diff options
Diffstat (limited to 'www')
| -rw-r--r-- | www/cats/cats_import.php | 5 | ||||
| -rw-r--r-- | www/index.php | 2 | ||||
| -rw-r--r-- | www/wot.php | 12 |
3 files changed, 14 insertions, 5 deletions
diff --git a/www/cats/cats_import.php b/www/cats/cats_import.php index 6d77a75..56dd0cf 100644 --- a/www/cats/cats_import.php +++ b/www/cats/cats_import.php @@ -24,6 +24,8 @@ API for CATS to import passed tests into main CAcert database. */ +require_once('../../includes/lib/account.php'); + function sanitize_string($buffer) { return htmlentities(utf8_decode($buffer), (int)ENQ_QUOTES); } @@ -154,8 +156,7 @@ if (!$query) { } // Update Assurer-Flag on users table if 100 points. Should the number of points be SUM(points) or SUM(awarded)? -$query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 1 WHERE `u`.`id` = \''.(int)intval($userID).'\' AND EXISTS(SELECT 1 FROM `cats_passed` AS `tp` WHERE `tp`.`user_id` = `u`.`id`) AND (SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` AND `expire` < now()) >= 100;'); // Challenge has been passed and non-expired points >= 100 -if (!$query) { +if (!fix_assurer_flag($userID)) { echo 'Invalid query'."\r\n"; trigger_error('Invalid query', E_USER_ERROR); exit(); diff --git a/www/index.php b/www/index.php index 13e8dc6..7330877 100644 --- a/www/index.php +++ b/www/index.php @@ -332,6 +332,8 @@ $_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."<br>"; $_SESSION['_config']['oldlocation'] = "account.php?id=13"; } + if (checkpwlight($pword) < 3) + $_SESSION['_config']['oldlocation'] = "account.php?id=14&force=1"; if($_SESSION['_config']['oldlocation'] != "") header("location: https://".$_SERVER['HTTP_HOST']."/".$_SESSION['_config']['oldlocation']); else diff --git a/www/wot.php b/www/wot.php index 2bd4622..7fa572f 100644 --- a/www/wot.php +++ b/www/wot.php @@ -206,9 +206,15 @@ if($oldid == 6) { $max = maxpoints(); - $awarded = $newpoints = intval($_POST['points']); - if($newpoints > $max) - $newpoints = $max; + + if (intval($_POST['points']) > $max) { + $awarded = $newpoints = $max; + } elseif (intval($_POST['points']) < 0) { + $awarded = $newpoints = 0; + } else { + $awarded = $newpoints = intval($_POST['points']); + } + $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`"; $res = mysql_query($query); $drow = mysql_fetch_assoc($res); |