summaryrefslogtreecommitdiff
path: root/pages/account
diff options
context:
space:
mode:
Diffstat (limited to 'pages/account')
-rw-r--r--pages/account/13.php18
-rw-r--r--pages/account/15.php2
-rw-r--r--pages/account/16.php1
-rw-r--r--pages/account/17.php9
-rw-r--r--pages/account/19.php6
-rw-r--r--pages/account/23.php2
-rw-r--r--pages/account/24.php62
-rw-r--r--pages/account/27.php50
-rw-r--r--pages/account/40.php41
-rw-r--r--pages/account/41.php2
-rw-r--r--pages/account/43.php11
-rw-r--r--pages/account/48.php3
-rw-r--r--pages/account/49.php51
-rw-r--r--pages/account/51.php34
-rw-r--r--pages/account/52.php105
-rw-r--r--pages/account/53.php2
-rw-r--r--pages/account/54.php2
-rw-r--r--pages/account/55.php235
-rw-r--r--pages/account/56.php82
-rw-r--r--pages/account/6.php8
20 files changed, 279 insertions, 447 deletions
diff --git a/pages/account/13.php b/pages/account/13.php
index b82f474..767e721 100644
--- a/pages/account/13.php
+++ b/pages/account/13.php
@@ -14,8 +14,8 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<?
+*/
+
$query = "select * from `users` where `id`='".intval($_SESSION['profile']['id'])."' and `users`.`deleted`=0";
$res = mysql_query($query);
$user = mysql_fetch_assoc($res);
@@ -29,7 +29,7 @@
$body = sprintf(_("Hi %s,"),$user['fname'])."\n\n";
$ip = anonymizeIp($_SERVER['REMOTE_ADDR']);
if($ip === false) {
- $ip = _("Error");
+ $ip = _("Error anonymising IP/network information");
}
$body .= sprintf(_("You receive this automatic mail since you yourself or someone ".
"else looked up your secret questions and answers for a forgotten ".
@@ -134,20 +134,10 @@
<td colspan="2" class="title"><a href="account.php?id=59&amp;oldid=13&amp;userid=<?=intval($_SESSION['profile']['id'])?>"><?=_('Show account history')?></a></td>
</tr>
<tr>
- <td colspan="2" class="title"><a href="account.php?id=13&amp;showdetails=<?=intval(!$showdetails)?>"><?=_("View secret question & answers and OTP phrases")?></a></td>
+ <td colspan="2" class="title"><a href="account.php?id=13&amp;showdetails=<?=intval(!$showdetails)?>"><?=_("View secret question & answers")?></a></td>
</tr>
<? if($showdetails){ ?>
<tr>
- <td class="DataTD"><?=_("OTP Hash")?><br>
- (<?=_("Not displayed")?>)</td>
- <td class="DataTD"><input type="text" name="otphash"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("OTP PIN")?><br>
- (<?=_("Not displayed")?>)</td>
- <td class="DataTD"><input type="text" name="otppin"></td>
- </tr>
- <tr>
<td class="DataTD" colspan="2"><?=_("Lost Pass Phrase Questions")?></td>
</tr>
<tr>
diff --git a/pages/account/15.php b/pages/account/15.php
index 6cd3115..405cb44 100644
--- a/pages/account/15.php
+++ b/pages/account/15.php
@@ -30,7 +30,7 @@
}
$row = mysql_fetch_assoc($res);
$crtname=escapeshellarg($row['crt_name']);
- $cert = `/usr/bin/openssl x509 -in $crtname`;
+ $cert = shell_exec("/usr/bin/openssl x509 -in $crtname");
?>
<h3><?=_("Below is your Server Certificate")?></h3>
<pre>
diff --git a/pages/account/16.php b/pages/account/16.php
index 8783bc5..829897f 100644
--- a/pages/account/16.php
+++ b/pages/account/16.php
@@ -104,6 +104,7 @@ if (array_key_exists('emails',$_SESSION['_config']) && is_array($_SESSION['_conf
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>
+<?=_("Please fill out the form, when all data is entered and you click \"Next\" you can add either a CSR (certificate signing request) or create a new key with your browser. Even in the case that a CSR is given the data from this form will be used for the certificate. Only the public key information of the CSR will be copied.")?>
<script language="javascript">
function showExpert(a)
diff --git a/pages/account/17.php b/pages/account/17.php
index 8ac8b65..0d5c2c7 100644
--- a/pages/account/17.php
+++ b/pages/account/17.php
@@ -17,3 +17,12 @@
*/
require_once($_SESSION['_config']['filepath'].'/includes/keygen.php');
+
+?>
+ -- <?=_("or")?> --
+ <form method="post" action="account.php">
+ <input type="hidden" name="keytype" value="VI">
+ <textarea rows="20" cols="40" name="CSR"></textarea>
+ <input type="submit" name="submit" value="<?=_("Submit CSR")?>">
+ <input type="hidden" name="oldid" value="17">
+ </form>
diff --git a/pages/account/19.php b/pages/account/19.php
index 6a2749c..d7259f3 100644
--- a/pages/account/19.php
+++ b/pages/account/19.php
@@ -31,7 +31,7 @@
}
$row = mysql_fetch_assoc($res);
$crtname=escapeshellarg($row['crt_name']);
- $cert = `/usr/bin/openssl x509 -in $crtname`;
+ $cert = shell_exec("/usr/bin/openssl x509 -in $crtname");
if($row['keytype'] == "NS")
{
@@ -52,6 +52,10 @@
showfooter();
exit;
}
+ } else if($row['keytype'] == "VI"){
+ showheader(_("My CAcert.org Account!"));
+ echo "<pre>".$cert."</pre>";
+ showfooter();
} else {
showheader(_("My CAcert.org Account!"));
?>
diff --git a/pages/account/23.php b/pages/account/23.php
index 4ec56c3..4255b47 100644
--- a/pages/account/23.php
+++ b/pages/account/23.php
@@ -30,7 +30,7 @@
}
$row = mysql_fetch_assoc($res);
$crtname=escapeshellarg($row['crt_name']);
- $cert = `/usr/bin/openssl x509 -in $crtname`;
+ $cert = shell_exec("/usr/bin/openssl x509 -in $crtname");
?>
<h3><?=_("Below is your Server Certificate")?></h3>
<pre>
diff --git a/pages/account/24.php b/pages/account/24.php
index 14a47c0..2ad526e 100644
--- a/pages/account/24.php
+++ b/pages/account/24.php
@@ -16,51 +16,25 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
<?
- // Reset session variables regarding Org's, present empty form
- if (array_key_exists('O',$_SESSION['_config'])) $_SESSION['_config']['O'] = "";
- if (array_key_exists('contact',$_SESSION['_config'])) $_SESSION['_config']['contact'] = "";
- if (array_key_exists('L',$_SESSION['_config'])) $_SESSION['_config']['L'] = "";
- if (array_key_exists('ST',$_SESSION['_config'])) $_SESSION['_config']['ST'] = "";
- if (array_key_exists('C',$_SESSION['_config'])) $_SESSION['_config']['C'] = "";
- if (array_key_exists('comments',$_SESSION['_config'])) $_SESSION['_config']['comments'] = "";
-
+$orgname = '';
+$contactmail = '';
+$town = '';
+$state = '';
+$country = '';
+$comment = '';
+
+ // Reset session variables regarding Org's, present empty form
+if (array_key_exists('O',$_SESSION['_config'])) $_SESSION['_config']['O'] = "";
+if (array_key_exists('contact',$_SESSION['_config'])) $_SESSION['_config']['contact'] = "";
+if (array_key_exists('L',$_SESSION['_config'])) $_SESSION['_config']['L'] = "";
+if (array_key_exists('ST',$_SESSION['_config'])) $_SESSION['_config']['ST'] = "";
+if (array_key_exists('C',$_SESSION['_config'])) $_SESSION['_config']['C'] = "";
+if (array_key_exists('comments',$_SESSION['_config'])) $_SESSION['_config']['comments'] = "";
+
?>
<form method="post" action="account.php">
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="2" class="title"><?=_("New Organisation")?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Organisation Name")?>:</td>
- <td class="DataTD"><input type="text" name="O" value="" maxlength="50" size="90"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Contact Email")?>:</td>
- <td class="DataTD"><input type="text" name="contact" value="" size="90"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Town/Suburb")?>:</td>
- <td class="DataTD"><input type="text" name="L" value="" size="90"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("State/Province")?>:</td>
- <td class="DataTD"><input type="text" name="ST" value="" size="90"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Country")?>:</td>
- <td class="DataTD"><input type="text" name="C" value="" size="5">
- <?php printf(_('(2 letter %s ISO code %s )'),
- '<a href="http://www.iso.org/iso/home/standards/country_codes/iso-3166-1_decoding_table.htm">',
- '</a>')?>
- </td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Comments")?>:</td>
- <td class="DataTD"><textarea name="comments" cols="60" rows="10"></textarea></td>
- </tr>
- <tr>
- <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
- </tr>
-</table>
+<?
+org_edit_org_table($orgname, $contactmail, $town, $state, $country, $comment, 0);
+?>
<input type="hidden" name="oldid" value="<?=$id?>">
</form>
diff --git a/pages/account/27.php b/pages/account/27.php
index a1086d4..d07a781 100644
--- a/pages/account/27.php
+++ b/pages/account/27.php
@@ -16,46 +16,20 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
<?
- $row = mysql_fetch_assoc(mysql_query("select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'"));
+ $orgid = intval($_REQUEST['orgid']);
+ $row = mysql_fetch_assoc(mysql_query("select * from `orginfo` where `id`='" . $orgid . "'"));
+ $orgname = $row['O'];
+ $contactmail = $row['contact'];
+ $town = $row['L'];
+ $state = $row['ST'];
+ $country = $row['C'];
+ $comment = $row['comments'];
?>
<form method="post" action="account.php">
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="2" class="title"><?=_("Edit Organisation")?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Organisation Name")?>:</td>
- <td class="DataTD"><input type="text" name="O" value="<?=$row['O']?>" size="90"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Contact Email")?>:</td>
- <td class="DataTD"><input type="text" name="contact" value="<?=($row['contact'])?>" size="90"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Town/Suburb")?>:</td>
- <td class="DataTD"><input type="text" name="L" value="<?=($row['L'])?>" size="90"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("State/Province")?>:</td>
- <td class="DataTD"><input type="text" name="ST" value="<?=($row['ST'])?>" size="90"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Country")?>:</td>
- <td class="DataTD"><input type="text" name="C" value="<?=($row['C'])?>" size="5">
- <?php printf(_('(2 letter %s ISO code %s )'),
- '<a href="http://www.iso.org/iso/home/standards/country_codes/iso-3166-1_decoding_table.htm">',
- '</a>')?>
- </td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("Comments")?>:</td>
- <td class="DataTD"><textarea name="comments" cols=60 rows=10><?=($row['comments'])?></textarea></td>
- </tr>
- <tr>
- <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td>
- </tr>
-</table>
+<?
+ org_edit_org_table($orgname, $contactmail, $town, $state, $country, $comment, 1);
+?>
<input type="hidden" name="oldid" value="<?=intval($id)?>">
-<input type="hidden" name="orgid" value="<?=intval($_REQUEST['orgid'])?>">
+<input type="hidden" name="orgid" value="<?=$orgid?>">
<input type="hidden" name="csrf" value="<?=make_csrf('orgdetchange')?>" />
</form>
diff --git a/pages/account/40.php b/pages/account/40.php
index a809595..9613c2d 100644
--- a/pages/account/40.php
+++ b/pages/account/40.php
@@ -1,6 +1,6 @@
<? /*
LibreSSL - CAcert web application
- Copyright (C) 2004-2008 CAcert Inc.
+ Copyright (C) 2004-2014 CAcert Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -17,16 +17,16 @@
*/
if(!array_key_exists('secrethash',$_SESSION['_config'])) $_SESSION['_config']['secrethash'] = md5(date("YmdHis").rand(0, intval(date("u"))));
?>
-<H3><?=_("Contact Us")?></H3>
+<h3><?=_("Contact Us")?></h3>
<p><b><?=_("General Questions")?></b></p>
-<p><b><?=_("PLEASE NOTE: Due to the large amounts of support questions, incorrectly directed emails may be over looked, this is a volunteer effort and directing general questions to the right place will help everyone, including yourself as you will get a reply quicker.")?></b></p>
+<p><b><?=_("PLEASE NOTE: CAcert support is a volunteer effort. You would help everyone, including yourself to get a reply quickly, by directing general questions to the right place. Due to the large amounts of support questions, incorrectly directed emails may be overlooked.")?></b></p>
<p><b><?=_("If you are contacting us about advertising, please use the form at the bottom of the website, the first contact form is not the correct place.")?></b></p>
-<p><?=sprintf(_("If you are having trouble with your username or password, please visit our %swiki page%s for more information"), "<a href='http://wiki.cacert.org/wiki/FAQ/LostPasswordOrAccount' target='_new'>", "</a>");?></p>
+<p><?=sprintf(_("If you are having trouble with your username or password, please visit our %swiki page%s for more information"), "<a href='//wiki.cacert.org/wiki/FAQ/LostPasswordOrAccount' target='_new'>", "</a>");?></p>
<p><?=_("Before contacting us, be sure to read the information on our official and unofficial HowTo and FAQ pages.")?> - <a href="//wiki.cacert.org/HELP/"><?=_("Go here for more details.")?></a></p>
-<p><?=_("General questions about CAcert should be sent to the general support list, please send all emails in ENGLISH only, this list has many more volunteers then those directly involved with the running of the website, everyone on the mailing list understands english, even if this isn't their native language this will increase your chance at a competent reply. While it's best if you sign up to the mailing list to get replied to, you don't have to, but please make sure you note this in your email, otherwise it might seem like you didn't get a reply to your question.")?></p>
-<p><a href="https://lists.cacert.org/wws/info/cacert-support"><?=_("Click here to go to the Support List")?></a></p>
-<p><?=_("You can alternatively use the form below, however joining the list is the prefered option to support your queries")?></p>
+<p><?=_("General questions about CAcert should be sent to the general support mailing list. This list is read by many more volunteers, then those directly involved in the support team. Please send all emails in ENGLISH only, as everyone on the mailing list understands English, even if this is not their native language. Doing so will increase your chance to get a competent reply.")?></p>
+<p>
+<?=sprintf(_("You can use the form below to contact the support team directly. The mail is NOT send to the mailing list. Alternatively you can contact the support team by writing an email to %ssupport@cacert.org%s"), "<a href='mailto:support@cacert.org'>", "</a>");?></p>
<form method="post" action="account.php" name="form1">
<input type="hidden" name="oldid" value="<?=$id?>">
<!-- <input type="hidden" name="support" value="yes"> -->
@@ -35,23 +35,32 @@ if(!array_key_exists('secrethash',$_SESSION['_config'])) $_SESSION['_config']['s
<label>If you're human leave this blank:</label>
<input name="robotest" type="text" id="robotest" class="robotest" />
</p>
-<table border="0">
- <tr><td width="100"><?=_("Your Name")?>:</td><td width="100"><input type="text" name="who"></td><td width="100"></td><td width="100"></td>
- <tr><td width="100"><?=_("Your Email")?>:</td><td colspan="3"><input type="text" name="email"></td>
- <tr><td width="100"><?=_("Subject")?>:</td><td colspan="3"><input type="text" name="subject"></td></tr>
- <tr><td width="100" valign="top"><?=_("Message")?>:</td><td colspan="3"><textarea name="message" cols="70" rows="10"></textarea></td></tr>
-
+ <table border="0">
+ <tr>
+ <td width="100"><?=_("Your Name")?>:</td>
+ <td width="300"><input type="text" name="who"></td>
+ </tr>
+ <tr>
+ <td><?=_("Your Email")?>:</td>
+ <td><input type="text" name="email"></td>
+ </tr>
+ <tr>
+ <td><?=_("Subject")?>:</td>
+ <td><input type="text" name="subject"></td>
+ </tr>
+ <tr>
+ <td valign="top"><?=_("Message")?>:</td>
+ <td><textarea name="message" cols="70" rows="10"></textarea></td>
+ </tr>
<tr>
- <td colspan="2"><font color="#ff0000"><?=_("Warning: Please do not use \"send to mailing list\" when you entered confidential data. The request is being sent to a public mailinglist.")?></font></td>
<td colspan="2"><?=_("For confidential data use \"send to support\".")?></td>
</tr>
<tr>
- <td colspan="2"><input type="submit" name="process[0]" value="<?=_("Send to mailing list")?>"></td>
<td colspan="2"><input type="submit" name="process[1]" value="<?=_("Send to support")?>"></td>
</tr>
</table>
</form>
-
+<p><a href="https://lists.cacert.org/wws/info/cacert-support"><?=_("Click here to go to the Support List")?></a></p>
<p><b>IRC</b></p>
<p><a href="irc://irc.CAcert.org/CAcert">irc://irc.CAcert.org/CAcert</a></p>
<p><b>Secure IRC</b></p>
diff --git a/pages/account/41.php b/pages/account/41.php
index d61d8db..f644025 100644
--- a/pages/account/41.php
+++ b/pages/account/41.php
@@ -57,7 +57,7 @@ require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php');
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
- $lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='".mysql_escape_string($row['lang'])."'"));
+ $lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='".mysql_real_escape_string($row['lang'])."'"));
?>
<tr>
<td class="DataTD"><?=_("Additional Language")?>:</td>
diff --git a/pages/account/43.php b/pages/account/43.php
index e19c3fb..dfae9af 100644
--- a/pages/account/43.php
+++ b/pages/account/43.php
@@ -37,7 +37,7 @@ if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
{
$_REQUEST['userid'] = 0;
- $emailsearch = $email = mysql_real_escape_string(stripslashes($_REQUEST['email']));
+ $emailsearch = $email = mysql_real_escape_string(stripslashes(trim($_REQUEST['email'])));
//Disabled to speed up the queries
//if(!strstr($email, "%"))
@@ -136,8 +136,7 @@ if(intval($_REQUEST['userid']) > 0) {
if ($res) {
$trow = mysql_fetch_assoc($res);
if ($trow) {
- mysql_query("update `notary` set `deleted`=NOW() where `id`='".intval($assurance)."'");
- fix_assurer_flag($trow['to']);
+ revoke_assurance(intval($assurance),$trow['to']);
}
}
}
@@ -283,12 +282,6 @@ if(intval($_REQUEST['userid']) > 0) {
<td class="DataTD"><?=_("Ad Admin")?>:</td>
<td class="DataTD"><a href="account.php?id=43&amp;adadmin=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['adadmin'])?></a> (0 = none, 1 = submit, 2 = approve)</td>
</tr>
- <!-- presently not needed
- <tr>
- <td class="DataTD"><?=_("Tverify Account")?>:</td>
- <td class="DataTD"><a href="account.php?id=43&amp;tverify=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['tverify'])?></a></td>
- </tr>
- -->
<tr>
<td class="DataTD"><?=_("General Announcements")?>:</td>
<td class="DataTD"><a href="account.php?id=43&amp;general=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($alerts['general'])?></a></td>
diff --git a/pages/account/48.php b/pages/account/48.php
index 8cdd7ac..67f2520 100644
--- a/pages/account/48.php
+++ b/pages/account/48.php
@@ -26,6 +26,9 @@
<td class="DataTD"><input type="text" name="domain" value="<?=array_key_exists('domain',$_POST)?sanitizeHTML($_POST['domain']):''?>"></td>
</tr>
<tr>
+ <td class="DataTD" colspan="2"><?=_("For search by ID use # prefix e.g. #123456")?></td>
+ </tr>
+ <tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
</tr>
</table>
diff --git a/pages/account/49.php b/pages/account/49.php
index 0218fa0..e9973f2 100644
--- a/pages/account/49.php
+++ b/pages/account/49.php
@@ -19,44 +19,51 @@
$userid=0; if(array_key_exists('userid',$_GET)) $userid=intval($_GET['userid']);
if($userid <= 0)
{
- $domainsearch = $domain = mysql_escape_string(stripslashes($_POST['domain']));
- if(!strstr($domain, "%"))
+ $domainsearch = $domain = mysql_real_escape_string(trim(stripslashes($_POST['domain'])));
+ if(!strstr($domain, "%")) {
$domainsearch = "%$domain%";
- if(preg_match("/^\d+$/",$domain))
+ }
+
+ //check if request is id if not set search ID to -1
+ if(preg_match('/^#(\d+)$/', $domain, $match)) {
$domainsearch = "";
+ $domainid = intval($match[1]);
+ } else {
+ $domainid = -1;
+ }
+
$query = "select `users`.`id` as `id`, `domains`.`domain` as `domain`, `domains`.`id`as `domid` from `users`,`domains`
where `users`.`id`=`domains`.`memid` and
- (`domains`.`domain` like '$domainsearch' or `domains`.`id`='$domain') and
+ (`domains`.`domain` like '$domainsearch' or `domains`.`id`='$domainid') and
`domains`.`deleted`=0 and `users`.`deleted`=0 and
`users`.`verified`=1
group by `users`.`id` limit 100";
$res = mysql_query($query);
- if(mysql_num_rows($res) >= 1) { ?>
+ if(mysql_num_rows($res) > 1) { ?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="5" class="title"><?=_("Select Specific User Account Details")?></td>
</tr>
-<?
- while($row = mysql_fetch_assoc($res))
- { ?>
+<? while($row = mysql_fetch_assoc($res)) { ?>
<tr>
<td class="DataTD"><?=_("Domain")?>:</td>
<td class="DataTD"><?=$row['domid']?></td>
<td class="DataTD"><a href="account.php?id=43&amp;userid=<?=$row['id']?>"><?=sanitizeHTML($row['domain'])?></a></td>
</tr>
-<? } if(mysql_num_rows($res) >= 100) { ?>
+<? }
+ if(mysql_num_rows($res) >= 100) { ?>
<tr>
<td class="DataTD" colspan="3"><?=_("Only the first 100 rows are displayed.")?></td>
</tr>
-<? } else { ?>
+<? } else { ?>
<tr>
<td class="DataTD" colspan="3"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td>
</tr>
-<? } ?>
+<? } ?>
</table><br><br>
<? } elseif(mysql_num_rows($res) == 1) {
$row = mysql_fetch_assoc($res);
- $_GET['userid'] = intval($row['id']);
+ $userid = intval($row['id']);
} else {
?><table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
@@ -64,35 +71,33 @@
</tr>
</table><br><br><?
}
-
- $query = "select `orgid`,`domain`,`id` from `orgdomains` where `domain` like '$domainsearch' or `id`='$domain' limit 100";
+ $query = "select `orgid`,`domain`,`id` from `orgdomains` where `domain` like '$domainsearch' or `id`='$domainid' limit 100";
$res = mysql_query($query);
- if(mysql_num_rows($res) >= 1) { ?>
+ if(mysql_num_rows($res) > 1) { ?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="5" class="title"><?=_("Select Specific Organisation Account Details")?></td>
</tr>
-<?
- while($row = mysql_fetch_assoc($res))
- { ?>
+<? while($row = mysql_fetch_assoc($res)) { ?>
<tr>
<td class="DataTD"><?=_("Domain")?>:</td>
<td class="DataTD"><?=$row['id']?></td>
<td class="DataTD"><a href="account.php?id=26&amp;orgid=<?=intval($row['orgid'])?>"><?=sanitizeHTML($row['domain'])?></a></td>
</tr>
-<? } if(mysql_num_rows($res) >= 100) { ?>
+<? }
+ if(mysql_num_rows($res) >= 100) { ?>
<tr>
<td class="DataTD" colspan="3"><?=_("Only the first 100 rows are displayed.")?></td>
</tr>
-<? } else { ?>
+<? } else { ?>
<tr>
<td class="DataTD" colspan="3"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td>
</tr>
-<? } ?>
+<? } ?>
</table><br><br>
<? } elseif(mysql_num_rows($res) == 1) {
$row = mysql_fetch_assoc($res);
- $_GET['userid'] = intval($row['id']);
+ $userid = intval($row['id']);
} else {
?><table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
@@ -104,7 +109,7 @@
if($userid > 0)
{
- header("location: account.php?id=43&userid=".intval($_GET['userid']));
+ header("location: account.php?id=43&userid=".intval($userid));
exit;
}
?>
diff --git a/pages/account/51.php b/pages/account/51.php
deleted file mode 100644
index 7273840..0000000
--- a/pages/account/51.php
+++ /dev/null
@@ -1,34 +0,0 @@
-<? /*
- LibreSSL - CAcert web application
- Copyright (C) 2004-2008 CAcert Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<? if($_SESSION['profile']['tverify'] <= 0) { echo _("You don't have access to this area."); } else { ?>
-<?
- $uid = intval($_GET['photoid']);
- $query = "select * from `tverify` where `id`='$uid' and `modified`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0) { ?>
-<img src="account.php?id=51&amp;photoid=<?=$uid ?>&amp;img=show" border="0" width="800">
-<? } else {
- $query = "select * from `tverify` where `id`='$uid' and `modified`=1";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
- {
- echo _("This UID has already been voted on.");
- } else {
- echo _("Unable to locate a valid request for that UID.");
- }
- } } ?>
diff --git a/pages/account/52.php b/pages/account/52.php
deleted file mode 100644
index 6c00c26..0000000
--- a/pages/account/52.php
+++ /dev/null
@@ -1,105 +0,0 @@
-<? /*
- LibreSSL - CAcert web application
- Copyright (C) 2004-2008 CAcert Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/
-
-if($_SESSION['profile']['tverify'] <= 0) {
- echo _("You don't have access to this area.");
-} else {
- $uid = intval($_GET['uid']);
- $query = "select * from `tverify` where `id`='".intval($uid)."' and `modified`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0) {
- $row = mysql_fetch_assoc($res);
- $memid = intval($row['memid']);
-
- $query2 = "select * from `tverify-vote` where `tverify`='".intval($uid)."' and `memid`='".intval($_SESSION['profile']['id'])."'";
- $rc2 = mysql_num_rows(mysql_query($query2));
- if($rc2 > 0) {
- showheader(_("My CAcert.org Account!"));
- echo _("You have already voted on this request.");
- showfooter();
- exit;
- }
-
- $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($memid)."' and `deleted` = 0";
- $notary = mysql_fetch_assoc(mysql_query($query));
- $query = "select * from `users` where `id`='".intval($memid)."'";
- $user = mysql_fetch_assoc(mysql_query($query));
- $tobe = 50 - $notary['points'];
- if($row['URL'] != '' && $row['photoid'] != '') {
- $tobe = 150 - $notary['points'];
- } else if($row['URL'] != '') {
- $tobe = 90 - $notary['points'];
- }
- if(intval($tobe) <= 0) {
- $tobe = 0;
- }
-?>
-<?=_("Request Details")?>:<br>
-<?=_("Name on file")?>: <?=sanitizeHTML($user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix'])?><br>
-<?=_("Primary email address")?>: <?=sanitizeHTML($user['email'])." (".intval($user['id']).")"?><br>
-<?=_("Certificate Subject")?>: <?=sanitizeHTML($row['CN'])?><br>
-<? if($row['URL'] != '') { ?>
-<?=_("Notary URL")?>: <a href="<?=$row['URL']?>"><?=$row['URL']?></a><br>
-<? } ?>
-<? if($row['photoid'] != '') { ?>
-<?=_("Photo ID URL")?>: <a href="/account.php?id=51&amp;photoid=<?=intval($row['id'])?>"><?=_("Here")?></a><br>
-<? } ?>
-<?=_("Current Points")?>: <?=intval($notary['points'])?><br>
-<?=_("Potential Points")?>: <?=intval($tobe)?><br>
-<?=_("Date of Birth")?>: <?=$user['dob']?> (YYYY-MM-DD)<br>
-
-<br>
-<form method="post" action="account.php">
-<?=_("Comment")?>: <input type="text" name="comment"><br>
-<input type="submit" name="agree" value="<?=_("I agree with this Application")?>">
-<input type="submit" name="disagree" value="<?=_("I don't agree with this Application")?>">
-<input type="hidden" name="oldid" value="<?=intval($_GET['id'])?>">
-<input type="hidden" name="uid" value="<?=intval($uid)?>">
-</form>
-<?
- } else {
- $query = "select * from `tverify` where `id`='".intval($uid)."' and `modified`=1";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0) {
- echo _("This UID has already been voted on.")."<br/>";
- } else {
- if($uid) echo _("Unable to locate a valid request for that UID.")."<br/>";
- }
-
- // Search for open requests:
- $query = "select * from `tverify` where `modified`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) > 0) {
- echo "<br/>"._("The following requests are still open:")."<br/><ul>";
- while($row = mysql_fetch_assoc($res)) {
- $uid=intval($row['id']);
- $query3 = "select * from `tverify-vote` where `tverify`='".intval($uid)."' and `memid`='".intval($_SESSION['profile']['id'])."'";
- $rc3 = mysql_num_rows(mysql_query($query3));
- if($rc3 <= 0)
- {
- echo "<li><a href='account.php?id=52&amp;uid=".intval($row['id'])."'>".intval($row['id'])."</a></li>\n";
- }
- }
- echo "</ul>\n<br>\n";
- } else {
- echo "<br/>"._("There are no pending requests where you haven't voted yet.");
- }
- }
-}
-
-?>
diff --git a/pages/account/53.php b/pages/account/53.php
index cc9e2d6..1ec04b2 100644
--- a/pages/account/53.php
+++ b/pages/account/53.php
@@ -16,7 +16,7 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
<?
- $town = array_key_exists('town',$_REQUEST)?mysql_escape_string(stripslashes($_REQUEST['town'])):"";
+ $town = array_key_exists('town',$_REQUEST)?mysql_real_escape_string(stripslashes($_REQUEST['town'])):"";
$regid = array_key_exists('regid',$_REQUEST)?intval($_REQUEST['regid']):0;
$ccid = array_key_exists('ccid',$_REQUEST)?intval($_REQUEST['ccid']):0;
$start = array_key_exists('start',$_REQUEST)?intval($_REQUEST['start']):0;
diff --git a/pages/account/54.php b/pages/account/54.php
index 753b4af..35dce33 100644
--- a/pages/account/54.php
+++ b/pages/account/54.php
@@ -19,7 +19,7 @@
$ccid = array_key_exists('ccid',$_REQUEST)?intval($_REQUEST['ccid']):0;
$regid = array_key_exists('regid',$_REQUEST)?intval($_REQUEST['regid']):0;
$locid = array_key_exists('locid',$_REQUEST)?intval($_REQUEST['locid']):0;
- $name = array_key_exists('name',$_REQUEST)?mysql_escape_string($_REQUEST['name']):"";
+ $name = array_key_exists('name',$_REQUEST)?mysql_real_escape_string($_REQUEST['name']):"";
if($ccid > 0 && $_REQUEST['action'] == "add") { ?>
<form method="post" action="account.php">
diff --git a/pages/account/55.php b/pages/account/55.php
index 6793a71..24cc86d 100644
--- a/pages/account/55.php
+++ b/pages/account/55.php
@@ -1,113 +1,122 @@
-<? /*
- LibreSSL - CAcert web application
- Copyright (C) 2004-2008 CAcert Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<?
- if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST) || intval($_REQUEST['userid']) < 1) {
- $user_id = intval($_SESSION['profile']['id']);
-?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="5" class="title"><?=_("Your passed Tests")?></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("The list of tests you did pass at").' <a href="https://cats.cacert.org/">https://cats.cacert.org/</a>'?></td>
- </tr>
-</table>
-<?
- } else {
- $user_id = intval($_REQUEST['userid']);
- $query = "select * from `users` where `id`='$user_id' and `users`.`deleted`=0";
- $res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
- {
- echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!");
- } else {
- $row = mysql_fetch_assoc($res);
- }
-?>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="5" class="title"><?=_("Passed Tests of")." ".sanitizeHTML($row['fname'])." ".sanitizeHTML($row['mname'])." ".sanitizeHTML($row['lname'])?></td>
- </tr>
-</table>
-
-<?
- }
-?>
-<br>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td class="DataTD"><b><?=_("Date")?></b></td>
- <td class="DataTD"><b><?=_("Test")?></b></td>
- <td class="DataTD"><b><?=_("Variant")?></b></td>
- </tr>
-<?
- $query = "SELECT `CP`.`pass_date`, `CT`.`type_text`, `CV`.`test_text` ".
- " FROM `cats_passed` AS CP, `cats_variant` AS CV, `cats_type` AS CT ".
- " WHERE `CP`.`variant_id`=`CV`.`id` AND `CV`.`type_id`=`CT`.`id` AND `CP`.`user_id` ='".intval($user_id)."'".
- " ORDER BY `CP`.`pass_date`";
-
- $res = mysql_query($query);
-
- $HaveTest=0;
- while($row = mysql_fetch_array($res, MYSQL_NUM))
- {
- if ($row[1] == "Assurer Challenge") {
- $HaveTest=1;
- }
-?>
- <tr>
- <td class="DataTD"><?=sanitizeHTML($row[0])?></td>
- <td class="DataTD"><?=sanitizeHTML($row[1])?></td>
- <td class="DataTD"><?=sanitizeHTML($row[2])?></td>
- </tr>
-<? }
-?>
-</table>
-<br>
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
-<?
- if ($_SESSION['profile']['admin'] == 1 && array_key_exists('userid',$_REQUEST) && intval($_REQUEST['userid']) > 0) {
-?>
- <tr><td colspan="3" class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($user_id)?>">back</a></td></tr>
-<?
- } else {
- $query = 'SELECT `u`.id, `u`.`assurer`, SUM(`points`) FROM `users` AS `u`, `notary` AS `n` '.
- ' WHERE `u`.`id` = \''.(int)intval($_SESSION['profile']['id']).'\' AND `n`.`to` = `u`.`id` AND `expire` < now() and and `n`.`deleted` = 0'.
- ' GROUP BY `u`.id, `u`.`assurer`';
- $res = mysql_query($query);
- if (!$res) {
- print '<td colspan="3" class="DataTD">'._('Internal Error').'</td>'."\n";
- } else {
- $row = mysql_fetch_array($res, MYSQL_NUM);
- if ($HaveTest && ($row[2]>=100)) {
- if (!$row[1]) {
- // This should not happen...
- fix_assurer_flag($_SESSION['profile']['id']);
- }
-?> <td colspan="3" class="DataTD"><?=_("You have passed the Assurer Challenge and collected at least 100 Assurance Points, you are an Assurer.")?></td>
-<? } elseif (($row[2]>=100) && !$HaveTest) {
-?> <td colspan="3" class="DataTD"><?=_("You have at least 100 Assurance Points, if you want to become an assurer try the ").'<a href="https://cats.cacert.org">'._("Assurer Challenge").'</a>!'?></td>
-<? } elseif ($HaveTest && ($row[2]<100)) {
-?> <td colspan="3" class="DataTD"><?=_("You have passed the Assurer Challenge, but to become an Assurer you still have to reach 100 Assurance Points!")?></td>
-<? }
- }
- }
-?> </tr>
-</table>
-
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2008 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?
+ if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST) || intval($_REQUEST['userid']) < 1) {
+ $user_id = intval($_SESSION['profile']['id']);
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><?=_("Your passed Tests")?></td>
+ </tr>
+ <tr>
+ <td class="DataTD"><?=_("The list of tests you did pass at").' <a href="https://cats.cacert.org/">https://cats.cacert.org/</a>'?></td>
+ </tr>
+</table>
+<?
+ } else {
+ $user_id = intval($_REQUEST['userid']);
+ $query = "select * from `users` where `id`='$user_id' and `users`.`deleted`=0";
+ $res = mysql_query($query);
+ if(mysql_num_rows($res) <= 0)
+ {
+ echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!");
+ } else {
+ $row = mysql_fetch_assoc($res);
+ }
+?>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="5" class="title"><?=_("Passed Tests of")." ".sanitizeHTML($row['fname'])." ".sanitizeHTML($row['mname'])." ".sanitizeHTML($row['lname'])?></td>
+ </tr>
+</table>
+
+<?
+ }
+?>
+<br>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td class="DataTD"><b><?=_("Date")?></b></td>
+ <td class="DataTD"><b><?=_("Test")?></b></td>
+ <td class="DataTD"><b><?=_("Variant")?></b></td>
+ </tr>
+<?
+ $query = "SELECT `CP`.`pass_date`, `CT`.`type_text`, `CV`.`test_text` ".
+ " FROM `cats_passed` AS CP, `cats_variant` AS CV, `cats_type` AS CT ".
+ " WHERE `CP`.`variant_id`=`CV`.`id` AND `CV`.`type_id`=`CT`.`id` AND `CP`.`user_id` ='".intval($user_id)."'".
+ " ORDER BY `CP`.`pass_date`";
+
+ $res = mysql_query($query);
+
+ $HaveTest=0;
+ while($row = mysql_fetch_array($res, MYSQL_NUM))
+ {
+ if ($row[1] == "Assurer Challenge") {
+ $HaveTest=1;
+ }
+?>
+ <tr>
+ <td class="DataTD"><?=sanitizeHTML($row[0])?></td>
+ <td class="DataTD"><?=sanitizeHTML($row[1])?></td>
+ <td class="DataTD"><?=sanitizeHTML($row[2])?></td>
+ </tr>
+<? }
+?>
+</table>
+<br>
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+<?
+ if ($_SESSION['profile']['admin'] == 1 && array_key_exists('userid',$_REQUEST) && intval($_REQUEST['userid']) > 0) {
+?>
+ <tr><td colspan="3" class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($user_id)?>">back</a></td></tr>
+<?
+ } else {
+ $query = '
+ SELECT `u`.`id`,
+ `u`.`assurer`,
+ SUM(`points`)
+ FROM `users` AS `u`,
+ `notary` AS `n`
+ WHERE `u`.`id` = \''.intval($_SESSION['profile']['id']).'\'
+ AND `n`.`to` = `u`.`id`
+ AND `expire` < NOW()
+ AND `n`.`deleted` = 0
+ GROUP BY `u`.`id`, `u`.`assurer`
+ ';
+ $res = mysql_query($query);
+ if (!$res) {
+ print '<td colspan="3" class="DataTD">'._('Internal Error').'</td>'."\n";
+ } else {
+ $row = mysql_fetch_array($res, MYSQL_NUM);
+ if ($HaveTest && ($row[2]>=100)) {
+ if (!$row[1]) {
+ // This should not happen...
+ fix_assurer_flag($_SESSION['profile']['id']);
+ }
+?> <td colspan="3" class="DataTD"><?=_("You have passed the Assurer Challenge and collected at least 100 Assurance Points, you are an Assurer.")?></td>
+<? } elseif (($row[2]>=100) && !$HaveTest) {
+?> <td colspan="3" class="DataTD"><?=_("You have at least 100 Assurance Points, if you want to become an assurer try the ").'<a href="https://cats.cacert.org">'._("Assurer Challenge").'</a>!'?></td>
+<? } elseif ($HaveTest && ($row[2]<100)) {
+?> <td colspan="3" class="DataTD"><?=_("You have passed the Assurer Challenge, but to become an Assurer you still have to reach 100 Assurance Points!")?></td>
+<? }
+ }
+ }
+?> </tr>
+</table>
+
diff --git a/pages/account/56.php b/pages/account/56.php
index 348cc49..cabe8e0 100644
--- a/pages/account/56.php
+++ b/pages/account/56.php
@@ -1,41 +1,41 @@
-<? /*
-LibreSSL - CAcert web application
-Copyright (C) 2004-2008 CAcert Inc.
-
-This program is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; version 2 of the License.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program; if not, write to the Free Software
-Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<?=_("List of Organisation Assurers:")?>
-
-<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
- <tr>
- <td colspan="1" class="title"><?=_("Name")?></td>
- <td colspan="1" class="title"><?=_("Email")?></td>
- <td colspan="1" class="title"><?=_("Country")?></td>
- </tr>
- <?
- $query = "select users.fname,users.lname,users.email, countries.name from users left join countries on users.ccid=countries.id where orgadmin=1;";
- $res = mysql_query($query);
- while($row = mysql_fetch_assoc($res))
- {
- ?>
- <tr>
- <td><?=sanitizeHTML($row['fname'])." ".sanitizeHTML($row['lname'])?></td>
- <td><a href="mailto:<?=sanitizeHTML($row['email'])?>"><?=sanitizeHTML($row['email'])?></a></td>
- <td><?=sanitizeHTML($row['name'])?></td>
- </tr>
- <?
- }
-?>
-</table>
-
+<? /*
+LibreSSL - CAcert web application
+Copyright (C) 2004-2008 CAcert Inc.
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; version 2 of the License.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/ ?>
+<?=_("List of Organisation Assurers:")?>
+
+<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+ <tr>
+ <td colspan="1" class="title"><?=_("Name")?></td>
+ <td colspan="1" class="title"><?=_("Email")?></td>
+ <td colspan="1" class="title"><?=_("Country")?></td>
+ </tr>
+ <?
+ $query = "select users.fname,users.lname,users.email, countries.name from users left join countries on users.ccid=countries.id where orgadmin=1;";
+ $res = mysql_query($query);
+ while($row = mysql_fetch_assoc($res))
+ {
+ ?>
+ <tr>
+ <td><?=sanitizeHTML($row['fname'])." ".sanitizeHTML($row['lname'])?></td>
+ <td><a href="mailto:<?=sanitizeHTML($row['email'])?>"><?=sanitizeHTML($row['email'])?></a></td>
+ <td><?=sanitizeHTML($row['name'])?></td>
+ </tr>
+ <?
+ }
+?>
+</table>
+
diff --git a/pages/account/6.php b/pages/account/6.php
index 305fccb..fc21d39 100644
--- a/pages/account/6.php
+++ b/pages/account/6.php
@@ -60,7 +60,7 @@ if (array_key_exists('format', $_REQUEST)) {
}
$crtname=escapeshellarg($row['crt_name']);
- $cert = `/usr/bin/openssl x509 -in $crtname $outform`;
+ $cert = shell_exec("/usr/bin/openssl x509 -in $crtname $outform");
header("Content-Type: application/pkix-cert");
header("Content-Length: ".strlen($cert));
@@ -82,7 +82,7 @@ if (array_key_exists('format', $_REQUEST)) {
} else {
// All other browsers
$crtname=escapeshellarg($row['crt_name']);
- $cert = `/usr/bin/openssl x509 -in $crtname -outform DER`;
+ $cert = shell_exec("/usr/bin/openssl x509 -in $crtname -outform DER");
header("Content-Type: application/x-x509-user-cert");
header("Content-Length: ".strlen($cert));
@@ -111,10 +111,10 @@ if (array_key_exists('format', $_REQUEST)) {
// Allow to directly copy and paste the cert in PEM format
$crtname=escapeshellarg($row['crt_name']);
- $cert = `/usr/bin/openssl x509 -in $crtname -outform PEM`;
+ $cert = shell_exec("/usr/bin/openssl x509 -in $crtname -outform PEM");
echo "<pre>$cert</pre>";
+?>
- ?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("Information about the certificate")?></td>