input type="text" name="ST" value="<?=($row['ST'])?>" size="90"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Country")?>:</td>
- <td class="DataTD"><input type="text" name="C" value="<?=($row['C'])?>" size="5">
- <?php printf(_('(2 letter %s ISO code %s )'),
- '<a href="http://www.iso.org/iso/home/standards/country_codes/iso-3166-1_decoding_table.htm">',
- '</a>')?>
- </td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Comments")?>:</td>
- <td class="DataTD"><textarea name="comments" cols=60 rows=10><?=($row['comments'])?></textarea></td>
- </tr>
- <tr>
- <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td>
- </tr>
-</table>
+<?
+ org_edit_org_table($orgname, $contactmail, $town, $state, $country, $comment, 1);
+?>
<input type="hidden" name="oldid" value="<?=intval($id)?>">
-<input type="hidden" name="orgid" value="<?=intval($_REQUEST['orgid'])?>">
+<input type="hidden" name="orgid" value="<?=$orgid?>">
<input type="hidden" name="csrf" value="<?=make_csrf('orgdetchange')?>" />
</form>
diff --git a/pages/account/40.php b/pages/account/40.php
index a809595..9613c2d 100644
--- a/pages/account/40.php
+++ b/pages/account/40.php
@@ -1,6 +1,6 @@
<? /*
LibreSSL - CAcert web application
- Copyright (C) 2004-2008 CAcert Inc.
+ Copyright (C) 2004-2014 CAcert Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -17,16 +17,16 @@
*/
if(!array_key_exists('secrethash',$_SESSION['_config'])) $_SESSION['_config']['secrethash'] = md5(date("YmdHis").rand(0, intval(date("u"))));
?>
-<H3><?=_("Contact Us")?></H3>
+<h3><?=_("Contact Us")?></h3>
<p><b><?=_("General Questions")?></b></p>
-<p><b><?=_("PLEASE NOTE: Due to the large amounts of support questions, incorrectly directed emails may be over looked, this is a volunteer effort and directing general questions to the right place will help everyone, including yourself as you will get a reply quicker.")?></b></p>
+<p><b><?=_("PLEASE NOTE: CAcert support is a volunteer effort. You would help everyone, including yourself to get a reply quickly, by directing general questions to the right place. Due to the large amounts of support questions, incorrectly directed emails may be overlooked.")?></b></p>
<p><b><?=_("If you are contacting us about advertising, please use the form at the bottom of the website, the first contact form is not the correct place.")?></b></p>
-<p><?=sprintf(_("If you are having trouble with your username or password, please visit our %swiki page%s for more information"), "<a href='http://wiki.cacert.org/wiki/FAQ/LostPasswordOrAccount' target='_new'>", "</a>");?></p>
+<p><?=sprintf(_("If you are having trouble with your username or password, please visit our %swiki page%s for more information"), "<a href='//wiki.cacert.org/wiki/FAQ/LostPasswordOrAccount' target='_new'>", "</a>");?></p>
<p><?=_("Before contacting us, be sure to read the information on our official and unofficial HowTo and FAQ pages.")?> - <a href="//wiki.cacert.org/HELP/"><?=_("Go here for more details.")?></a></p>
-<p><?=_("General questions about CAcert should be sent to the general support list, please send all emails in ENGLISH only, this list has many more volunteers then those directly involved with the running of the website, everyone on the mailing list understands english, even if this isn't their native language this will increase your chance at a competent reply. While it's best if you sign up to the mailing list to get replied to, you don't have to, but please make sure you note this in your email, otherwise it might seem like you didn't get a reply to your question.")?></p>
-<p><a href="https://lists.cacert.org/wws/info/cacert-support"><?=_("Click here to go to the Support List")?></a></p>
-<p><?=_("You can alternatively use the form below, however joining the list is the prefered option to support your queries")?></p>
+<p><?=_("General questions about CAcert should be sent to the general support mailing list. This list is read by many more volunteers, then those directly involved in the support team. Please send all emails in ENGLISH only, as everyone on the mailing list understands English, even if this is not their native language. Doing so will increase your chance to get a competent reply.")?></p>
+<p>
+<?=sprintf(_("You can use the form below to contact the support team directly. The mail is NOT send to the mailing list. Alternatively you can contact the support team by writing an email to %ssupport@cacert.org%s"), "<a href='mailto:support@cacert.org'>", "</a>");?></p>
<form method="post" action="account.php" name="form1">
<input type="hidden" name="oldid" value="<?=$id?>">
<!-- <input type="hidden" name="support" value="yes"> -->
@@ -35,23 +35,32 @@ if(!array_key_exists('secrethash',$_SESSION['_config'])) $_SESSION['_config']['s
<label>If you're human leave this blank:</label>
<input name="robotest" type="text" id="robotest" class="robotest" />
</p>
-<table border="0">
- <tr><td width="100"><?=_("Your Name")?>:</td><td width="100"><input type="text" name="who"></td><td width="100"></td><td width="100"></td>
- <tr><td width="100"><?=_("Your Email")?>:</td><td colspan="3"><input type="text" name="email"></td>
- <tr><td width="100"><?=_("Subject")?>:</td><td colspan="3"><input type="text" name="subject"></td></tr>
- <tr><td width="100" valign="top"><?=_("Message")?>:</td><td colspan="3"><textarea name="message" cols="70" rows="10"></textarea></td></tr>
-
+ <table border="0">
+ <tr>
+ <td width="100"><?=_("Your Name")?>:</td>
+ <td width="300"><input type="text" name="who"></td>
+ </tr>
+ <tr>
+ <td><?=_("Your Email")?>:</td>
+ <td><input type="text" name="email"></td>
+ </tr>
+ <tr>
+ <td><?=_("Subject")?>:</td>
+ <td><input type="text" name="subject"></td>
+ </tr>
+ <tr>
+ <td valign="top"><?=_("Message")?>:</td>
+ <td><textarea name="message" cols="70" rows="10"></textarea></td>
+ </tr>
<tr>
- <td colspan="2"><font color="#ff0000"><?=_("Warning: Please do not use \"send to mailing list\" when you entered confidential data. The request is being sent to a public mailinglist.")?></font></td>
<td colspan="2"><?=_("For confidential data use \"send to support\".")?></td>
</tr>
<tr>
- <td colspan="2"><input type="submit" name="process[0]" value="<?=_("Send to mailing list")?>"></td>
<td colspan="2"><input type="submit" name="process[1]" value="<?=_("Send to support")?>"></td>
</tr>
</table>
</form>
-
+<p><a href="https://lists.cacert.org/wws/info/cacert-support"><?=_("Click here to go to the Support List")?></a></p>
<p><b>IRC</b></p>
<p><a href="irc://irc.CAcert.org/CAcert">irc://irc.CAcert.org/CAcert</a></p>
<p><b>Secure IRC</b></p>
diff --git a/pages/account/41.php b/pages/account/41.php
index d61d8db..f644025 100644
--- a/pages/account/41.php
+++ b/pages/account/41.php
@@ -57,7 +57,7 @@ require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php');
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
- $lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='".mysql_escape_string($row['lang'])."'"));
+ $lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='".mysql_real_escape_string($row['lang'])."'"));
?>
<tr>
<td class="DataTD"><?=_("Additional Language")?>:</td>
diff --git a/pages/account/43.php b/pages/account/43.php
index c889ce3..279da15 100644
--- a/pages/account/43.php
+++ b/pages/account/43.php
@@ -37,7 +37,7 @@ if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
{
$_REQUEST['userid'] = 0;
- $emailsearch = $email = mysql_real_escape_string(stripslashes($_REQUEST['email']));
+ $emailsearch = $email = mysql_real_escape_string(stripslashes(trim($_REQUEST['email'])));
//Disabled to speed up the queries
//if(!strstr($email, "%"))
@@ -112,17 +112,10 @@ if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
// display user information for given user id
if(intval($_REQUEST['userid']) > 0) {
$userid = intval($_REQUEST['userid']);
- $res =get_user_data($userid);
- if(mysql_num_rows($res) <= 0) {
+ $user_data_res =get_user_data($userid);
+ if(mysql_num_rows($user_data_res) <= 0) {
echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!");
} else {
- $row = mysql_fetch_assoc($res);
- $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."' and `deleted` = 0";
- $dres = mysql_query($query);
- $drow = mysql_fetch_assoc($dres);
- $alerts =get_alerts(intval($row['id']));
-
-//display account data
//deletes an assurance
if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0 && $ticketvalidation == true)
@@ -136,8 +129,7 @@ if(intval($_REQUEST['userid']) > 0) {
if ($res) {
$trow = mysql_fetch_assoc($res);
if ($trow) {
- mysql_query("update `notary` set `deleted`=NOW() where `id`='".intval($assurance)."'");
- fix_assurer_flag($trow['to']);
+ revoke_assurance(intval($assurance),$trow['to']);
}
}
}
@@ -145,6 +137,15 @@ if(intval($_REQUEST['userid']) > 0) {
$ticketmsg=_('No assurance revoked. Ticket number is missing!');
}
+ $row = mysql_fetch_assoc($user_data_res);
+ $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."' and `deleted` = 0";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $alerts =get_alerts(intval($row['id']));
+
+//display account data
+
+
//Ticket number
?>
@@ -283,12 +284,6 @@ if(intval($_REQUEST['userid']) > 0) {
<td class="DataTD"><?=_("Ad Admin")?>:</td>
<td class="DataTD"><a href="account.php?id=43&amp;adadmin=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['adadmin'])?></a> (0 = none, 1 = submit, 2 = approve)</td>
</tr>
- <!-- presently not needed
- <tr>
- <td class="DataTD"><?=_("Tverify Account")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;tverify=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['tverify'])?></a></td>
- </tr>
- -->
<tr>
<td class="DataTD"><?=_("General Announcements")?>:</td>
<td class="DataTD"><a href="account.php?id=43&amp;general=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($alerts['general'])?></a></td>
@@ -327,6 +322,19 @@ if(intval($_REQUEST['userid']) > 0) {
</tr>
<?
} else {
+ $body = sprintf(_("Hi %s,"),$row['fname'])."\n\n";
+ $body .= sprintf(_("You receive this automatic mail becasue a supporter ".
+ "looked up your secret questions and answers for a forgotten ".
+ "password.\n\n".
+ "Time: %s\n\n".
+ "If you received this mail without a recognisable reason, ".
+ "there is a danger that an unauthorised person accessed your ".
+ "account, and you should promptly report this to support@cacert.org."),
+ date("Y-m-d H:i:s T"))."\n\n";
+
+ $body .= _("Best regards")."\n"._("CAcert Support");
+
+ sendmail($row['email'], "[CAcert.org] "._("Email Notification"), $body, "support@cacert.org", "", "", "CAcert Support");
?>
<tr>
<td class="DataTD"><?=_("Lost Password")?> - Q1:</td>
@@ -390,7 +398,7 @@ if(intval($_REQUEST['userid']) > 0) {
?>
<tr>
<td class="DataTD"><?=_("Assurance Points")?>:</td>
- <td class="DataTD"><?=intval($drow['points'])?></td>
+ <td class="DataTD"><?=get_received_total_points(intval($row['id']))?></td>
</tr>
<?
// show account history
diff --git a/pages/account/48.php b/pages/account/48.php
index 8cdd7ac..67f2520 100644
--- a/pages/account/48.php
+++ b/pages/account/48.php
@@ -26,6 +26,9 @@
<td class="DataTD"><input type="text" name="domain" value="<?=array_key_exists('domain',$_POST)?sanitizeHTML($_POST['domain']):''?>"></td>
</tr>
<tr>
+ <td class="DataTD" colspan="2"><?=_("For search by ID use # prefix e.g. #123456")?></td>
+ </tr>
+ <tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
</tr>
</table>
diff --git a/pages/account/49.php b/pages/account/49.php
index 0218fa0..e9973f2 100644
--- a/pages/account/49.php
+++ b/pages/account/49.php
@@ -19,44 +19,51 @@
$userid=0; if(array_key_exists('userid',$_GET)) $userid=intval($_GET['userid']);
if($userid <= 0)
{
- $domainsearch = $domain = mysql_escape_string(stripslashes($_POST['domain']));
- if(!strstr($domain, "%"))
+ $domainsearch = $domain = mysql_real_escape_string(trim(stripslashes($_POST['domain'])));
+ if(!strstr($domain, "%")) {
$domainsearch = "%$domain%";
- if(preg_match("/^\d+$/",$domain))
+ }
+
+ //check if request is id if not set search ID to -1
+ if(preg_match('/^#(\d+)$/', $domain, $match)) {
$domainsearch = "";
+ $domainid = intval($match[1]);
+ } else {
+ $domainid = -1;
+ }
+
$query = "select `users`.`id` as `id`, `domains`.`domain` as `domain`, `domains`.`id`as `domid` from `users`,`domains`
where `users`.`id`=`domains`.`memid` and
- (`domains`.`domain` like '$domainsearch' or `domains`.`id`='$domain') and
+ (`domains`.`domain` like '$domainsearch' or `domains`.`id`='$domainid') and
`domains`.`deleted`=0 and `users`.`deleted`=0 and
`users`.`verified`=1
group by `users`.`id` limit 100";
$res = mysql_query($query);
- if(mysql_num_rows($res) >= 1) { ?>
+ if(mysql_num_rows($res) > 1) { ?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="5" class="title"><?=_("Select Specific User Account Details")?></td>
</tr>
-<?
- while($row = mysql_fetch_assoc($res))
- { ?>
+<? while($row = mysql_fetch_assoc($res)) { ?>
<tr>
<td class="DataTD"><?=_("Domain")?>:</td>
<td class="DataTD"><?=$row['domid']?></td>
<td class="DataTD"><a href="account.php?id=43&amp;userid=<?=$row['id']?>"><?=sanitizeHTML($row['domain'])?></a></td>
</tr>
-<? } if(mysql_num_rows($res) >= 100) { ?>
+<? }
+ if(mysql_num_rows($res) >= 100) { ?>
<tr>
<td class="DataTD" colspan="3"><?=_("Only the first 100 rows are displayed.")?></td>
</tr>
-<? } else { ?>
+<? } else { ?>
<tr>
<td class="DataTD" colspan="3"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td>
</tr>
-<? } ?>
+<? } ?>
</table><br><br>
<? } elseif(mysql_num_rows($res) == 1) {
$row = mysql_fetch_assoc($res);
- $_GET['userid'] = intval($row['id']);
+ $userid = intval($row['id']);
} else {
?><table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
@@ -64,35 +71,33 @@
</tr>
</table><br><br><?
}
-
- $query = "select `orgid`,`domain`,`id` from `orgdomains` where `domain` like '$domainsearch' or `id`='$domain' limit 100";
+ $query = "select `orgid`,`domain`,`id` from `orgdomains` where `domain` like '$domainsearch' or `id`='$domainid' limit 100";
$res = mysql_query($query);
- if(mysql_num_rows($res) >= 1) { ?>
+ if(mysql_num_rows($res) > 1) { ?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="5" class="title"><?=_("Select Specific Organisation Account Details")?></td>
</tr>
-<?
- while($row = mysql_fetch_assoc($res))
- { ?>
+<? while($row = mysql_fetch_assoc($res)) { ?>
<tr>
<td class="DataTD"><?=_("Domain")?>:</td>
<td class="DataTD"><?=$row['id']?></td>
<td class="DataTD"><a href="account.php?id=26&amp;orgid=<?=intval($row['orgid'])?>"><?=sanitizeHTML($row['domain'])?></a></td>
</tr>
-<? } if(mysql_num_rows($res) >= 100) { ?>
+<? }
+ if(mysql_num_rows($res) >= 100) { ?>
<tr>
<td class="DataTD" colspan="3"><?=_("Only the first 100 rows are displayed.")?></td>
</tr>
-<? } else { ?>
+<? } else { ?>
<tr>
<td class="DataTD" colspan="3"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td>
</tr>
-<? } ?>
+<? } ?>
</table><br><br>
<? } elseif(mysql_num_rows($res) == 1) {
$row = mysql_fetch_assoc($res);
- $_GET['userid'] = intval($row['id']);
+ $userid = intval($row['id']);
} else {
?><table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
@@ -104,7 +109,7 @@
if($userid > 0)
{
- header("location: account.php?id=43&userid=".intval($_GET['userid']));
+ header("location: account.php?id=43&userid=".intval($userid));
exit;
}
?>
diff --git a/pages/account/51.php b/pages/account/51.php
deleted file mode 100644
index 7273840..0000000
--- a/pages/account/51.php
+++ /dev/null
@@ -1,34 +0,0 @@
-<? /*
- LibreSSL - CAcert web application
- Copyright (C) 2004-2008 CAcert Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<? if($_SESSION['profile']['tverify'] <= 0) { echo _("You don't have access to this area."); } else { ?>
-<?
- $uid = intval($_GET['photoid']);
- $query = "select * from `tverify` where `id`='$uid' and `modified`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0) { ?>
-<img src="account.php?id=51&amp;photoid=<?=$uid ?>&amp;img=show" border="0" width="800">
-<? } else {
- $query = "select * from `tverify` where `id`='$uid' and `modified`=1";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
- {
- echo _("This UID has already been voted on.");
- } else {
- echo _("Unable to locate a valid request for that UID.");
- }
- } } ?>
diff --git a/pages/account/52.php b/pages/account/52.php
deleted file mode 100644
index 6c00c26..0000000
--- a/pages/account/52.php
+++ /dev/null
@@ -1,105 +0,0 @@
-<? /*
- LibreSSL - CAcert web application
- Copyright (C) 2004-2008 CAcert Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/
-
-if($_SESSION['profile']['tverify'] <= 0) {
- echo _("You don't have access to this area.");
-} else {
- $uid = intval($_GET['uid']);
- $query = "select * from `tverify` where `id`='".intval($uid)."' and `modified`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0) {
- $row = mysql_fetch_assoc($res);
- $memid = intval($row['memid']);
-
- $query2 = "select * from `tverify-vote` where `tverify`='".intval($uid)."' and `memid`='".intval($_SESSION['profile']['id'])."'";
- $rc2 = mysql_num_rows(mysql_query($query2));
- if($rc2 > 0) {
- showheader(_("My CAcert.org Account!"));
- echo _("You have already voted on this request.");
- showfooter();
- exit;
- }
-
- $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($memid)."' and `deleted` = 0";
- $notary = mysql_fetch_assoc(mysql_query($query));
- $query = "select * from `users` where `id`='".intval($memid)."'";
- $user = mysql_fetch_assoc(mysql_query($query));
- $tobe = 50 - $notary['points'];
- if($row['URL'] != '' && $row['photoid'] != '') {
- $tobe = 150 - $notary['points'];
- } else if($row['URL'] != '') {
- $tobe = 90 - $notary['points'];
- }
- if(intval($tobe) <= 0) {
- $tobe = 0;
- }
-?>
-<?=_("Request Details")?>:<br>
-<?=_("Name on file")?>: <?=sanitizeHTML($user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix'])?><br>
-<?=_("Primary email address")?>: <?=sanitizeHTML($user['email'])." (".intval($user['id']).")"?><br>
-<?=_("Certificate Subject")?>: <?=sanitizeHTML($row['CN'])?><br>
-<? if($row['URL'] != '') { ?>
-<?=_("Notary URL")?>: <a href="<?=$row['URL']?>"><?=$row['URL']?></a><br>
-<? } ?>
-<? if($row['photoid'] != '') { ?>
-<?=_("Photo ID URL")?>: <a href="/account.php?id=51&amp;photoid=<?=intval($row['id'])?>"><?=_("Here")?></a><br>
-<? } ?>
-<?=_("Current Points")?>: <?=intval($notary['points'])?><br>
-<?=_("Potential Points")?>: <?=intval($tobe)?><br>
-<?=_("Date of Birth")?>: <?=$user['dob']?> (YYYY-MM-DD)<br>
-
-<br>
-<form method="post" action="account.php">
-<?=_("Comment")?>: <input type="text" name="comment"><br>
-<input type="submit" name="agree" value="<?=_("I agree with this Application")?>">
-<input type="submit" name="disagree" value="<?=_("I don't agree with this Application")?>">
-<input type="hidden" name="oldid" value="<?=intval($_GET['id'])?>">
-<input type="hidden" name="uid" value="<?=intval($uid)?>">
-</form>
-<?
- } else {
- $query = "select * from `tverify` where `id`='".intval($uid)."' and `modified`=1";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0) {
- echo _("This UID has already been voted on.")."<br/>";
- } else {
- if($uid) echo _("Unable to locate a valid request for that UID.")."<br/>";
- }
-
- // Search for open requests:
- $query = "select * from `tverify` where `modified`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0) {
- echo "<br/>"._("The following requests are still open:")."<br/><ul>";
- while($row = mysql_fetch_assoc($res)) {
- $uid=intval($row['id']);
- $query3 = "select * from `tverify-vote` where `tverify`='".intval($uid)."' and `memid`='".intval($_SESSION['profile']['id'])."'";
- $rc3 = mysql_num_rows(mysql_query($query3));
- if($rc3 <= 0)
- {
- echo "<li><a href='account.php?id=52&amp;uid=".intval($row['id'])."'>".intval($row['id'])."</a></li>\n";
- }
- }
- echo "</ul>\n<br>\n";
- } else {
- echo "<br/>"._("There are no pending requests where you haven't voted yet.");
- }
- }
-}
-
-?>
diff --git a/pages/account/53.php b/pages/account/53.php
index cc9e2d6..1ec04b2 100644
--- a/pages/account/53.php
+++ b/pages/account/53.php
@@ -16,7 +16,7 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
<?
- $town = array_key_exists('town',$_REQUEST)?mysql_escape_string(stripslashes($_REQUEST['town'])):"";
+ $town = array_key_exists('town',$_REQUEST)?mysql_real_escape_string(stripslashes($_REQUEST['town'])):"";
$regid = array_key_exists('regid',$_REQUEST)?intval($_REQUEST['regid']):0;
$ccid = array_key_exists('ccid',$_REQUEST)?intval($_REQUEST['ccid']):0;
$start = array_key_exists('start',$_REQUEST)?intval($_REQUEST['start']):0;
diff --git a/pages/account/54.php b/pages/account/54.php
index 753b4af..35dce33 100644
--- a/pages/account/54.php
+++ b/pages/account/54.php
@@ -19,7 +19,7 @@
$ccid = array_key_exists('ccid',$_REQUEST)?intval($_REQUEST['ccid']):0;
$regid = array_key_exists('regid',$_REQUEST)?intval($_REQUEST['regid']):0;
$locid = array_key_exists('locid',$_REQUEST)?intval($_REQUEST['locid']):0;
- $name = array_key_exists('name',$_REQUEST)?mysql_escape_string($_REQUEST['name']):"";
+ $name = array_key_exists('name',$_REQUEST)?mysql_real_escape_string($_REQUEST['name']):"";
if($ccid > 0 && $_REQUEST['action'] == "add") { ?>
<form method="post" action="account.php">
diff --git a/pages/account/55.php b/pages/account/55.php
index 24cc86d..2032b18 100644
--- a/pages/account/55.php
+++ b/pages/account/55.php
@@ -90,10 +90,11 @@
$query = '
SELECT `u`.`id`,
`u`.`assurer`,
- SUM(`points`)
+ SUM(`awarded`)
FROM `users` AS `u`,
`notary` AS `n`
WHERE `u`.`id` = \''.intval($_SESSION['profile']['id']).'\'
+ AND `n`.`method` != \'Administrative Increase\' AND `n`.`from` != `n`.`to`
AND `n`.`to` = `u`.`id`
AND `expire` < NOW()
AND `n`.`deleted` = 0
diff --git a/pages/account/6.php b/pages/account/6.php
index de8d1a3..2719e27 100644
--- a/pages/account/6.php
+++ b/pages/account/6.php
@@ -97,6 +97,11 @@ if (array_key_exists('format', $_REQUEST)) {
} else {
showheader(_("My CAcert.org Account!"), _("Install your certificate"));
+
+ echo '<p>'.sprintf(_('Find the signed certificate together with links for download below. Depending on the way your key was generated you will need to either import the certificate into your browser and export the combined key from there, or save the certificate and combine it with your key file using a tool like OpenSSL or XCA. More information is available in the %sWiki%s.'), '<a href="https://wiki.cacert.org/HowToDocuments/InstallClientCertificate" target="_blank">','</a>').'</p>';
+
+ echo '<p>'.sprintf(_('Nota bene: We need your support to keep our services operational. Please consider to %sdonate%s or support our teams with your work.'), '<a href="https://funding.cacert.org" target="_blank">','</a>').'</p>';
+
echo '<ul class="no_indent">';
echo "<li><a href='account.php?id=$id&amp;cert=$certid&amp;install'>".
_("Install the certificate into your browser").
@@ -113,8 +118,8 @@ if (array_key_exists('format', $_REQUEST)) {
$crtname=escapeshellarg($row['crt_name']);
$cert = shell_exec("/usr/bin/openssl x509 -in $crtname -outform PEM");
echo "<pre>$cert</pre>";
+?>
- ?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("Information about the certificate")?></td>