bug 1138: Added functionailty
[cacert-devel.git] / pages / account / 43.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */ ?>
18 <?
19 include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
20 $ticketno='';
21 $ticketvalidation=FALSE;
22
23 //check if a ticket number is entered
24 if (isset($_REQUEST['ticketno'])) {
25 $ticketno=trim(mysql_real_escape_string($_REQUEST['ticketno']));
26 $ticketvalidation=valid_ticket_number($ticketno);
27 if ($ticket==true) {
28 $_SESSION['ticketno']=$ticketno;
29 }
30 }
31 if (isset($_SESSION['ticketno'])) {
32 $ticketno=$_SESSION['ticketno'];
33 $ticketvalidation=TRUE;
34 }
35 if (isset($_SESSION['ticketmsg'])) {
36 $ticketmsg=$_SESSION['ticketmsg'];
37 } else {
38 $ticketmsg='';
39 }
40
41
42 //searches for a user account if no userid is given
43 if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
44 {
45 $emailsearch = $email = mysql_escape_string(stripslashes($_REQUEST['email']));
46
47 //Disabled to speed up the queries
48 //if(!strstr($email, "%"))
49 // $emailsearch = "%$email%";
50
51 // bug-975 ted+uli changes --- begin
52 if(preg_match("/^[0-9]+$/", $email)) {
53 // $email consists of digits only ==> search for IDs
54 // Be defensive here (outer join) if primary mail is not listed in email table
55 $query = "select `users`.`id` as `id`, `email`.`email` as `email`
56 from `users` left outer join `email` on (`users`.`id`=`email`.`memid`)
57 where (`email`.`id`='$email' or `users`.`id`='$email')
58 and `users`.`deleted`=0
59 group by `users`.`id` limit 100";
60 } else {
61 // $email contains non-digits ==> search for mail addresses
62 // Be defensive here (outer join) if primary mail is not listed in email table
63 $query = "select `users`.`id` as `id`, `email`.`email` as `email`
64 from `users` left outer join `email` on (`users`.`id`=`email`.`memid`)
65 where (`email`.`email` like '$emailsearch'
66 or `users`.`email` like '$emailsearch')
67 and `users`.`deleted`=0
68 group by `users`.`id` limit 100";
69 }
70 // bug-975 ted+uli changes --- end
71 $res = mysql_query($query);
72 if(mysql_num_rows($res) > 1) { ?>
73 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
74 <tr>
75 <td colspan="5" class="title"><?=_("Select Specific Account Details")?></td>
76 </tr>
77 <tr>
78 <td class="DataTD"><?=_("User ID")?></td>
79 <td class="DataTD"><?=_("Email")?></td>
80 </tr>
81 <?
82 while($row = mysql_fetch_assoc($res))
83 { ?>
84 <tr>
85 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>"><?=intval($row['id'])?></a></td>
86 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td>
87 </tr>
88 <? } if(mysql_num_rows($res) >= 100) { ?>
89 <tr>
90 <td class="DataTD" colspan="2"><?=_("Only the first 100 rows are displayed.")?></td>
91 </tr>
92 <? } else { ?>
93 <tr>
94 <td class="DataTD" colspan="2"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td>
95 </tr>
96 <? } ?>
97 </table><br><br>
98 <? } elseif(mysql_num_rows($res) == 1) {
99 $row = mysql_fetch_assoc($res);
100 $_REQUEST['userid'] = $row['id'];
101 } else {
102 printf(_("No users found matching %s"), sanitizeHTML($email));
103 }
104 }
105
106 //actions if a userid is present
107 if(intval($_REQUEST['userid']) > 0)
108 {
109 $uid = intval($_REQUEST['userid']);
110 $adminid=intval($_SESSION['profile']['id']);
111 $query = "select * from `users` where `id`='$uid' and `users`.`deleted`=0";
112 $res = mysql_query($query);
113 if(mysql_num_rows($res) <= 0)
114 {
115 echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
116 } else {
117 $row = mysql_fetch_assoc($res);
118 $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."'";
119 $dres = mysql_query($query);
120 $drow = mysql_fetch_assoc($dres);
121 $alerts = mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($row['id'])."'"));
122
123 //deletes an assurance
124 if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0 && $ticketvalidation==true)
125 {
126 $assurance = mysql_escape_string(intval($_REQUEST['assurance']));
127 $row = 0;
128 $res = mysql_query("select `to` from `notary` where `id`='$assurance'");
129 if ($res) {
130 $row = mysql_fetch_assoc($res);
131 }
132 mysql_query("delete from `notary` where `id`='$assurance'");
133 if ($row) {
134 fix_assurer_flag($row['to']);
135 write_se_log($uid, $adminid, 'AD block account', $ticketno);
136 }
137 } else {
138 $ticketmsg=_('No assurance revoked. Ticket number is missing!');
139 }
140 //Ticket number
141 ?>
142 <form method="post" action="account.php?id=43&userid=<?=$uid?>">
143 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
144 <tr>
145 <td colspan="2" class="title"><?=_('Ticket handling') ?></td>
146 </tr>
147 <tr>
148 <td class="DataTD"><?=_('Ticket no:')?>:</td>
149 <td class="DataTD"><input type="text" name="ticketno" value="<?=$ticketno?>"/></td>
150 </tr>
151 <tr>
152 <td colspan="2" ><?=$ticketmsg?></td>
153 <? $_SESSION['ticketmsg']='' ?>'
154 </tr>
155 <tr>
156 <td colspan="2" ><input type="submit" value="<?=_('Set ticket number') ?>"></td>
157 </tr>
158 </table>
159 </form>
160 <br/>
161
162 <!-- display data table -->
163
164 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
165 <tr>
166 <td colspan="5" class="title"><? printf(_("%s's Account Details"), sanitizeHTML($row['email'])); ?></td>
167 </tr>
168 <tr>
169 <td class="DataTD"><?=_("Email")?>:</td>
170 <td class="DataTD"><?=sanitizeHTML($row['email'])?></td>
171 </tr>
172 <tr>
173 <td class="DataTD"><?=_("First Name")?>:</td>
174 <td class="DataTD"><form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to modify this DOB and/or last name?")?>')) return false;">
175 <input type="hidden" name="csrf" value="<?=make_csrf('admchangepers')?>" />
176 <input type="text" name="fname" value="<?=sanitizeHTML($row['fname'])?>"></td>
177 </tr>
178 <tr>
179 <td class="DataTD"><?=_("Middle Name")?>:</td>
180 <td class="DataTD"><input type="text" name="mname" value="<?=sanitizeHTML($row['mname'])?>"></td>
181 </tr>
182 <tr>
183 <td class="DataTD"><?=_("Last Name")?>:</td>
184 <td class="DataTD"> <input type="hidden" name="oldid" value="43">
185 <input type="hidden" name="action" value="updatedob">
186 <input type="hidden" name="userid" value="<?=intval($uid)?>">
187 <input type="text" name="lname" value="<?=sanitizeHTML($row['lname'])?>"></td>
188 </tr>
189 <tr>
190 <td class="DataTD"><?=_("Suffix")?>:</td>
191 <td class="DataTD"><input type="text" name="suffix" value="<?=sanitizeHTML($row['suffix'])?>"></td>
192 </tr>
193 <tr>
194 <td class="DataTD"><?=_("Date of Birth")?>:</td>
195 <td class="DataTD">
196 <?
197 $year = intval(substr($row['dob'], 0, 4));
198 $month = intval(substr($row['dob'], 5, 2));
199 $day = intval(substr($row['dob'], 8, 2));
200 ?><nobr><select name="day">
201 <?
202 for($i = 1; $i <= 31; $i++)
203 {
204 echo "<option";
205 if($day == $i)
206 echo " selected='selected'";
207 echo ">$i</option>";
208 }
209 ?>
210 </select>
211 <select name="month">
212 <?
213 for($i = 1; $i <= 12; $i++)
214 {
215 echo "<option value='$i'";
216 if($month == $i)
217 echo " selected='selected'";
218 echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))."</option>";
219 }
220 ?>
221 </select>
222 <input type="text" name="year" value="<?=$year?>" size="4">
223 <input type="submit" value="Go"></form></nobr></td>
224 </tr>
225 <tr>
226 <td class="DataTD"><?=_("Trainings")?>:</td>
227 <td class="DataTD"><a href="account.php?id=55&amp;userid=<?=intval($row['id'])?>">show</a></td>
228 </tr>
229 <tr>
230 <td class="DataTD"><?=_("Is Assurer")?>:</td>
231 <td class="DataTD"><a href="account.php?id=43&amp;assurer=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admsetassuret')?>"><?=$row['assurer']?></a></td>
232 </tr>
233 <tr>
234 <td class="DataTD"><?=_("Blocked Assurer")?>:</td>
235 <td class="DataTD"><a href="account.php?id=43&amp;assurer_blocked=<?=intval($row['id'])?>"><?=$row['assurer_blocked']?></a></td>
236 </tr>
237 <tr>
238 <td class="DataTD"><?=_("Account Locking")?>:</td>
239 <td class="DataTD"><a href="account.php?id=43&amp;locked=<?=$row['id']?>&amp;csrf=<?=make_csrf('admactlock')?>"><?=$row['locked']?></a></td>
240 </tr>
241 <tr>
242 <td class="DataTD"><?=_("Code Signing")?>:</td>
243 <td class="DataTD"><a href="account.php?id=43&amp;codesign=<?=$row['id']?>&amp;csrf=<?=make_csrf('admcodesign')?>"><?=$row['codesign']?></a></td>
244 </tr>
245 <tr>
246 <td class="DataTD"><?=_("Org Assurer")?>:</td>
247 <td class="DataTD"><a href="account.php?id=43&amp;orgadmin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admorgadmin')?>"><?=$row['orgadmin']?></a></td>
248 </tr>
249 <tr>
250 <td class="DataTD"><?=_("TTP Admin")?>:</td>
251 <td class="DataTD"><a href="account.php?id=43&amp;ttpadmin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admttpadmin')?>"><?=$row['ttpadmin']?></a></td>
252 </tr>
253 <tr>
254 <td class="DataTD"><?=_("Location Admin")?>:</td>
255 <td class="DataTD"><a href="account.php?id=43&amp;locadmin=<?=$row['id']?>"><?=$row['locadmin']?></a></td>
256 </tr>
257 <tr>
258 <td class="DataTD"><?=_("Admin")?>:</td>
259 <td class="DataTD"><a href="account.php?id=43&amp;admin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admsetadmin')?>"><?=$row['admin']?></a></td>
260 </tr>
261 <tr>
262 <td class="DataTD"><?=_("Ad Admin")?>:</td>
263 <td class="DataTD"><a href="account.php?id=43&amp;adadmin=<?=$row['id']?>"><?=$row['adadmin']?></a> (0 = none, 1 = submit, 2 = approve)</td>
264 </tr>
265 <!---presently not needed
266 <tr>
267 <td class="DataTD"><?=_("Tverify Account")?>:</td>
268 <td class="DataTD"><a href="account.php?id=43&amp;tverify=<?=$row['id']?>"><?=$row['tverify']?></a></td>
269 </tr> -->
270 <tr>
271 <td class="DataTD"><?=_("General Announcements")?>:</td>
272 <td class="DataTD"><a href="account.php?id=43&amp;general=<?=$row['id']?>"><?=$alerts['general']?></a></td>
273 </tr>
274 <tr>
275 <td class="DataTD"><?=_("Country Announcements")?>:</td>
276 <td class="DataTD"><a href="account.php?id=43&amp;country=<?=$row['id']?>"><?=$alerts['country']?></a></td>
277 </tr>
278 <tr>
279 <td class="DataTD"><?=_("Regional Announcements")?>:</td>
280 <td class="DataTD"><a href="account.php?id=43&amp;regional=<?=$row['id']?>"><?=$alerts['regional']?></a></td>
281 </tr>
282 <tr>
283 <td class="DataTD"><?=_("Within 200km Announcements")?>:</td>
284 <td class="DataTD"><a href="account.php?id=43&amp;radius=<?=$row['id']?>"><?=$alerts['radius']?></a></td>
285 </tr>
286 <tr>
287 <td class="DataTD"><?=_("Change Password")?>:</td>
288 <td class="DataTD"><a href="account.php?id=44&amp;userid=<?=$row['id']?>"><?=_("Change Password")?></a></td>
289 </tr>
290 <tr>
291 <td class="DataTD"><?=_("Delete Account")?>:</td>
292 <td class="DataTD"><a href="account.php?id=50&amp;userid=<?=$row['id']?>&amp;csrf=<?=make_csrf('admdelaccount')?>"><?=_("Delete Account")?></a></td>
293 </tr>
294 <?
295 // This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!!
296 if(array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==true) {
297 write_se_log($uid, $adminid, 'AD view lost password information', $ticketno);
298 ?>
299 <tr>
300 <td class="DataTD"><?=_("Lost Password")?> - Q1:</td>
301 <td class="DataTD"><?=sanitizeHTML($row['Q1'])?></td>
302 </tr>
303 <tr>
304 <td class="DataTD"><?=_("Lost Password")?> - A1:</td>
305 <td class="DataTD"><?=sanitizeHTML($row['A1'])?></td>
306 </tr>
307 <tr>
308 <td class="DataTD"><?=_("Lost Password")?> - Q2:</td>
309 <td class="DataTD"><?=sanitizeHTML($row['Q2'])?></td>
310 </tr>
311 <tr>
312 <td class="DataTD"><?=_("Lost Password")?> - A2:</td>
313 <td class="DataTD"><?=sanitizeHTML($row['A2'])?></td>
314 </tr>
315 <tr>
316 <td class="DataTD"><?=_("Lost Password")?> - Q3:</td>
317 <td class="DataTD"><?=sanitizeHTML($row['Q3'])?></td>
318 </tr>
319 <tr>
320 <td class="DataTD"><?=_("Lost Password")?> - A3:</td>
321 <td class="DataTD"><?=sanitizeHTML($row['A3'])?></td>
322 </tr>
323 <tr>
324 <td class="DataTD"><?=_("Lost Password")?> - Q4:</td>
325 <td class="DataTD"><?=sanitizeHTML($row['Q4'])?></td>
326 </tr>
327 <tr>
328 <td class="DataTD"><?=_("Lost Password")?> - A4:</td>
329 <td class="DataTD"><?=sanitizeHTML($row['A4'])?></td>
330 </tr>
331 <tr>
332 <td class="DataTD"><?=_("Lost Password")?> - Q5:</td>
333 <td class="DataTD"><?=sanitizeHTML($row['Q5'])?></td>
334 </tr>
335 <tr>
336 <td class="DataTD"><?=_("Lost Password")?> - A5:</td>
337 <td class="DataTD"><?=sanitizeHTML($row['A5'])?></td>
338 </tr>
339 <? } elseif (array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==false) {
340 ?>
341 <tr>
342 <td class="DataTD" colspan="2"><?=_('No access granted. Ticket number is missing')?></td>
343 </tr>
344 <tr>
345 <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;showlostpw=yes"><?=_("Show Lost Password Details")?></a></td>
346 </tr>
347 <?}else { ?>
348 <tr>
349 <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;showlostpw=yes"><?=_("Show Lost Password Details")?></a></td>
350 </tr>
351 <? } ?>
352 <tr>
353 <td class="DataTD"><?=_("Assurance Points")?>:</td>
354 <td class="DataTD"><?=intval($drow['points'])?></td>
355 </tr>
356 </table>
357 <br><?
358 $query = "select * from `email` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`=''
359 and `email`!='".mysql_escape_string($row['email'])."'";
360 $dres = mysql_query($query);
361 if(mysql_num_rows($dres) > 0) { ?>
362 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
363 <tr>
364 <td colspan="5" class="title"><?=_("Alternate Verified Email Addresses")?></td>
365 </tr><?
366 $rc = mysql_num_rows($dres);
367 while($drow = mysql_fetch_assoc($dres))
368 { ?>
369 <tr>
370 <td class="DataTD"><?=_("Secondary Emails")?>:</td>
371 <td class="DataTD"><?=sanitizeHTML($drow['email'])?></td>
372 </tr>
373 <? } ?>
374 </table>
375 <br>
376 <? } ?>
377 <?
378 $query = "select * from `domains` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`=''";
379 $dres = mysql_query($query);
380 if(mysql_num_rows($dres) > 0) { ?>
381 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
382 <tr>
383 <td colspan="5" class="title"><?=_("Verified Domains")?></td>
384 </tr><?
385 $rc = mysql_num_rows($dres);
386 while($drow = mysql_fetch_assoc($dres))
387 { ?>
388 <tr>
389 <td class="DataTD"><?=_("Domain")?>:</td>
390 <td class="DataTD"><?=sanitizeHTML($drow['domain'])?></td>
391 </tr>
392 <? } ?>
393 </table>
394 <br>
395 <? } ?>
396 <? // Begin - Debug infos ?>
397 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
398 <tr>
399 <td colspan="2" class="title"><?=_("Account State")?></td>
400 </tr>
401
402 <?
403 // --- bug-975 begin ---
404 // potential db inconsistency like in a20110804.1
405 // Admin console -> don't list user account
406 // User login -> impossible
407 // Assurer, assure someone -> user displayed
408 /* regular user account search with regular settings
409
410 --- Admin Console find user query
411 $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email`
412 where `users`.`id`=`email`.`memid` and
413 (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and
414 `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0
415 group by `users`.`id` limit 100";
416 => requirements
417 1. email.hash = ''
418 2. email.deleted = 0
419 3. users.deleted = 0
420 4. email.email = primary-email (???) or'd
421 not covered by admin console find user routine, but may block users login
422 5. users.verified = 0|1
423 further "special settings"
424 6. users.locked (setting displayed in display form)
425 7. users.assurer_blocked (setting displayed in display form)
426
427 --- User login user query
428 select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
429 `password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0
430 => requirements
431 1. users.verified = 1
432 2. users.deleted = 0
433 3. users.locked = 0
434 4. users.email = primary-email
435
436 --- Assurer, assure someone find user query
437 select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."'
438 and `deleted`=0
439 => requirements
440 1. users.deleted = 0
441 2. users.email = primary-email
442 Admin User Assurer
443 bit Console Login assure someone
444
445 1. email.hash = '' Yes No No
446 2. email.deleted = 0 Yes No No
447 3. users.deleted = 0 Yes Yes Yes
448 4. users.verified = 1 No Yes No
449 5. users.locked = 0 No Yes No
450 6. users.email = prim-email No Yes Yes
451 7. email.email = prim-email Yes No No
452
453 full usable account needs all 7 requirements fulfilled
454 so if one setting isn't set/cleared there is an inconsistency either way
455 if eg email.email is not avail, admin console cannot open user info
456 but user can login and assurer can display user info
457 if user verified is not set to 1, admin console displays user record
458 but user cannot login, but assurer can search for the user and the data displays
459
460 consistency check:
461 1. search primary-email in users.email
462 2. search primary-email in email.email
463 3. userid = email.memid
464 4. check settings from table 1. - 5.
465
466 */
467
468 $inconsistency = 0;
469 $inconsistencydisp = "";
470 $inccause = "";
471 // current userid intval($row['id'])
472 $query = "select `email` as `uemail`, `deleted` as `udeleted`, `verified`, `locked`
473 from `users` where `id`='".intval($row['id'])."' ";
474 $dres = mysql_query($query);
475 $drow = mysql_fetch_assoc($dres);
476 $uemail = $drow['uemail'];
477 $udeleted = $drow['udeleted'];
478 $uverified = $drow['verified'];
479 $ulocked = $drow['locked'];
480
481 $query = "select `hash`, `email` as `eemail` from `email`
482 where `memid`='".intval($row['id'])."' and
483 `email` ='".$uemail."' and
484 `deleted` = 0";
485 $dres = mysql_query($query);
486 if ($drow = mysql_fetch_assoc($dres)) {
487 $drow['edeleted'] = 0;
488 } else {
489 // try if there are deleted entries
490 $query = "select `hash`, `deleted` as `edeleted`, `email` as `eemail` from `email`
491 where `memid`='".intval($row['id'])."' and
492 `email` ='".$uemail."'";
493 $dres = mysql_query($query);
494 $drow = mysql_fetch_assoc($dres);
495 }
496
497 if ($drow) {
498 $eemail = $drow['eemail'];
499 $edeleted = $drow['edeleted'];
500 $ehash = $drow['hash'];
501 if ($udeleted!=0) {
502 $inconsistency += 1;
503 $inccause .= (empty($inccause)?"":"<br>")._("Users record set to deleted");
504 }
505 if ($uverified!=1) {
506 $inconsistency += 2;
507 $inccause .= (empty($inccause)?"":"<br>")._("Users record verified not set");
508 }
509 if ($ulocked!=0) {
510 $inconsistency += 4;
511 $inccause .= (empty($inccause)?"":"<br>")._("Users record locked set");
512 }
513 if ($edeleted!=0) {
514 $inconsistency += 8;
515 $inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted");
516 }
517 if ($ehash!='') {
518 $inconsistency += 16;
519 $inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset");
520 }
521 } else {
522 $inconsistency = 32;
523 $inccause = _("Prim. email, Email record doesn't exist");
524 }
525 if ($inconsistency>0) {
526 // $inconsistencydisp = _("Yes");
527 ?>
528 <tr>
529 <td class="DataTD"><?=_("Account inconsistency")?>:</td>
530 <td class="DataTD"><?=$inccause?><br>code: <?=$inconsistency?></td>
531 </tr>
532 <tr>
533 <td colspan="2" class="DataTD" style="max-width: 75ex">
534 <?=_("Account inconsistency can cause problems in daily account ".
535 "operations and needs to be fixed manually through arbitration/critical ".
536 "team.")?>
537 </td>
538 </tr>
539 <? }
540
541 // --- bug-975 end ---
542 ?>
543 </table>
544 <br>
545 <?
546 // End - Debug infos
547 ?>
548
549 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
550 <tr>
551 <td colspan="6" class="title"><?=_("Certificates")?></td>
552 </tr>
553
554 <tr>
555 <td class="DataTD"><?=_("Cert Type")?>:</td>
556 <td class="DataTD"><?=_("Total")?></td>
557 <td class="DataTD"><?=_("Valid")?></td>
558 <td class="DataTD"><?=_("Expired")?></td>
559 <td class="DataTD"><?=_("Revoked")?></td>
560 <td class="DataTD"><?=_("Latest Expire")?></td>
561 </tr>
562
563 <tr>
564 <td class="DataTD"><?=_("Server")?>:</td>
565 <?
566 $query = "select COUNT(*) as `total`,
567 MAX(`domaincerts`.`expire`) as `maxexpire`
568 from `domains` inner join `domaincerts`
569 on `domains`.`id` = `domaincerts`.`domid`
570 where `domains`.`memid` = '".intval($row['id'])."' ";
571 $dres = mysql_query($query);
572 $drow = mysql_fetch_assoc($dres);
573 $total = $drow['total'];
574
575 $maxexpire = "0000-00-00 00:00:00";
576 if ($drow['maxexpire']) {
577 $maxexpire = $drow['maxexpire'];
578 }
579
580 if($total > 0) {
581 $query = "select COUNT(*) as `valid`
582 from `domains` inner join `domaincerts`
583 on `domains`.`id` = `domaincerts`.`domid`
584 where `domains`.`memid` = '".intval($row['id'])."'
585 and `revoked` = '0000-00-00 00:00:00'
586 and `expire` > NOW()";
587 $dres = mysql_query($query);
588 $drow = mysql_fetch_assoc($dres);
589 $valid = $drow['valid'];
590
591 $query = "select COUNT(*) as `expired`
592 from `domains` inner join `domaincerts`
593 on `domains`.`id` = `domaincerts`.`domid`
594 where `domains`.`memid` = '".intval($row['id'])."'
595 and `expire` <= NOW()";
596 $dres = mysql_query($query);
597 $drow = mysql_fetch_assoc($dres);
598 $expired = $drow['expired'];
599
600 $query = "select COUNT(*) as `revoked`
601 from `domains` inner join `domaincerts`
602 on `domains`.`id` = `domaincerts`.`domid`
603 where `domains`.`memid` = '".intval($row['id'])."'
604 and `revoked` != '0000-00-00 00:00:00'";
605 $dres = mysql_query($query);
606 $drow = mysql_fetch_assoc($dres);
607 $revoked = $drow['revoked'];
608 ?>
609 <td class="DataTD"><?=intval($total)?></td>
610 <td class="DataTD"><?=intval($valid)?></td>
611 <td class="DataTD"><?=intval($expired)?></td>
612 <td class="DataTD"><?=intval($revoked)?></td>
613 <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?
614 substr($maxexpire, 0, 10) : _("Pending")?></td>
615 <?
616 } else { // $total > 0
617 ?>
618 <td colspan="5" class="DataTD"><?=_("None")?></td>
619 <?
620 } ?>
621 </tr>
622
623 <tr>
624 <td class="DataTD"><?=_("Client")?>:</td>
625 <?
626 $query = "select COUNT(*) as `total`, MAX(`expire`) as `maxexpire`
627 from `emailcerts`
628 where `memid` = '".intval($row['id'])."' ";
629 $dres = mysql_query($query);
630 $drow = mysql_fetch_assoc($dres);
631 $total = $drow['total'];
632
633 $maxexpire = "0000-00-00 00:00:00";
634 if ($drow['maxexpire']) {
635 $maxexpire = $drow['maxexpire'];
636 }
637
638 if($total > 0) {
639 $query = "select COUNT(*) as `valid`
640 from `emailcerts`
641 where `memid` = '".intval($row['id'])."'
642 and `revoked` = '0000-00-00 00:00:00'
643 and `expire` > NOW()";
644 $dres = mysql_query($query);
645 $drow = mysql_fetch_assoc($dres);
646 $valid = $drow['valid'];
647
648 $query = "select COUNT(*) as `expired`
649 from `emailcerts`
650 where `memid` = '".intval($row['id'])."'
651 and `expire` <= NOW()";
652 $dres = mysql_query($query);
653 $drow = mysql_fetch_assoc($dres);
654 $expired = $drow['expired'];
655
656 $query = "select COUNT(*) as `revoked`
657 from `emailcerts`
658 where `memid` = '".intval($row['id'])."'
659 and `revoked` != '0000-00-00 00:00:00'";
660 $dres = mysql_query($query);
661 $drow = mysql_fetch_assoc($dres);
662 $revoked = $drow['revoked'];
663 ?>
664 <td class="DataTD"><?=intval($total)?></td>
665 <td class="DataTD"><?=intval($valid)?></td>
666 <td class="DataTD"><?=intval($expired)?></td>
667 <td class="DataTD"><?=intval($revoked)?></td>
668 <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?
669 substr($maxexpire, 0, 10) : _("Pending")?></td>
670 <?
671 } else { // $total > 0
672 ?>
673 <td colspan="5" class="DataTD"><?=_("None")?></td>
674 <?
675 } ?>
676 </tr>
677
678 <tr>
679 <td class="DataTD"><?=_("GPG")?>:</td>
680 <?
681 $query = "select COUNT(*) as `total`, MAX(`expire`) as `maxexpire`
682 from `gpg`
683 where `memid` = '".intval($row['id'])."' ";
684 $dres = mysql_query($query);
685 $drow = mysql_fetch_assoc($dres);
686 $total = $drow['total'];
687
688 $maxexpire = "0000-00-00 00:00:00";
689 if ($drow['maxexpire']) {
690 $maxexpire = $drow['maxexpire'];
691 }
692
693 if($total > 0) {
694 $query = "select COUNT(*) as `valid`
695 from `gpg`
696 where `memid` = '".intval($row['id'])."'
697 and `expire` > NOW()";
698 $dres = mysql_query($query);
699 $drow = mysql_fetch_assoc($dres);
700 $valid = $drow['valid'];
701
702 $query = "select COUNT(*) as `expired`
703 from `emailcerts`
704 where `memid` = '".intval($row['id'])."'
705 and `expire` <= NOW()";
706 $dres = mysql_query($query);
707 $drow = mysql_fetch_assoc($dres);
708 $expired = $drow['expired'];
709
710 ?>
711 <td class="DataTD"><?=intval($total)?></td>
712 <td class="DataTD"><?=intval($valid)?></td>
713 <td class="DataTD"><?=intval($expired)?></td>
714 <td class="DataTD"></td>
715 <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?
716 substr($maxexpire, 0, 10) : _("Pending")?></td>
717 <?
718 } else { // $total > 0
719 ?>
720 <td colspan="5" class="DataTD"><?=_("None")?></td>
721 <?
722 } ?>
723 </tr>
724
725 <tr>
726 <td class="DataTD"><?=_("Org Server")?>:</td>
727 <?
728 $query = "select COUNT(*) as `total`,
729 MAX(`orgcerts`.`expire`) as `maxexpire`
730 from `orgdomaincerts` as `orgcerts` inner join `org`
731 on `orgcerts`.`orgid` = `org`.`orgid`
732 where `org`.`memid` = '".intval($row['id'])."' ";
733 $dres = mysql_query($query);
734 $drow = mysql_fetch_assoc($dres);
735 $total = $drow['total'];
736
737 $maxexpire = "0000-00-00 00:00:00";
738 if ($drow['maxexpire']) {
739 $maxexpire = $drow['maxexpire'];
740 }
741
742 if($total > 0) {
743 $query = "select COUNT(*) as `valid`
744 from `orgdomaincerts` as `orgcerts` inner join `org`
745 on `orgcerts`.`orgid` = `org`.`orgid`
746 where `org`.`memid` = '".intval($row['id'])."'
747 and `orgcerts`.`revoked` = '0000-00-00 00:00:00'
748 and `orgcerts`.`expire` > NOW()";
749 $dres = mysql_query($query);
750 $drow = mysql_fetch_assoc($dres);
751 $valid = $drow['valid'];
752
753 $query = "select COUNT(*) as `expired`
754 from `orgdomaincerts` as `orgcerts` inner join `org`
755 on `orgcerts`.`orgid` = `org`.`orgid`
756 where `org`.`memid` = '".intval($row['id'])."'
757 and `orgcerts`.`expire` <= NOW()";
758 $dres = mysql_query($query);
759 $drow = mysql_fetch_assoc($dres);
760 $expired = $drow['expired'];
761
762 $query = "select COUNT(*) as `revoked`
763 from `orgdomaincerts` as `orgcerts` inner join `org`
764 on `orgcerts`.`orgid` = `org`.`orgid`
765 where `org`.`memid` = '".intval($row['id'])."'
766 and `orgcerts`.`revoked` != '0000-00-00 00:00:00'";
767 $dres = mysql_query($query);
768 $drow = mysql_fetch_assoc($dres);
769 $revoked = $drow['revoked'];
770 ?>
771 <td class="DataTD"><?=intval($total)?></td>
772 <td class="DataTD"><?=intval($valid)?></td>
773 <td class="DataTD"><?=intval($expired)?></td>
774 <td class="DataTD"><?=intval($revoked)?></td>
775 <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?
776 substr($maxexpire, 0, 10) : _("Pending")?></td>
777 <?
778 } else { // $total > 0
779 ?>
780 <td colspan="5" class="DataTD"><?=_("None")?></td>
781 <?
782 } ?>
783 </tr>
784
785 <tr>
786 <td class="DataTD"><?=_("Org Client")?>:</td>
787 <?
788 $query = "select COUNT(*) as `total`,
789 MAX(`orgcerts`.`expire`) as `maxexpire`
790 from `orgemailcerts` as `orgcerts` inner join `org`
791 on `orgcerts`.`orgid` = `org`.`orgid`
792 where `org`.`memid` = '".intval($row['id'])."' ";
793 $dres = mysql_query($query);
794 $drow = mysql_fetch_assoc($dres);
795 $total = $drow['total'];
796
797 $maxexpire = "0000-00-00 00:00:00";
798 if ($drow['maxexpire']) {
799 $maxexpire = $drow['maxexpire'];
800 }
801
802 if($total > 0) {
803 $query = "select COUNT(*) as `valid`
804 from `orgemailcerts` as `orgcerts` inner join `org`
805 on `orgcerts`.`orgid` = `org`.`orgid`
806 where `org`.`memid` = '".intval($row['id'])."'
807 and `orgcerts`.`revoked` = '0000-00-00 00:00:00'
808 and `orgcerts`.`expire` > NOW()";
809 $dres = mysql_query($query);
810 $drow = mysql_fetch_assoc($dres);
811 $valid = $drow['valid'];
812
813 $query = "select COUNT(*) as `expired`
814 from `orgemailcerts` as `orgcerts` inner join `org`
815 on `orgcerts`.`orgid` = `org`.`orgid`
816 where `org`.`memid` = '".intval($row['id'])."'
817 and `orgcerts`.`expire` <= NOW()";
818 $dres = mysql_query($query);
819 $drow = mysql_fetch_assoc($dres);
820 $expired = $drow['expired'];
821
822 $query = "select COUNT(*) as `revoked`
823 from `orgemailcerts` as `orgcerts` inner join `org`
824 on `orgcerts`.`orgid` = `org`.`orgid`
825 where `org`.`memid` = '".intval($row['id'])."'
826 and `orgcerts`.`revoked` != '0000-00-00 00:00:00'";
827 $dres = mysql_query($query);
828 $drow = mysql_fetch_assoc($dres);
829 $revoked = $drow['revoked'];
830 ?>
831 <td class="DataTD"><?=intval($total)?></td>
832 <td class="DataTD"><?=intval($valid)?></td>
833 <td class="DataTD"><?=intval($expired)?></td>
834 <td class="DataTD"><?=intval($revoked)?></td>
835 <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?
836 substr($maxexpire, 0, 10) : _("Pending")?></td>
837 <?
838 } else { // $total > 0
839 ?>
840 <td colspan="5" class="DataTD"><?=_("None")?></td>
841 <?
842 } ?>
843 </tr>
844 </table>
845 <br>
846
847 <a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredto"><?=_("Show Assurances the user got")?></a>
848 (<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredto15"><?=_("New calculation")?></a>)
849 <br />
850 <a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredby"><?=_("Show Assurances the user gave")?></a>
851 (<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredby15"><?=_("New calculation")?></a>)
852 <br />
853
854 <?
855 // if(array_key_exists('assuredto',$_GET) && $_GET['assuredto'] == "yes") {
856
857 function showassuredto()
858 {
859 ?>
860 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
861 <tr>
862 <td colspan="8" class="title"><?=_("Assurance Points")?></td>
863 </tr>
864 <tr>
865 <td class="DataTD"><b><?=_("ID")?></b></td>
866 <td class="DataTD"><b><?=_("Date")?></b></td>
867 <td class="DataTD"><b><?=_("Who")?></b></td>
868 <td class="DataTD"><b><?=_("Email")?></b></td>
869 <td class="DataTD"><b><?=_("Points")?></b></td>
870 <td class="DataTD"><b><?=_("Location")?></b></td>
871 <td class="DataTD"><b><?=_("Method")?></b></td>
872 <td class="DataTD"><b><?=_("Revoke")?></b></td>
873 </tr>
874 <?
875 $query = "select * from `notary` where `to`='".intval($_GET['userid'])."'";
876 $dres = mysql_query($query);
877 $points = 0;
878 while($drow = mysql_fetch_assoc($dres))
879 {
880 $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['from'])."'"));
881 $points += $drow['points'];
882 ?>
883 <tr>
884 <td class="DataTD"><?=$drow['id']?></td>
885 <td class="DataTD"><?=sanitizeHTML($drow['date'])?></td>
886 <td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['fname'])." ".sanitizeHTML($fromuser['lname'])?></td>
887 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td>
888 <td class="DataTD"><?=intval($drow['points'])?></td>
889 <td class="DataTD"><?=sanitizeHTML($drow['location'])?></td>
890 <td class="DataTD"><?=sanitizeHTML($drow['method'])?></td>
891 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>&amp;assurance=<?=intval($drow['id'])?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a></td>
892 </tr>
893 <? } ?>
894 <tr>
895 <td class="DataTD" colspan="2"><b><?=_("Total Points")?>:</b></td>
896 <td class="DataTD"><?=$points?></td>
897 <td class="DataTD" colspan="3">&nbsp;</td>
898 </tr>
899 </table>
900 <? } ?>
901
902 <?
903 function showassuredby()
904 {
905 ?>
906 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
907 <tr>
908 <td colspan="8" class="title"><?=_("Assurance Points The User Issued")?></td>
909 </tr>
910 <tr>
911 <td class="DataTD"><b><?=_("ID")?></b></td>
912 <td class="DataTD"><b><?=_("Date")?></b></td>
913 <td class="DataTD"><b><?=_("Who")?></b></td>
914 <td class="DataTD"><b><?=_("Email")?></b></td>
915 <td class="DataTD"><b><?=_("Points")?></b></td>
916 <td class="DataTD"><b><?=_("Location")?></b></td>
917 <td class="DataTD"><b><?=_("Method")?></b></td>
918 <td class="DataTD"><b><?=_("Revoke")?></b></td>
919 </tr>
920 <?
921 $query = "select * from `notary` where `from`='".intval($_GET['userid'])."'";
922 $dres = mysql_query($query);
923 $points = 0;
924 while($drow = mysql_fetch_assoc($dres))
925 {
926 $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$drow['to']."'"));
927 $points += $drow['points'];
928 ?>
929 <tr>
930 <td class="DataTD"><?=$drow['id']?></td>
931 <td class="DataTD"><?=$drow['date']?></td>
932 <td class="DataTD"><a href="wot.php?id=9&userid=<?=$drow['to']?>"><?=$fromuser['fname']." ".$fromuser['lname']?></td>
933 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td>
934 <td class="DataTD"><?=$drow['points']?></td>
935 <td class="DataTD"><?=$drow['location']?></td>
936 <td class="DataTD"><?=$drow['method']?></td>
937 <td class="DataTD"><a href="account.php?id=43&userid=<?=$drow['from']?>&assurance=<?=$drow['id']?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a></td>
938 </tr>
939 <? } ?>
940 <tr>
941 <td class="DataTD" colspan="2"><b><?=_("Total Points")?>:</b></td>
942 <td class="DataTD"><?=$points?></td>
943 <td class="DataTD" colspan="3">&nbsp;</td>
944 </tr>
945 </table>
946 <? } ?>
947 <br><br>
948 <? } }
949
950 switch ($_GET['shownotary'])
951 {
952 case 'assuredto': showassuredto();
953 break;
954 case 'assuredby': showassuredby();
955 break;
956 case 'assuredto15': output_received_assurances(intval($_GET['userid']),1);
957 break;
958 case 'assuredby15': output_given_assurances(intval($_GET['userid']),1);
959 break;
960 }
961
962
963 ?>