Merge branch 'bug-1394' into testserver-stable
[cacert-devel.git] / pages / account / 43.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */
18
19 include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
20
21 $ticketno='';
22 $ticketvalidation=FALSE;
23
24 if (isset($_SESSION['ticketno'])) {
25 $ticketno = $_SESSION['ticketno'];
26 $ticketvalidation = valid_ticket_number($ticketno);
27 }
28 if (isset($_SESSION['ticketmsg'])) {
29 $ticketmsg = $_SESSION['ticketmsg'];
30 } else {
31 $ticketmsg = '';
32 }
33
34
35 // search for an account by email search, if more than one is found display list to choose
36 if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
37 {
38 $_REQUEST['userid'] = 0;
39
40 $emailsearch = $email = mysql_real_escape_string(stripslashes(trim($_REQUEST['email'])));
41
42 //Disabled to speed up the queries
43 //if(!strstr($email, "%"))
44 // $emailsearch = "%$email%";
45
46 // bug-975 ted+uli changes --- begin
47 if(preg_match("/^[0-9]+$/", $email)) {
48 // $email consists of digits only ==> search for IDs
49 // Be defensive here (outer join) if primary mail is not listed in email table
50 $query = "select `users`.`id` as `id`, `email`.`email` as `email`
51 from `users` left outer join `email` on (`users`.`id`=`email`.`memid`)
52 where (`email`.`id`='$email' or `users`.`id`='$email')
53 and `users`.`deleted`=0
54 group by `users`.`id` limit 100";
55 } else {
56 // $email contains non-digits ==> search for mail addresses
57 // Be defensive here (outer join) if primary mail is not listed in email table
58 $query = "select `users`.`id` as `id`, `email`.`email` as `email`
59 from `users` left outer join `email` on (`users`.`id`=`email`.`memid`)
60 where (`email`.`email` like '$emailsearch'
61 or `users`.`email` like '$emailsearch')
62 and `users`.`deleted`=0
63 group by `users`.`id` limit 100";
64 }
65 // bug-975 ted+uli changes --- end
66 $res = mysql_query($query);
67 if(mysql_num_rows($res) > 1) {
68 ?>
69 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
70 <tr>
71 <td colspan="5" class="title"><?=_("Select Specific Account Details")?></td>
72 </tr>
73 <tr>
74 <td class="DataTD"><?=_("User ID")?></td>
75 <td class="DataTD"><?=_("Email")?></td>
76 </tr>
77 <?
78 while($row = mysql_fetch_assoc($res))
79 {
80 ?>
81 <tr>
82 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>"><?=intval($row['id'])?></a></td>
83 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td>
84 </tr>
85 <?
86 }
87
88 if(mysql_num_rows($res) >= 100) {
89 ?>
90 <tr>
91 <td class="DataTD" colspan="2"><?=_("Only the first 100 rows are displayed.")?></td>
92 </tr>
93 <?
94 } else {
95 ?>
96 <tr>
97 <td class="DataTD" colspan="2"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td>
98 </tr>
99 <?
100 }
101 ?>
102 </table><br><br>
103 <?
104 } elseif(mysql_num_rows($res) == 1) {
105 $row = mysql_fetch_assoc($res);
106 $_REQUEST['userid'] = $row['id'];
107 } else {
108 printf(_("No users found matching %s"), sanitizeHTML($email));
109 }
110 }
111
112 // display user information for given user id
113 if(intval($_REQUEST['userid']) > 0) {
114 $userid = intval($_REQUEST['userid']);
115 $user_data_res =get_user_data($userid);
116 if(mysql_num_rows($user_data_res) <= 0) {
117 echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!");
118 } else {
119
120 //deletes an assurance
121 if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0 && $ticketvalidation == true)
122 {
123 if (!write_se_log($userid, $_SESSION['profile']['id'], 'SE assurance revoke', $ticketno)) {
124 $ticketmsg=_("Writing to the admin log failed. Can't continue.");
125 } else {
126 $assurance = intval($_REQUEST['assurance']);
127 $trow = 0;
128 $res = mysql_query("select `to` from `notary` where `id`='".intval($assurance)."' and `deleted` = 0");
129 if ($res) {
130 $trow = mysql_fetch_assoc($res);
131 if ($trow) {
132 revoke_assurance(intval($assurance),$trow['to']);
133 }
134 }
135 }
136 } elseif(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0 && $ticketvalidation == FALSE) {
137 $ticketmsg=_('No assurance revoked. Ticket number is missing!');
138 }
139
140 $row = mysql_fetch_assoc($user_data_res);
141 $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."' and `deleted` = 0";
142 $dres = mysql_query($query);
143 $drow = mysql_fetch_assoc($dres);
144 $alerts =get_alerts(intval($row['id']));
145
146 //display account data
147
148
149 //Ticket number
150 ?>
151
152 <form method="post" action="account.php?id=43&userid=<?=intval($_REQUEST['userid'])?>">
153 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
154 <tr>
155 <td colspan="2" class="title"><?=_('Ticket handling') ?></td>
156 </tr>
157 <tr>
158 <td class="DataTD"><?=_('Ticket no')?>:</td>
159 <td class="DataTD"><input type="text" name="ticketno" value="<?=sanitizeHTML($ticketno)?>"/></td>
160 </tr>
161 <tr>
162 <td colspan="2" class="DataTDError"><?=$ticketmsg?></td><?php $_SESSION['ticketmsg']='' ?>
163 </tr>
164 <tr>
165 <td colspan="2" ><input type="submit" value="<?=_('Set ticket number') ?>"></td>
166 </tr>
167 </table>
168 </form>
169 <br/>
170
171
172 <!-- display data table -->
173 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
174 <tr>
175 <td colspan="5" class="title"><? printf(_("%s's Account Details"), sanitizeHTML($row['email'])); ?></td>
176 </tr>
177 <tr>
178 <td class="DataTD"><?=_("Email")?>:</td>
179 <td class="DataTD"><?=sanitizeHTML($row['email'])?></td>
180 </tr>
181 <tr>
182 <td class="DataTD"><?=_("First Name")?>:</td>
183 <td class="DataTD"><form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to modify this DOB and/or last name?")?>')) return false;">
184 <input type="hidden" name="csrf" value="<?=make_csrf('admchangepers')?>" />
185 <input type="text" name="fname" value="<?=sanitizeHTML($row['fname'])?>">
186 </td>
187 </tr>
188 <tr>
189 <td class="DataTD"><?=_("Middle Name")?>:</td>
190 <td class="DataTD"><input type="text" name="mname" value="<?=sanitizeHTML($row['mname'])?>"></td>
191 </tr>
192 <tr>
193 <td class="DataTD"><?=_("Last Name")?>:</td>
194 <td class="DataTD"> <input type="hidden" name="oldid" value="43">
195 <input type="hidden" name="action" value="updatedob">
196 <input type="hidden" name="userid" value="<?=intval($userid)?>">
197 <input type="text" name="lname" value="<?=sanitizeHTML($row['lname'])?>">
198 </td>
199 </tr>
200 <tr>
201 <td class="DataTD"><?=_("Suffix")?>:</td>
202 <td class="DataTD"><input type="text" name="suffix" value="<?=sanitizeHTML($row['suffix'])?>"></td>
203 </tr>
204 <tr>
205 <td class="DataTD"><?=_("Date of Birth")?>:</td>
206 <td class="DataTD">
207 <?
208 $year = intval(substr($row['dob'], 0, 4));
209 $month = intval(substr($row['dob'], 5, 2));
210 $day = intval(substr($row['dob'], 8, 2));
211 ?>
212 <nobr>
213 <select name="day">
214 <?
215 for($i = 1; $i <= 31; $i++) {
216 echo "<option";
217 if($day == $i) {
218 echo " selected='selected'";
219 }
220 echo ">$i</option>";
221 }
222 ?>
223 </select>
224 <select name="month">
225 <?
226 for($i = 1; $i <= 12; $i++) {
227 echo "<option value='$i'";
228 if($month == $i)
229 echo " selected='selected'";
230 echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))."</option>";
231 }
232 ?>
233 </select>
234 <input type="text" name="year" value="<?=$year?>" size="4">
235 <input type="submit" value="Go">
236 <input type="hidden" name="ticketno" value="<?=sanitizeHTML($ticketno)?>"/>
237 </form>
238 </nobr>
239 </td>
240 </tr>
241
242 <? // list of flags ?>
243 <tr>
244 <td class="DataTD"><?=_("CCA accepted")?>:</td>
245 <td class="DataTD"><a href="account.php?id=57&amp;userid=<?=intval($row['id'])?>"><?=intval(get_user_agreement_status($row['id'], 'CCA')) ? _("Yes") : _("No") ?></a></td>
246 </tr>
247 <tr>
248 <td class="DataTD"><?=_("Trainings")?>:</td>
249 <td class="DataTD"><a href="account.php?id=55&amp;userid=<?=intval($row['id'])?>">show</a></td>
250 </tr>
251 <tr>
252 <td class="DataTD"><?=_("Is Assurer")?>:</td>
253 <td class="DataTD"><a href="account.php?id=43&amp;assurer=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admsetassuret')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['assurer'])?></a></td>
254 </tr>
255 <tr>
256 <td class="DataTD"><?=_("Blocked Assurer")?>:</td>
257 <td class="DataTD"><a href="account.php?id=43&amp;assurer_blocked=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['assurer_blocked'])?></a></td>
258 </tr>
259 <tr>
260 <td class="DataTD"><?=_("Account Locking")?>:</td>
261 <td class="DataTD"><a href="account.php?id=43&amp;locked=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admactlock')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['locked'])?></a></td>
262 </tr>
263 <tr>
264 <td class="DataTD"><?=_("Code Signing")?>:</td>
265 <td class="DataTD"><a href="account.php?id=43&amp;codesign=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admcodesign')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['codesign'])?></a></td>
266 </tr>
267 <tr>
268 <td class="DataTD"><?=_("Org Assurer")?>:</td>
269 <td class="DataTD"><a href="account.php?id=43&amp;orgadmin=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admorgadmin')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['orgadmin'])?></a></td>
270 </tr>
271 <tr>
272 <td class="DataTD"><?=_("TTP Admin")?>:</td>
273 <td class="DataTD"><a href="account.php?id=43&amp;ttpadmin=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admttpadmin')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['ttpadmin'])?></a></td>
274 </tr>
275 <tr>
276 <td class="DataTD"><?=_("Location Admin")?>:</td>
277 <td class="DataTD"><a href="account.php?id=43&amp;locadmin=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=$row['locadmin']?></a></td>
278 </tr>
279 <tr>
280 <td class="DataTD"><?=_("Admin")?>:</td>
281 <td class="DataTD"><a href="account.php?id=43&amp;admin=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admsetadmin')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['admin'])?></a></td>
282 </tr>
283 <tr>
284 <td class="DataTD"><?=_("Ad Admin")?>:</td>
285 <td class="DataTD"><a href="account.php?id=43&amp;adadmin=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['adadmin'])?></a> (0 = none, 1 = submit, 2 = approve)</td>
286 </tr>
287 <tr>
288 <td class="DataTD"><?=_("General Announcements")?>:</td>
289 <td class="DataTD"><a href="account.php?id=43&amp;general=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($alerts['general'])?></a></td>
290 </tr>
291 <tr>
292 <td class="DataTD"><?=_("Country Announcements")?>:</td>
293 <td class="DataTD"><a href="account.php?id=43&amp;country=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($alerts['country'])?></a></td>
294 </tr>
295 <tr>
296 <td class="DataTD"><?=_("Regional Announcements")?>:</td>
297 <td class="DataTD"><a href="account.php?id=43&amp;regional=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($alerts['regional'])?></a></td>
298 </tr>
299 <tr>
300 <td class="DataTD"><?=_("Within 200km Announcements")?>:</td>
301 <td class="DataTD"><a href="account.php?id=43&amp;radius=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($alerts['radius'])?></a></td>
302 </tr>
303 <? //change password, view secret questions and delete account section ?>
304 <tr>
305 <td class="DataTD"><?=_("Change Password")?>:</td>
306 <td class="DataTD"><a href="account.php?id=44&amp;userid=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Change Password")?></a></td>
307 </tr>
308 <tr>
309 <td class="DataTD"><?=_("Delete Account")?>:</td>
310 <td class="DataTD"><a href="account.php?id=50&amp;userid=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admdelaccount')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Delete Account")?></a></td>
311 </tr>
312 <?
313 // This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!!
314 if(array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==true) {
315 if (!write_se_log($userid, $_SESSION['profile']['id'], 'SE view lost password information', $ticketno)) {
316 ?>
317 <tr>
318 <td class="DataTD" colspan="2"><?=_("Writing to the admin log failed. Can't continue.")?></td>
319 </tr>
320 <tr>
321 <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>&amp;showlostpw=yes&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Show Lost Password Details")?></a></td>
322 </tr>
323 <?
324 } else {
325 $body = sprintf(_("Hi %s,"),$row['fname'])."\n\n";
326 $body .= sprintf(_("You receive this automatic mail becasue a supporter ".
327 "looked up your secret questions and answers for a forgotten ".
328 "password.\n\n".
329 "Time: %s\n\n".
330 "If you received this mail without a recognisable reason, ".
331 "there is a danger that an unauthorised person accessed your ".
332 "account, and you should promptly report this to support@cacert.org."),
333 date("Y-m-d H:i:s T"))."\n\n";
334
335 $body .= _("Best regards")."\n"._("CAcert Support");
336
337 sendmail($row['email'], "[CAcert.org] "._("Email Notification"), $body, "support@cacert.org", "", "", "CAcert Support");
338 ?>
339 <tr>
340 <td class="DataTD"><?=_("Lost Password")?> - Q1:</td>
341 <td class="DataTD"><?=sanitizeHTML($row['Q1'])?></td>
342 </tr>
343 <tr>
344 <td class="DataTD"><?=_("Lost Password")?> - A1:</td>
345 <td class="DataTD"><?=sanitizeHTML($row['A1'])?></td>
346 </tr>
347 <tr>
348 <td class="DataTD"><?=_("Lost Password")?> - Q2:</td>
349 <td class="DataTD"><?=sanitizeHTML($row['Q2'])?></td>
350 </tr>
351 <tr>
352 <td class="DataTD"><?=_("Lost Password")?> - A2:</td>
353 <td class="DataTD"><?=sanitizeHTML($row['A2'])?></td>
354 </tr>
355 <tr>
356 <td class="DataTD"><?=_("Lost Password")?> - Q3:</td>
357 <td class="DataTD"><?=sanitizeHTML($row['Q3'])?></td>
358 </tr>
359 <tr>
360 <td class="DataTD"><?=_("Lost Password")?> - A3:</td>
361 <td class="DataTD"><?=sanitizeHTML($row['A3'])?></td>
362 </tr>
363 <tr>
364 <td class="DataTD"><?=_("Lost Password")?> - Q4:</td>
365 <td class="DataTD"><?=sanitizeHTML($row['Q4'])?></td>
366 </tr>
367 <tr>
368 <td class="DataTD"><?=_("Lost Password")?> - A4:</td>
369 <td class="DataTD"><?=sanitizeHTML($row['A4'])?></td>
370 </tr>
371 <tr>
372 <td class="DataTD"><?=_("Lost Password")?> - Q5:</td>
373 <td class="DataTD"><?=sanitizeHTML($row['Q5'])?></td>
374 </tr>
375 <tr>
376 <td class="DataTD"><?=_("Lost Password")?> - A5:</td>
377 <td class="DataTD"><?=sanitizeHTML($row['A5'])?></td>
378 </tr>
379 <?
380 }
381 } elseif (array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==false) {
382 ?>
383 <tr>
384 <td class="DataTD" colspan="2"><?=_('No access granted. Ticket number is missing')?></td>
385 </tr>
386 <tr>
387 <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>&amp;showlostpw=yes&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Show Lost Password Details")?></a></td>
388 </tr>
389 <?
390 } else {
391 ?>
392 <tr>
393 <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>&amp;showlostpw=yes&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Show Lost Password Details")?></a></td>
394 </tr>
395 <? }
396
397 // list assurance points
398 ?>
399 <tr>
400 <td class="DataTD"><?=_("Assurance Points")?>:</td>
401 <td class="DataTD"><?=get_received_total_points(intval($row['id']))?></td>
402 </tr>
403 <?
404 // show account history
405 ?>
406 <tr>
407 <td class="DataTD" colspan="2"><a href="account.php?id=59&amp;oldid=43&amp;userid=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_('Show account history')?></a></td>
408 </tr>
409 </table>
410 <br/>
411 <?
412 //list secondary email addresses
413 $dres = get_email_addresses(intval($row['id']),$row['email']);
414 if(mysql_num_rows($dres) > 0) {
415 ?>
416 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
417 <tr>
418 <td colspan="5" class="title"><?=_("Alternate Verified Email Addresses")?></td>
419 </tr>
420 <?
421 while($drow = mysql_fetch_assoc($dres)) {
422 ?>
423 <tr>
424 <td class="DataTD"><?=_("Secondary Emails")?>:</td>
425 <td class="DataTD"><?=sanitizeHTML($drow['email'])?></td>
426 </tr>
427 <?
428 }
429 ?>
430 </table>
431 <br/>
432 <?
433 }
434
435 // list of domains
436 $dres=get_domains(intval($row['id']));
437 if(mysql_num_rows($dres) > 0) {
438 ?>
439 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
440 <tr>
441 <td colspan="5" class="title"><?=_("Verified Domains")?></td>
442 </tr>
443 <?
444 while($drow = mysql_fetch_assoc($dres)) {
445 ?>
446 <tr>
447 <td class="DataTD"><?=_("Domain")?>:</td>
448 <td class="DataTD"><?=sanitizeHTML($drow['domain'])?></td>
449 </tr>
450 <?
451 }
452 ?>
453 </table>
454 <br/>
455 <?
456 }
457 ?>
458 <? // Begin - Debug infos ?>
459 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
460 <tr>
461 <td colspan="2" class="title"><?=_("Account State")?></td>
462 </tr>
463
464 <?
465 // --- bug-975 begin ---
466 // potential db inconsistency like in a20110804.1
467 // Admin console -> don't list user account
468 // User login -> impossible
469 // Assurer, assure someone -> user displayed
470 /* regular user account search with regular settings
471
472 --- Admin Console find user query
473 $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email`
474 where `users`.`id`=`email`.`memid` and
475 (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and
476 `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0
477 group by `users`.`id` limit 100";
478 => requirements
479 1. email.hash = ''
480 2. email.deleted = 0
481 3. users.deleted = 0
482 4. email.email = primary-email (???) or'd
483 not covered by admin console find user routine, but may block users login
484 5. users.verified = 0|1
485 further "special settings"
486 6. users.locked (setting displayed in display form)
487 7. users.assurer_blocked (setting displayed in display form)
488
489 --- User login user query
490 select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
491 `password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0
492 => requirements
493 1. users.verified = 1
494 2. users.deleted = 0
495 3. users.locked = 0
496 4. users.email = primary-email
497
498 --- Assurer, assure someone find user query
499 select * from `users` where `email`='".mysql_real_escape_string(stripslashes($_POST['email']))."'
500 and `deleted`=0
501 => requirements
502 1. users.deleted = 0
503 2. users.email = primary-email
504
505 Admin User Assurer
506 bit Console Login assure someone
507
508 1. email.hash = '' Yes No No
509 2. email.deleted = 0 Yes No No
510 3. users.deleted = 0 Yes Yes Yes
511 4. users.verified = 1 No Yes No
512 5. users.locked = 0 No Yes No
513 6. users.email = prim-email No Yes Yes
514 7. email.email = prim-email Yes No No
515
516 full usable account needs all 7 requirements fulfilled
517 so if one setting isn't set/cleared there is an inconsistency either way
518 if eg email.email is not avail, admin console cannot open user info
519 but user can login and assurer can display user info
520 if user verified is not set to 1, admin console displays user record
521 but user cannot login, but assurer can search for the user and the data displays
522
523 consistency check:
524 1. search primary-email in users.email
525 2. search primary-email in email.email
526 3. userid = email.memid
527 4. check settings from table 1. - 5.
528
529 */
530
531 $inconsistency = 0;
532 $inconsistencydisp = "";
533 $inccause = "";
534
535 // current userid intval($row['id'])
536 $query = "select `email` as `uemail`, `deleted` as `udeleted`, `verified`, `locked`
537 from `users` where `id`='".intval($row['id'])."' ";
538 $dres = mysql_query($query);
539 $drow = mysql_fetch_assoc($dres);
540 $uemail = $drow['uemail'];
541 $udeleted = $drow['udeleted'];
542 $uverified = $drow['verified'];
543 $ulocked = $drow['locked'];
544
545 $query = "select `hash`, `email` as `eemail` from `email`
546 where `memid`='".intval($row['id'])."' and
547 `email` ='".$uemail."' and
548 `deleted` = 0";
549 $dres = mysql_query($query);
550 if ($drow = mysql_fetch_assoc($dres)) {
551 $drow['edeleted'] = 0;
552 } else {
553 // try if there are deleted entries
554 $query = "select `hash`, `deleted` as `edeleted`, `email` as `eemail` from `email`
555 where `memid`='".intval($row['id'])."' and
556 `email` ='".$uemail."'";
557 $dres = mysql_query($query);
558 $drow = mysql_fetch_assoc($dres);
559 }
560
561 if ($drow) {
562 $eemail = $drow['eemail'];
563 $edeleted = $drow['edeleted'];
564 $ehash = $drow['hash'];
565 if ($udeleted!=0) {
566 $inconsistency += 1;
567 $inccause .= (empty($inccause)?"":"<br>")._("Users record set to deleted");
568 }
569 if ($uverified!=1) {
570 $inconsistency += 2;
571 $inccause .= (empty($inccause)?"":"<br>")._("Users record verified not set");
572 }
573 if ($ulocked!=0) {
574 $inconsistency += 4;
575 $inccause .= (empty($inccause)?"":"<br>")._("Users record locked set");
576 }
577 if ($edeleted!=0) {
578 $inconsistency += 8;
579 $inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted");
580 }
581 if ($ehash!='') {
582 $inconsistency += 16;
583 $inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset");
584 }
585 } else {
586 $inconsistency = 32;
587 $inccause = _("Prim. email, Email record doesn't exist");
588 }
589 if ($inconsistency>0) {
590 // $inconsistencydisp = _("Yes");
591 ?>
592 <tr>
593 <td class="DataTD"><?=_("Account inconsistency")?>:</td>
594 <td class="DataTD"><?=$inccause?><br>code: <?=intval($inconsistency)?></td>
595 </tr>
596 <tr>
597 <td colspan="2" class="DataTD" style="max-width: 75ex;">
598 <?=_("Account inconsistency can cause problems in daily account operations and needs to be fixed manually through arbitration/critical team.")?>
599 </td>
600 </tr>
601 <?
602 }
603
604 // --- bug-975 end ---
605 ?>
606 </table>
607 <br />
608 <?
609 // End - Debug infos
610
611 // certificate overview
612 ?>
613
614 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
615 <tr>
616 <td colspan="6" class="title"><?=_("Certificates")?></td>
617 </tr>
618 <tr>
619 <td class="DataTD"><?=_("Cert Type")?>:</td>
620 <td class="DataTD"><?=_("Total")?></td>
621 <td class="DataTD"><?=_("Valid")?></td>
622 <td class="DataTD"><?=_("Expired")?></td>
623 <td class="DataTD"><?=_("Revoked")?></td>
624 <td class="DataTD"><?=_("Latest Expire")?></td>
625 </tr>
626 <!-- server certificates -->
627 <tr>
628 <td class="DataTD"><?=_("Server")?>:</td>
629 <?
630 $query = "
631 select COUNT(*) as `total`,
632 MAX(`domaincerts`.`expire`) as `maxexpire`
633 from `domains` inner join `domaincerts`
634 on `domains`.`id` = `domaincerts`.`domid`
635 where `domains`.`memid` = '".intval($row['id'])."'
636 ";
637 $dres = mysql_query($query);
638 $drow = mysql_fetch_assoc($dres);
639 $total = $drow['total'];
640
641 $maxexpire = "0000-00-00 00:00:00";
642 if ($drow['maxexpire']) {
643 $maxexpire = $drow['maxexpire'];
644 }
645
646 if($total > 0) {
647 $query = "
648 select COUNT(*) as `valid`
649 from `domains` inner join `domaincerts`
650 on `domains`.`id` = `domaincerts`.`domid`
651 where `domains`.`memid` = '".intval($row['id'])."'
652 and `revoked` = '0000-00-00 00:00:00'
653 and `expire` > NOW()
654 ";
655 $dres = mysql_query($query);
656 $drow = mysql_fetch_assoc($dres);
657 $valid = $drow['valid'];
658
659 $query = "
660 select COUNT(*) as `expired`
661 from `domains` inner join `domaincerts`
662 on `domains`.`id` = `domaincerts`.`domid`
663 where `domains`.`memid` = '".intval($row['id'])."'
664 and `expire` <= NOW()
665 ";
666 $dres = mysql_query($query);
667 $drow = mysql_fetch_assoc($dres);
668 $expired = $drow['expired'];
669
670 $query = "
671 select COUNT(*) as `revoked`
672 from `domains` inner join `domaincerts`
673 on `domains`.`id` = `domaincerts`.`domid`
674 where `domains`.`memid` = '".intval($row['id'])."'
675 and `revoked` != '0000-00-00 00:00:00'
676 ";
677 $dres = mysql_query($query);
678 $drow = mysql_fetch_assoc($dres);
679 $revoked = $drow['revoked'];
680 ?>
681 <td class="DataTD"><?=intval($total)?></td>
682 <td class="DataTD"><?=intval($valid)?></td>
683 <td class="DataTD"><?=intval($expired)?></td>
684 <td class="DataTD"><?=intval($revoked)?></td>
685 <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
686 <?
687 } else { // $total > 0
688 ?>
689 <td colspan="5" class="DataTD"><?=_("None")?></td>
690 <?
691 }
692 ?>
693 </tr>
694 <!-- client certificates -->
695 <tr>
696 <td class="DataTD"><?=_("Client")?>:</td>
697 <?
698 $query = "
699 select COUNT(*) as `total`, MAX(`expire`) as `maxexpire`
700 from `emailcerts`
701 where `memid` = '".intval($row['id'])."'
702 ";
703 $dres = mysql_query($query);
704 $drow = mysql_fetch_assoc($dres);
705 $total = $drow['total'];
706
707 $maxexpire = "0000-00-00 00:00:00";
708 if ($drow['maxexpire']) {
709 $maxexpire = $drow['maxexpire'];
710 }
711
712 if($total > 0) {
713 $query = "
714 select COUNT(*) as `valid`
715 from `emailcerts`
716 where `memid` = '".intval($row['id'])."'
717 and `revoked` = '0000-00-00 00:00:00'
718 and `expire` > NOW()
719 ";
720 $dres = mysql_query($query);
721 $drow = mysql_fetch_assoc($dres);
722 $valid = $drow['valid'];
723
724 $query = "
725 select COUNT(*) as `expired`
726 from `emailcerts`
727 where `memid` = '".intval($row['id'])."'
728 and `expire` <= NOW()
729 ";
730 $dres = mysql_query($query);
731 $drow = mysql_fetch_assoc($dres);
732 $expired = $drow['expired'];
733
734 $query = "
735 select COUNT(*) as `revoked`
736 from `emailcerts`
737 where `memid` = '".intval($row['id'])."'
738 and `revoked` != '0000-00-00 00:00:00'
739 ";
740 $dres = mysql_query($query);
741 $drow = mysql_fetch_assoc($dres);
742 $revoked = $drow['revoked'];
743 ?>
744 <td class="DataTD"><?=intval($total)?></td>
745 <td class="DataTD"><?=intval($valid)?></td>
746 <td class="DataTD"><?=intval($expired)?></td>
747 <td class="DataTD"><?=intval($revoked)?></td>
748 <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
749 <?
750 } else { // $total > 0
751 ?>
752 <td colspan="5" class="DataTD"><?=_("None")?></td>
753 <?
754 }
755 ?>
756 </tr>
757 <!-- gpg certificates -->
758 <tr>
759 <td class="DataTD"><?=_("GPG")?>:</td>
760 <?
761 $query = "
762 select COUNT(*) as `total`, MAX(`expire`) as `maxexpire`
763 from `gpg`
764 where `memid` = '".intval($row['id'])."'
765 ";
766 $dres = mysql_query($query);
767 $drow = mysql_fetch_assoc($dres);
768 $total = $drow['total'];
769
770 $maxexpire = "0000-00-00 00:00:00";
771 if ($drow['maxexpire']) {
772 $maxexpire = $drow['maxexpire'];
773 }
774
775 if($total > 0) {
776 $query = "
777 select COUNT(*) as `valid`
778 from `gpg`
779 where `memid` = '".intval($row['id'])."'
780 and `expire` > NOW()
781 ";
782 $dres = mysql_query($query);
783 $drow = mysql_fetch_assoc($dres);
784 $valid = $drow['valid'];
785
786 $query = "
787 select COUNT(*) as `expired`
788 from `gpg`
789 where `memid` = '".intval($row['id'])."'
790 and `expire` <= NOW()
791 ";
792 $dres = mysql_query($query);
793 $drow = mysql_fetch_assoc($dres);
794 $expired = $drow['expired'];
795 ?>
796 <td class="DataTD"><?=intval($total)?></td>
797 <td class="DataTD"><?=intval($valid)?></td>
798 <td class="DataTD"><?=intval($expired)?></td>
799 <td class="DataTD"></td>
800 <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
801 <?
802 } else { // $total > 0
803 ?>
804 <td colspan="5" class="DataTD"><?=_("None")?></td>
805 <?
806 }
807 ?>
808 </tr>
809 <!-- org server certificates -->
810 <tr>
811 <td class="DataTD"><a href="account.php?id=58&amp;userid=<?=intval($row['id'])?>"><?=_("Org Server")?></a>:</td>
812 <?
813 $query = "
814 select COUNT(*) as `total`,
815 MAX(`orgcerts`.`expire`) as `maxexpire`
816 from `orgdomaincerts` as `orgcerts` inner join `org`
817 on `orgcerts`.`orgid` = `org`.`orgid`
818 where `org`.`memid` = '".intval($row['id'])."'
819 ";
820 $dres = mysql_query($query);
821 $drow = mysql_fetch_assoc($dres);
822 $total = $drow['total'];
823
824 $maxexpire = "0000-00-00 00:00:00";
825 if ($drow['maxexpire']) {
826 $maxexpire = $drow['maxexpire'];
827 }
828
829 if($total > 0) {
830 $query = "
831 select COUNT(*) as `valid`
832 from `orgdomaincerts` as `orgcerts` inner join `org`
833 on `orgcerts`.`orgid` = `org`.`orgid`
834 where `org`.`memid` = '".intval($row['id'])."'
835 and `orgcerts`.`revoked` = '0000-00-00 00:00:00'
836 and `orgcerts`.`expire` > NOW()
837 ";
838 $dres = mysql_query($query);
839 $drow = mysql_fetch_assoc($dres);
840 $valid = $drow['valid'];
841
842 $query = "
843 select COUNT(*) as `expired`
844 from `orgdomaincerts` as `orgcerts` inner join `org`
845 on `orgcerts`.`orgid` = `org`.`orgid`
846 where `org`.`memid` = '".intval($row['id'])."'
847 and `orgcerts`.`expire` <= NOW()
848 ";
849 $dres = mysql_query($query);
850 $drow = mysql_fetch_assoc($dres);
851 $expired = $drow['expired'];
852
853 $query = "
854 select COUNT(*) as `revoked`
855 from `orgdomaincerts` as `orgcerts` inner join `org`
856 on `orgcerts`.`orgid` = `org`.`orgid`
857 where `org`.`memid` = '".intval($row['id'])."'
858 and `orgcerts`.`revoked` != '0000-00-00 00:00:00'
859 ";
860 $dres = mysql_query($query);
861 $drow = mysql_fetch_assoc($dres);
862 $revoked = $drow['revoked'];
863 ?>
864 <td class="DataTD"><?=intval($total)?></td>
865 <td class="DataTD"><?=intval($valid)?></td>
866 <td class="DataTD"><?=intval($expired)?></td>
867 <td class="DataTD"><?=intval($revoked)?></td>
868 <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
869 <?
870 } else { // $total > 0
871 ?>
872 <td colspan="5" class="DataTD"><?=_("None")?></td>
873 <?
874 }
875 ?>
876 </tr>
877 <!-- org client certificates -->
878 <tr>
879 <td class="DataTD"><?=_("Org Client")?>:</td>
880 <?
881 $query = "
882 select COUNT(*) as `total`,
883 MAX(`orgcerts`.`expire`) as `maxexpire`
884 from `orgemailcerts` as `orgcerts` inner join `org`
885 on `orgcerts`.`orgid` = `org`.`orgid`
886 where `org`.`memid` = '".intval($row['id'])."'
887 ";
888 $dres = mysql_query($query);
889 $drow = mysql_fetch_assoc($dres);
890 $total = $drow['total'];
891
892 $maxexpire = "0000-00-00 00:00:00";
893 if ($drow['maxexpire']) {
894 $maxexpire = $drow['maxexpire'];
895 }
896
897 if($total > 0) {
898 $query = "
899 select COUNT(*) as `valid`
900 from `orgemailcerts` as `orgcerts` inner join `org`
901 on `orgcerts`.`orgid` = `org`.`orgid`
902 where `org`.`memid` = '".intval($row['id'])."'
903 and `orgcerts`.`revoked` = '0000-00-00 00:00:00'
904 and `orgcerts`.`expire` > NOW()
905 ";
906 $dres = mysql_query($query);
907 $drow = mysql_fetch_assoc($dres);
908 $valid = $drow['valid'];
909
910 $query = "
911 select COUNT(*) as `expired`
912 from `orgemailcerts` as `orgcerts` inner join `org`
913 on `orgcerts`.`orgid` = `org`.`orgid`
914 where `org`.`memid` = '".intval($row['id'])."'
915 and `orgcerts`.`expire` <= NOW()
916 ";
917 $dres = mysql_query($query);
918 $drow = mysql_fetch_assoc($dres);
919 $expired = $drow['expired'];
920
921 $query = "
922 select COUNT(*) as `revoked`
923 from `orgemailcerts` as `orgcerts` inner join `org`
924 on `orgcerts`.`orgid` = `org`.`orgid`
925 where `org`.`memid` = '".intval($row['id'])."'
926 and `orgcerts`.`revoked` != '0000-00-00 00:00:00'
927 ";
928 $dres = mysql_query($query);
929 $drow = mysql_fetch_assoc($dres);
930 $revoked = $drow['revoked'];
931 ?>
932 <td class="DataTD"><?=intval($total)?></td>
933 <td class="DataTD"><?=intval($valid)?></td>
934 <td class="DataTD"><?=intval($expired)?></td>
935 <td class="DataTD"><?=intval($revoked)?></td>
936 <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
937 <?
938 } else { // $total > 0
939 ?>
940 <td colspan="5" class="DataTD"><?=_("None")?></td>
941 <?
942 }
943 ?>
944 </tr>
945 <tr>
946 <td colspan="6" class="title">
947 <form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to revoke all private certificates?")?>')) return false;">
948 <input type="hidden" name="action" value="revokecert">
949 <input type="hidden" name="oldid" value="43">
950 <input type="hidden" name="userid" value="<?=intval($userid)?>">
951 <input type="submit" value="<?=_('revoke certificates')?>">
952 <input type="hidden" name="ticketno" value="<?=sanitizeHTML($ticketno)?>"/>
953 </form>
954 </td>
955 </tr>
956 </table>
957 <br />
958 <? // list assurances ?>
959 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
960 <tr>
961 <td class="DataTD">
962 <a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>&amp;shownotary=assuredto&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Show Assurances the user got")?></a>
963 (<a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>&amp;shownotary=assuredto15&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("New calculation")?></a>)
964 </td>
965 </tr>
966 <tr>
967 <td class="DataTD">
968 <a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>&amp;shownotary=assuredby&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Show Assurances the user gave")?></a>
969 (<a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>&amp;shownotary=assuredby15&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("New calculation")?></a>)
970 </td>
971 </tr>
972 </table>
973 <?
974 // if(array_key_exists('assuredto',$_GET) && $_GET['assuredto'] == "yes") {
975
976
977 function showassuredto($ticketno)
978 {
979 ?>
980 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
981 <tr>
982 <td colspan="8" class="title"><?=_("Assurance Points")?></td>
983 </tr>
984 <tr>
985 <td class="DataTD"><b><?=_("ID")?></b></td>
986 <td class="DataTD"><b><?=_("Date")?></b></td>
987 <td class="DataTD"><b><?=_("Who")?></b></td>
988 <td class="DataTD"><b><?=_("Email")?></b></td>
989 <td class="DataTD"><b><?=_("Points")?></b></td>
990 <td class="DataTD"><b><?=_("Location")?></b></td>
991 <td class="DataTD"><b><?=_("Method")?></b></td>
992 <td class="DataTD"><b><?=_("Revoke")?></b></td>
993 </tr>
994 <?
995 $query = "select * from `notary` where `to`='".intval($_GET['userid'])."' and `deleted` = 0";
996 $dres = mysql_query($query);
997 $points = 0;
998 while($drow = mysql_fetch_assoc($dres)) {
999 $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['from'])."'"));
1000 $points += $drow['points'];
1001 ?>
1002 <tr>
1003 <td class="DataTD"><?=$drow['id']?></td>
1004 <td class="DataTD"><?=sanitizeHTML($drow['date'])?></td>
1005 <td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['fname'])." ".sanitizeHTML($fromuser['lname'])?></td>
1006 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td>
1007 <td class="DataTD"><?=intval($drow['points'])?></td>
1008 <td class="DataTD"><?=sanitizeHTML($drow['location'])?></td>
1009 <td class="DataTD"><?=sanitizeHTML($drow['method'])?></td>
1010 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>&amp;assurance=<?=intval($drow['id'])?>&amp;csrf=<?=make_csrf('admdelassurance')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),intval($drow['id']))?>');"><?=_("Revoke")?></a></td>
1011 </tr>
1012 <?
1013 }
1014 ?>
1015 <tr>
1016 <td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td>
1017 <td class="DataTD"><?=intval($points)?></td>
1018 <td class="DataTD" colspan="3">&nbsp;</td>
1019 </tr>
1020 </table>
1021 <?
1022 }
1023
1024 function showassuredby($ticketno)
1025 {
1026 ?>
1027 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
1028 <tr>
1029 <td colspan="8" class="title"><?=_("Assurance Points The User Issued")?></td>
1030 </tr>
1031 <tr>
1032 <td class="DataTD"><b><?=_("ID")?></b></td>
1033 <td class="DataTD"><b><?=_("Date")?></b></td>
1034 <td class="DataTD"><b><?=_("Who")?></b></td>
1035 <td class="DataTD"><b><?=_("Email")?></b></td>
1036 <td class="DataTD"><b><?=_("Points")?></b></td>
1037 <td class="DataTD"><b><?=_("Location")?></b></td>
1038 <td class="DataTD"><b><?=_("Method")?></b></td>
1039 <td class="DataTD"><b><?=_("Revoke")?></b></td>
1040 </tr>
1041 <?
1042 $query = "select * from `notary` where `from`='".intval($_GET['userid'])."' and `deleted` = 0";
1043 $dres = mysql_query($query);
1044 $points = 0;
1045 while($drow = mysql_fetch_assoc($dres)) {
1046 $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['to'])."'"));
1047 $points += intval($drow['points']);
1048 ?>
1049 <tr>
1050 <td class="DataTD"><?=intval($drow['id'])?></td>
1051 <td class="DataTD"><?=$drow['date']?></td>
1052 <td class="DataTD"><a href="wot.php?id=9&userid=<?=intval($drow['to'])?>"><?=sanitizeHTML($fromuser['fname']." ".$fromuser['lname'])?></td>
1053 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td>
1054 <td class="DataTD"><?=intval($drow['points'])?></td>
1055 <td class="DataTD"><?=sanitizeHTML($drow['location'])?></td>
1056 <td class="DataTD"><?=sanitizeHTML($drow['method'])?></td>
1057 <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['from'])?>&assurance=<?=intval($drow['id'])?>&amp;csrf=<?=make_csrf('admdelassurance')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),intval($drow['id']))?>');"><?=_("Revoke")?></a></td>
1058 </tr>
1059 <?
1060 }
1061 ?>
1062 <tr>
1063 <td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td>
1064 <td class="DataTD"><?=intval($points)?></td>
1065 <td class="DataTD" colspan="3">&nbsp;</td>
1066 </tr>
1067 </table>
1068 <?} ?>
1069 <br/><br/>
1070 <?
1071 } }
1072
1073 if(isset($_GET['shownotary'])) {
1074 switch($_GET['shownotary']) {
1075 case 'assuredto':
1076 showassuredto($ticketno);
1077 break;
1078 case 'assuredby':
1079 showassuredby($ticketno);
1080 break;
1081 case 'assuredto15':
1082 output_received_assurances(intval($_GET['userid']),1,$ticketno);
1083 break;
1084 case 'assuredby15':
1085 output_given_assurances(intval($_GET['userid']),1, $ticketno);
1086 break;
1087 }
1088 }