summaryrefslogtreecommitdiff
path: root/pages/wot/10.php
diff options
context:
space:
mode:
authorMichael Tänzer <neo@nhng.de>2014-12-04 18:26:23 +0100
committerMichael Tänzer <neo@nhng.de>2014-12-04 18:26:23 +0100
commitb0904b2bda37b292fa5d29d5d3b7ec64d100ad16 (patch)
treea10f5fb0dfefccc4bbf5890d02f273ef770ba4b6 /pages/wot/10.php
parentc7c4d077688807bcbec21e11d0aeb0af9ebfbd30 (diff)
downloadcacert-b0904b2bda37b292fa5d29d5d3b7ec64d100ad16.tar.gz
cacert-b0904b2bda37b292fa5d29d5d3b7ec64d100ad16.tar.xz
cacert-b0904b2bda37b292fa5d29d5d3b7ec64d100ad16.zip
Source code taken from cacert-20141124.tar.bz2HEADmaster
Diffstat (limited to 'pages/wot/10.php')
-rw-r--r--pages/wot/10.php30
1 files changed, 15 insertions, 15 deletions
diff --git a/pages/wot/10.php b/pages/wot/10.php
index bc76a86..b5e146c 100644
--- a/pages/wot/10.php
+++ b/pages/wot/10.php
@@ -24,7 +24,7 @@
<td colspan="5" class="title"><?=_("Assurer Ranking")?></td>
</tr>
<tr>
-<?
+<?// the rank calculation is not adjusted to the new deletion method
$query = "SELECT `users`. *, count(*) AS `list` FROM `users`, `notary`
WHERE `users`.`id` = `notary`.`from` AND `notary`.`from` != `notary`.`to`
AND `from`='".intval($_SESSION['profile']['id'])."' GROUP BY `notary`.`from`";
@@ -36,8 +36,8 @@
WHERE `users`.`id` = `notary`.`from` AND `notary`.`from` != `notary`.`to`
GROUP BY `notary`.`from` HAVING count(*) > '$rc' ORDER BY `notary`.`when` DESC";
*/
- $query = "SELECT count(*) AS `list` FROM `users`
- inner join `notary` on `users`.`id` = `notary`.`from`
+ $query = "SELECT count(*) AS `list` FROM `users`
+ inner join `notary` on `users`.`id` = `notary`.`from`
GROUP BY `notary`.`from` HAVING count(*) > '$rc'";
$rank = mysql_num_rows(mysql_query($query)) + 1;
@@ -64,18 +64,18 @@
<td class="DataTD"><b><?=_("Method")?></b></td>
</tr>
<?
- $query = "select * from `notary` where `to`='".intval($_SESSION['profile']['id'])."'";
+ $query = "select `id`, `date`, `from`, `points`, `location`, `method` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted`=0";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
- $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($row['from'])."'"));
+ $fromuser = mysql_fetch_assoc(mysql_query("select `fname`, `lname` from `users` where `id`='".intval($row['from'])."'"));
?>
<tr>
- <td class="DataTD"><?=$row['id']?></td>
+ <td class="DataTD"><?=intval($row['id'])?></td>
<td class="DataTD"><?=$row['date']?></td>
- <td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($row['from'])?>"><?=$fromuser['fname']." ".$fromuser['lname']?></td>
- <td class="DataTD"><?=$row['points']?></td>
- <td class="DataTD"><?=$row['location']?></td>
+ <td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($row['from'])?>"><?=sanitizeHTML(trim($fromuser['fname']." ".$fromuser['lname']))?></td>
+ <td class="DataTD"><?=intval($row['points'])?></td>
+ <td class="DataTD"><?=sanitizeHTML($row['location'])?></td>
<td class="DataTD"><?=_(sprintf("%s", $row['method']))?></td>
</tr>
<?
@@ -114,30 +114,30 @@ if ($thawte)
</tr>
<?
$points = 0;
- $query = "select * from `notary` where `from`='".intval($_SESSION['profile']['id'])."' and `to`!='".intval($_SESSION['profile']['id'])."'";
+ $query = "select `id`, `date`, `points`, `to`, `location`, `method` from `notary` where `from`='".intval($_SESSION['profile']['id'])."' and `to`!='".intval($_SESSION['profile']['id'])."' and `deleted`=0" ;
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
- $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($row['to'])."'"));
- $points += $row['points'];
+ $fromuser = mysql_fetch_assoc(mysql_query("select `fname`, `lname` from `users` where `id`='".intval($row['to'])."'"));
+ $points += intval($row['points']);
$name = trim($fromuser['fname']." ".$fromuser['lname']);
if($name == "")
$name = _("Deleted before Verification");
else
- $name = "<a href='wot.php?id=9&amp;userid=".intval($row['to'])."'>$name</a>";
+ $name = "<a href='wot.php?id=9&amp;userid=".intval($row['to'])."'>".sanitizeHTML($name)."</a>";
?>
<tr>
<td class="DataTD"><?=intval($row['id'])?></td>
<td class="DataTD"><?=$row['date']?></td>
<td class="DataTD"><?=$name?></td>
<td class="DataTD"><?=intval($row['points'])?></td>
- <td class="DataTD"><?=$row['location']?></td>
+ <td class="DataTD"><?=sanitizeHTML($row['location'])?></td>
<td class="DataTD"><?=$row['method']==""?"":_(sprintf("%s", $row['method']))?></td>
</tr>
<? } ?>
<tr>
<td class="DataTD" colspan="3"><b><?=_("Total Points Issued")?>:</b></td>
- <td class="DataTD"><?=$points?></td>
+ <td class="DataTD"><?=intval($points)?></td>
<td class="DataTD" colspan="2">&nbsp;</td>
</tr>
</table>