Source code taken from cacert-20111007.tar.bz2
[cacert-devel.git] / pages / account / 43.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */ ?>
18 <?
19 include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
20
21
22 if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0)
23 {
24 $assurance = mysql_escape_string(intval($_REQUEST['assurance']));
25 $row = 0;
26 $res = mysql_query("select `to` from `notary` where `id`='$assurance'");
27 if ($res) {
28 $row = mysql_fetch_assoc($res);
29 }
30 mysql_query("delete from `notary` where `id`='$assurance'");
31 if ($row) {
32 fix_assurer_flag($row['to']);
33 }
34 }
35
36 if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
37 {
38 $emailsearch = $email = mysql_escape_string(stripslashes($_REQUEST['email']));
39
40 //Disabled to speed up the queries
41 //if(!strstr($email, "%"))
42 // $emailsearch = "%$email%";
43
44 if(intval($email) > 0)
45 $emailsearch = "";
46
47 $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email`
48 where `users`.`id`=`email`.`memid` and
49 (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and
50 `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0
51 group by `users`.`id` limit 100";
52 $res = mysql_query($query);
53 if(mysql_num_rows($res) > 1) { ?>
54 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
55 <tr>
56 <td colspan="5" class="title"><?=_("Select Specific Account Details")?></td>
57 </tr>
58 <tr>
59 <td class="DataTD"><?=_("User ID")?></td>
60 <td class="DataTD"><?=_("Email")?></td>
61 </tr>
62 <?
63 while($row = mysql_fetch_assoc($res))
64 { ?>
65 <tr>
66 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>"><?=intval($row['id'])?></a></td>
67 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td>
68 </tr>
69 <? } if(mysql_num_rows($res) >= 100) { ?>
70 <tr>
71 <td class="DataTD" colspan="2"><?=_("Only the first 100 rows are displayed.")?></td>
72 </tr>
73 <? } else { ?>
74 <tr>
75 <td class="DataTD" colspan="2"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td>
76 </tr>
77 <? } ?>
78 </table><br><br>
79 <? } elseif(mysql_num_rows($res) == 1) {
80 $row = mysql_fetch_assoc($res);
81 $_REQUEST['userid'] = $row['id'];
82 } else {
83 printf(_("No users found matching %s"), sanitizeHTML($email));
84 }
85 }
86
87 if(intval($_REQUEST['userid']) > 0)
88 {
89 $id = intval($_REQUEST['userid']);
90 $query = "select * from `users` where `id`='$id' and `users`.`deleted`=0";
91 $res = mysql_query($query);
92 if(mysql_num_rows($res) <= 0)
93 {
94 echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
95 } else {
96 $row = mysql_fetch_assoc($res);
97 $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."'";
98 $dres = mysql_query($query);
99 $drow = mysql_fetch_assoc($dres);
100 $alerts = mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($row['id'])."'"));
101 ?>
102 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
103 <tr>
104 <td colspan="5" class="title"><? printf(_("%s's Account Details"), sanitizeHTML($row['email'])); ?></td>
105 </tr>
106 <tr>
107 <td class="DataTD"><?=_("Email")?>:</td>
108 <td class="DataTD"><?=sanitizeHTML($row['email'])?></td>
109 </tr>
110 <tr>
111 <td class="DataTD"><?=_("First Name")?>:</td>
112 <td class="DataTD"><form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to modify this DOB and/or last name?")?>')) return false;">
113 <input type="hidden" name="csrf" value="<?=make_csrf('admchangepers')?>" />
114 <input type="text" name="fname" value="<?=sanitizeHTML($row['fname'])?>"></td>
115 </tr>
116 <tr>
117 <td class="DataTD"><?=_("Middle Name")?>:</td>
118 <td class="DataTD"><input type="text" name="mname" value="<?=sanitizeHTML($row['mname'])?>"></td>
119 </tr>
120 <tr>
121 <td class="DataTD"><?=_("Last Name")?>:</td>
122 <td class="DataTD"> <input type="hidden" name="oldid" value="43">
123 <input type="hidden" name="action" value="updatedob">
124 <input type="hidden" name="userid" value="<?=intval($id)?>">
125 <input type="text" name="lname" value="<?=sanitizeHTML($row['lname'])?>"></td>
126 </tr>
127 <tr>
128 <td class="DataTD"><?=_("Suffix")?>:</td>
129 <td class="DataTD"><input type="text" name="suffix" value="<?=sanitizeHTML($row['suffix'])?>"></td>
130 </tr>
131 <tr>
132 <td class="DataTD"><?=_("Date of Birth")?>:</td>
133 <td class="DataTD">
134 <?
135 $year = intval(substr($row['dob'], 0, 4));
136 $month = intval(substr($row['dob'], 5, 2));
137 $day = intval(substr($row['dob'], 8, 2));
138 ?><nobr><select name="day">
139 <?
140 for($i = 1; $i <= 31; $i++)
141 {
142 echo "<option";
143 if($day == $i)
144 echo " selected='selected'";
145 echo ">$i</option>";
146 }
147 ?>
148 </select>
149 <select name="month">
150 <?
151 for($i = 1; $i <= 12; $i++)
152 {
153 echo "<option value='$i'";
154 if($month == $i)
155 echo " selected='selected'";
156 echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))."</option>";
157 }
158 ?>
159 </select>
160 <input type="text" name="year" value="<?=$year?>" size="4">
161 <input type="submit" value="Go"></form></nobr></td>
162 </tr>
163 <tr>
164 <td class="DataTD"><?=_("Trainings")?>:</td>
165 <td class="DataTD"><a href="account.php?id=55&amp;userid=<?=intval($row['id'])?>">show</a></td>
166 </tr>
167 <tr>
168 <td class="DataTD"><?=_("Is Assurer")?>:</td>
169 <td class="DataTD"><a href="account.php?id=43&amp;assurer=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admsetassuret')?>"><?=$row['assurer']?></a></td>
170 </tr>
171 <tr>
172 <td class="DataTD"><?=_("Blocked Assurer")?>:</td>
173 <td class="DataTD"><a href="account.php?id=43&amp;assurer_blocked=<?=intval($row['id'])?>"><?=$row['assurer_blocked']?></a></td>
174 </tr>
175 <tr>
176 <td class="DataTD"><?=_("Account Locking")?>:</td>
177 <td class="DataTD"><a href="account.php?id=43&amp;locked=<?=$row['id']?>&amp;csrf=<?=make_csrf('admactlock')?>"><?=$row['locked']?></a></td>
178 </tr>
179 <tr>
180 <td class="DataTD"><?=_("Code Signing")?>:</td>
181 <td class="DataTD"><a href="account.php?id=43&amp;codesign=<?=$row['id']?>&amp;csrf=<?=make_csrf('admcodesign')?>"><?=$row['codesign']?></a></td>
182 </tr>
183 <tr>
184 <td class="DataTD"><?=_("Org Assurer")?>:</td>
185 <td class="DataTD"><a href="account.php?id=43&amp;orgadmin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admorgadmin')?>"><?=$row['orgadmin']?></a></td>
186 </tr>
187 <tr>
188 <td class="DataTD"><?=_("TTP Admin")?>:</td>
189 <td class="DataTD"><a href="account.php?id=43&amp;ttpadmin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admttpadmin')?>"><?=$row['ttpadmin']?></a></td>
190 </tr>
191 <tr>
192 <td class="DataTD"><?=_("Location Admin")?>:</td>
193 <td class="DataTD"><a href="account.php?id=43&amp;locadmin=<?=$row['id']?>"><?=$row['locadmin']?></a></td>
194 </tr>
195 <tr>
196 <td class="DataTD"><?=_("Admin")?>:</td>
197 <td class="DataTD"><a href="account.php?id=43&amp;admin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admsetadmin')?>"><?=$row['admin']?></a></td>
198 </tr>
199 <tr>
200 <td class="DataTD"><?=_("Ad Admin")?>:</td>
201 <td class="DataTD"><a href="account.php?id=43&amp;adadmin=<?=$row['id']?>"><?=$row['adadmin']?></a> (0 = none, 1 = submit, 2 = approve)</td>
202 </tr>
203 <tr>
204 <td class="DataTD"><?=_("Tverify Account")?>:</td>
205 <td class="DataTD"><a href="account.php?id=43&amp;tverify=<?=$row['id']?>"><?=$row['tverify']?></a></td>
206 </tr>
207 <tr>
208 <td class="DataTD"><?=_("General Announcements")?>:</td>
209 <td class="DataTD"><a href="account.php?id=43&amp;general=<?=$row['id']?>"><?=$alerts['general']?></a></td>
210 </tr>
211 <tr>
212 <td class="DataTD"><?=_("Country Announcements")?>:</td>
213 <td class="DataTD"><a href="account.php?id=43&amp;country=<?=$row['id']?>"><?=$alerts['country']?></a></td>
214 </tr>
215 <tr>
216 <td class="DataTD"><?=_("Regional Announcements")?>:</td>
217 <td class="DataTD"><a href="account.php?id=43&amp;regional=<?=$row['id']?>"><?=$alerts['regional']?></a></td>
218 </tr>
219 <tr>
220 <td class="DataTD"><?=_("Within 200km Announcements")?>:</td>
221 <td class="DataTD"><a href="account.php?id=43&amp;radius=<?=$row['id']?>"><?=$alerts['radius']?></a></td>
222 </tr>
223 <tr>
224 <td class="DataTD"><?=_("Change Password")?>:</td>
225 <td class="DataTD"><a href="account.php?id=44&amp;userid=<?=$row['id']?>"><?=_("Change Password")?></a></td>
226 </tr>
227 <tr>
228 <td class="DataTD"><?=_("Delete Account")?>:</td>
229 <td class="DataTD"><a href="account.php?id=50&amp;userid=<?=$row['id']?>&amp;csrf=<?=make_csrf('admdelaccount')?>"><?=_("Delete Account")?></a></td>
230 </tr>
231 <?
232 // This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!!
233 if(array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes") {
234 ?>
235 <tr>
236 <td class="DataTD"><?=_("Lost Password")?> - Q1:</td>
237 <td class="DataTD"><?=sanitizeHTML($row['Q1'])?></td>
238 </tr>
239 <tr>
240 <td class="DataTD"><?=_("Lost Password")?> - A1:</td>
241 <td class="DataTD"><?=sanitizeHTML($row['A1'])?></td>
242 </tr>
243 <tr>
244 <td class="DataTD"><?=_("Lost Password")?> - Q2:</td>
245 <td class="DataTD"><?=sanitizeHTML($row['Q2'])?></td>
246 </tr>
247 <tr>
248 <td class="DataTD"><?=_("Lost Password")?> - A2:</td>
249 <td class="DataTD"><?=sanitizeHTML($row['A2'])?></td>
250 </tr>
251 <tr>
252 <td class="DataTD"><?=_("Lost Password")?> - Q3:</td>
253 <td class="DataTD"><?=sanitizeHTML($row['Q3'])?></td>
254 </tr>
255 <tr>
256 <td class="DataTD"><?=_("Lost Password")?> - A3:</td>
257 <td class="DataTD"><?=sanitizeHTML($row['A3'])?></td>
258 </tr>
259 <tr>
260 <td class="DataTD"><?=_("Lost Password")?> - Q4:</td>
261 <td class="DataTD"><?=sanitizeHTML($row['Q4'])?></td>
262 </tr>
263 <tr>
264 <td class="DataTD"><?=_("Lost Password")?> - A4:</td>
265 <td class="DataTD"><?=sanitizeHTML($row['A4'])?></td>
266 </tr>
267 <tr>
268 <td class="DataTD"><?=_("Lost Password")?> - Q5:</td>
269 <td class="DataTD"><?=sanitizeHTML($row['Q5'])?></td>
270 </tr>
271 <tr>
272 <td class="DataTD"><?=_("Lost Password")?> - A5:</td>
273 <td class="DataTD"><?=sanitizeHTML($row['A5'])?></td>
274 </tr>
275 <? } else { ?>
276 <tr>
277 <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;showlostpw=yes"><?=_("Show Lost Password Details")?></a></td>
278 </tr>
279 <? } ?>
280 <tr>
281 <td class="DataTD"><?=_("Assurance Points")?>:</td>
282 <td class="DataTD"><?=intval($drow['points'])?></td>
283 </tr>
284 </table>
285 <br><?
286 $query = "select * from `email` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`=''
287 and `email`!='".mysql_escape_string($row['email'])."'";
288 $dres = mysql_query($query);
289 if(mysql_num_rows($dres) > 0) { ?>
290 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
291 <tr>
292 <td colspan="5" class="title"><?=_("Alternate Verified Email Addresses")?></td>
293 </tr><?
294 $rc = mysql_num_rows($dres);
295 while($drow = mysql_fetch_assoc($dres))
296 { ?>
297 <tr>
298 <td class="DataTD"><?=_("Secondary Emails")?>:</td>
299 <td class="DataTD"><?=sanitizeHTML($drow['email'])?></td>
300 </tr>
301 <? } ?>
302 </table>
303 <br><? } ?>
304 <?
305 $query = "select * from `domains` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`=''";
306 $dres = mysql_query($query);
307 if(mysql_num_rows($dres) > 0) { ?>
308 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
309 <tr>
310 <td colspan="5" class="title"><?=_("Verified Domains")?></td>
311 </tr><?
312 $rc = mysql_num_rows($dres);
313 while($drow = mysql_fetch_assoc($dres))
314 { ?>
315 <tr>
316 <td class="DataTD"><?=_("Domain")?>:</td>
317 <td class="DataTD"><?=sanitizeHTML($drow['domain'])?></td>
318 </tr>
319 <? } ?>
320 </table>
321 <br>
322 <? } ?>
323
324 <a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredto"><?=_("Show Assurances the user got")?></a>
325 (<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredto15"><?=_("New calculation")?></a>)
326 <br />
327 <a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredby"><?=_("Show Assurances the user gave")?></a>
328 (<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredby15"><?=_("New calculation")?></a>)
329 <br />
330
331 <?
332 // if(array_key_exists('assuredto',$_GET) && $_GET['assuredto'] == "yes") {
333
334 function showassuredto()
335 {
336 ?>
337 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
338 <tr>
339 <td colspan="8" class="title"><?=_("Assurance Points")?></td>
340 </tr>
341 <tr>
342 <td class="DataTD"><b><?=_("ID")?></b></td>
343 <td class="DataTD"><b><?=_("Date")?></b></td>
344 <td class="DataTD"><b><?=_("Who")?></b></td>
345 <td class="DataTD"><b><?=_("Email")?></b></td>
346 <td class="DataTD"><b><?=_("Points")?></b></td>
347 <td class="DataTD"><b><?=_("Location")?></b></td>
348 <td class="DataTD"><b><?=_("Method")?></b></td>
349 <td class="DataTD"><b><?=_("Revoke")?></b></td>
350 </tr>
351 <?
352 $query = "select * from `notary` where `to`='".intval($_GET['userid'])."'";
353 $dres = mysql_query($query);
354 $points = 0;
355 while($drow = mysql_fetch_assoc($dres))
356 {
357 $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['from'])."'"));
358 $points += $drow['points'];
359 ?>
360 <tr>
361 <td class="DataTD"><?=$drow['id']?></td>
362 <td class="DataTD"><?=sanitizeHTML($drow['date'])?></td>
363 <td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['fname'])." ".sanitizeHTML($fromuser['lname'])?></td>
364 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td>
365 <td class="DataTD"><?=intval($drow['points'])?></td>
366 <td class="DataTD"><?=sanitizeHTML($drow['location'])?></td>
367 <td class="DataTD"><?=sanitizeHTML($drow['method'])?></td>
368 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>&amp;assurance=<?=intval($drow['id'])?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a></td>
369 </tr>
370 <? } ?>
371 <tr>
372 <td class="DataTD" colspan="2"><b><?=_("Total Points")?>:</b></td>
373 <td class="DataTD"><?=$points?></td>
374 <td class="DataTD" colspan="3">&nbsp;</td>
375 </tr>
376 </table>
377 <? } ?>
378
379 <?
380 function showassuredby()
381 {
382 ?>
383 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
384 <tr>
385 <td colspan="8" class="title"><?=_("Assurance Points The User Issued")?></td>
386 </tr>
387 <tr>
388 <td class="DataTD"><b><?=_("ID")?></b></td>
389 <td class="DataTD"><b><?=_("Date")?></b></td>
390 <td class="DataTD"><b><?=_("Who")?></b></td>
391 <td class="DataTD"><b><?=_("Email")?></b></td>
392 <td class="DataTD"><b><?=_("Points")?></b></td>
393 <td class="DataTD"><b><?=_("Location")?></b></td>
394 <td class="DataTD"><b><?=_("Method")?></b></td>
395 <td class="DataTD"><b><?=_("Revoke")?></b></td>
396 </tr>
397 <?
398 $query = "select * from `notary` where `from`='".intval($_GET['userid'])."'";
399 $dres = mysql_query($query);
400 $points = 0;
401 while($drow = mysql_fetch_assoc($dres))
402 {
403 $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$drow['to']."'"));
404 $points += $drow['points'];
405 ?>
406 <tr>
407 <td class="DataTD"><?=$drow['id']?></td>
408 <td class="DataTD"><?=$drow['date']?></td>
409 <td class="DataTD"><a href="wot.php?id=9&userid=<?=$drow['to']?>"><?=$fromuser['fname']." ".$fromuser['lname']?></td>
410 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td>
411 <td class="DataTD"><?=$drow['points']?></td>
412 <td class="DataTD"><?=$drow['location']?></td>
413 <td class="DataTD"><?=$drow['method']?></td>
414 <td class="DataTD"><a href="account.php?id=43&userid=<?=$drow['from']?>&assurance=<?=$drow['id']?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a></td>
415 </tr>
416 <? } ?>
417 <tr>
418 <td class="DataTD" colspan="2"><b><?=_("Total Points")?>:</b></td>
419 <td class="DataTD"><?=$points?></td>
420 <td class="DataTD" colspan="3">&nbsp;</td>
421 </tr>
422 </table>
423 <? } ?>
424 <br><br>
425 <? } }
426
427 switch ($_GET['shownotary'])
428 {
429 case 'assuredto': showassuredto();
430 break;
431 case 'assuredby': showassuredby();
432 break;
433 case 'assuredto15': output_received_assurances(intval($_GET['userid']),1);
434 break;
435 case 'assuredby15': output_given_assurances(intval($_GET['userid']),1);
436 break;
437 }
438
439
440 ?>