bug 1138: fixed syntax errors missing }
[cacert-devel.git] / pages / account / 43.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */ ?>
18 <?
19 include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
20
21 $ticketno='';
22 $ticketvalidation=FALSE;
23
24 //check if an assurance should be deleted
25 if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0)
26 {
27 $assurance = mysql_real_escape_string(intval($_REQUEST['assurance']));
28 $row = 0;
29 $res = mysql_query("select `to` from `notary` where `id`='$assurance' and `deleted` = 0");
30 if ($res) {
31 $row = mysql_fetch_assoc($res);
32 }
33 mysql_query("update `notary` set `deleted`=NOW() where `id`='$assurance'");
34 if ($row) {
35 fix_assurer_flag($row['to']);
36 }
37 }
38 if (isset($_SESSION['ticketno'])) {
39 $ticketno=$_SESSION['ticketno'];
40 $ticketvalidation=TRUE;
41 }
42 if (isset($_SESSION['ticketmsg'])) {
43 $ticketmsg=$_SESSION['ticketmsg'];
44 } else {
45 $ticketmsg='';
46 }
47
48 // search for an account by email search, if more than one is found display list to choose
49 if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
50 {
51 $_REQUEST['userid'] = 0;
52
53 $emailsearch = $email = mysql_real_escape_string(stripslashes($_REQUEST['email']));
54
55 //Disabled to speed up the queries
56 //if(!strstr($email, "%"))
57 // $emailsearch = "%$email%";
58
59 // bug-975 ted+uli changes --- begin
60 if(preg_match("/^[0-9]+$/", $email)) {
61 // $email consists of digits only ==> search for IDs
62 // Be defensive here (outer join) if primary mail is not listed in email table
63 $query = "select `users`.`id` as `id`, `email`.`email` as `email`
64 from `users` left outer join `email` on (`users`.`id`=`email`.`memid`)
65 where (`email`.`id`='$email' or `users`.`id`='$email')
66 and `users`.`deleted`=0
67 group by `users`.`id` limit 100";
68 } else {
69 // $email contains non-digits ==> search for mail addresses
70 // Be defensive here (outer join) if primary mail is not listed in email table
71 $query = "select `users`.`id` as `id`, `email`.`email` as `email`
72 from `users` left outer join `email` on (`users`.`id`=`email`.`memid`)
73 where (`email`.`email` like '$emailsearch'
74 or `users`.`email` like '$emailsearch')
75 and `users`.`deleted`=0
76 group by `users`.`id` limit 100";
77 }
78 // bug-975 ted+uli changes --- end
79 $res = mysql_query($query);
80 if(mysql_num_rows($res) > 1) {
81 ?>
82 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
83 <tr>
84 <td colspan="5" class="title"><?=_("Select Specific Account Details")?></td>
85 </tr>
86 <tr>
87 <td class="DataTD"><?=_("User ID")?></td>
88 <td class="DataTD"><?=_("Email")?></td>
89 </tr>
90 <?
91 while($row = mysql_fetch_assoc($res))
92 {
93 ?>
94 <tr>
95 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>"><?=intval($row['id'])?></a></td>
96 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td>
97 </tr>
98 <?
99 }
100
101 if(mysql_num_rows($res) >= 100) {
102 ?>
103 <tr>
104 <td class="DataTD" colspan="2"><?=_("Only the first 100 rows are displayed.")?></td>
105 </tr>
106 <?
107 } else {
108 ?>
109 <tr>
110 <td class="DataTD" colspan="2"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td>
111 </tr>
112 <?
113 }
114 ?>
115 </table><br><br>
116 <?
117 } elseif(mysql_num_rows($res) == 1) {
118 $row = mysql_fetch_assoc($res);
119 $_REQUEST['userid'] = $row['id'];
120 } else {
121 printf(_("No users found matching %s"), sanitizeHTML($email));
122 }
123 }
124
125 // display user information for given user id
126 if(intval($_REQUEST['userid']) > 0) {
127 $userid = intval($_REQUEST['userid']);
128 $res =get_user_data($userid);
129 if(mysql_num_rows($res) <= 0) {
130 echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
131 } else {
132 $row = mysql_fetch_assoc($res);
133 $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."' and `deleted` = 0";
134 $dres = mysql_query($query);
135 $drow = mysql_fetch_assoc($dres);
136 $alerts =get_alerts(intval($row['id']));
137
138 //display account data
139
140 //deletes an assurance
141 if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0 && $ticketvalidation==true)
142 {
143 $assurance = mysql_escape_string(intval($_REQUEST['assurance']));
144 $row = 0;
145 $res = mysql_query("select `to` from `notary` where `id`='$assurance'");
146 if ($res) {
147 $row = mysql_fetch_assoc($res);
148 }
149 mysql_query("delete from `notary` where `id`='$assurance'");
150 if ($row) {
151 fix_assurer_flag($row['to']);
152 write_se_log($uid, $adminid, 'AD assurance revoke', $ticketno);
153 }
154 } else {
155 $ticketmsg=_('No assurance revoked. Ticket number is missing!');
156 }
157
158 //Ticket number
159 ?>
160 <!--
161 <form method="post" action="account.php?id=43&userid=<?=$uid?>">
162 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
163 <tr>
164 <td colspan="2" class="title"><?=_('Ticket handling') ?></td>
165 </tr>
166 <tr>
167 <td class="DataTD"><?=_('Ticket no:')?>:</td>
168 <td class="DataTD"><input type="text" name="ticketno" value="<?=$ticketno?>"/></td>
169 </tr>
170 <tr>
171 <td colspan="2" ><?=$ticketmsg?></td><?php $_SESSION['ticketmsg']='' ?>
172 </tr>
173 <tr>
174 <td colspan="2" ><input type="submit" value="<?=_('Set ticket number') ?>"></td>
175 </tr>
176 </table>
177 </form>
178 <br/>
179 -->
180
181 <!-- display data table -->
182 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
183 <tr>
184 <td colspan="5" class="title"><? printf(_("%s's Account Details"), sanitizeHTML($row['email'])); ?></td>
185 </tr>
186 <tr>
187 <td class="DataTD"><?=_("Email")?>:</td>
188 <td class="DataTD"><?=sanitizeHTML($row['email'])?></td>
189 </tr>
190 <tr>
191 <td class="DataTD"><?=_("First Name")?>:</td>
192 <td class="DataTD"><form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to modify this DOB and/or last name?")?>')) return false;">
193 <input type="hidden" name="csrf" value="<?=make_csrf('admchangepers')?>" />
194 <input type="text" name="fname" value="<?=sanitizeHTML($row['fname'])?>">
195 </td>
196 </tr>
197 <tr>
198 <td class="DataTD"><?=_("Middle Name")?>:</td>
199 <td class="DataTD"><input type="text" name="mname" value="<?=sanitizeHTML($row['mname'])?>"></td>
200 </tr>
201 <tr>
202 <td class="DataTD"><?=_("Last Name")?>:</td>
203 <td class="DataTD"> <input type="hidden" name="oldid" value="43">
204 <input type="hidden" name="action" value="updatedob">
205 <input type="hidden" name="userid" value="<?=intval($userid)?>">
206 <input type="text" name="lname" value="<?=sanitizeHTML($row['lname'])?>">
207 </td>
208 </tr>
209 <tr>
210 <td class="DataTD"><?=_("Suffix")?>:</td>
211 <td class="DataTD"><input type="text" name="suffix" value="<?=sanitizeHTML($row['suffix'])?>"></td>
212 </tr>
213 <tr>
214 <td class="DataTD"><?=_("Date of Birth")?>:</td>
215 <td class="DataTD">
216 <?
217 $year = intval(substr($row['dob'], 0, 4));
218 $month = intval(substr($row['dob'], 5, 2));
219 $day = intval(substr($row['dob'], 8, 2));
220 ?>
221 <nobr>
222 <select name="day">
223 <?
224 for($i = 1; $i <= 31; $i++) {
225 echo "<option";
226 if($day == $i) {
227 echo " selected='selected'";
228 }
229 echo ">$i</option>";
230 }
231 ?>
232 </select>
233 <select name="month">
234 <?
235 for($i = 1; $i <= 12; $i++) {
236 echo "<option value='$i'";
237 if($month == $i)
238 echo " selected='selected'";
239 echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))."</option>";
240 }
241 ?>
242 </select>
243 <input type="text" name="year" value="<?=$year?>" size="4">
244 <input type="submit" value="Go">
245 </form>
246 </nobr>
247 </td>
248 </tr>
249
250 <? // list of flags ?>
251 <tr>
252 <td class="DataTD"><?=_("CCA accepted")?>:</td>
253 <td class="DataTD"><a href="account.php?id=57&amp;userid=<?=intval($row['id'])?>"><?=intval(get_user_agreement_status($row['id'])) ? _("Yes") : _("No") ?></a></td>
254 </tr>
255 <tr>
256 <td class="DataTD"><?=_("Trainings")?>:</td>
257 <td class="DataTD"><a href="account.php?id=55&amp;userid=<?=intval($row['id'])?>">show</a></td>
258 </tr>
259 <tr>
260 <td class="DataTD"><?=_("Is Assurer")?>:</td>
261 <td class="DataTD"><a href="account.php?id=43&amp;assurer=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admsetassuret')?>"><?=$row['assurer']?></a></td>
262 </tr>
263 <tr>
264 <td class="DataTD"><?=_("Blocked Assurer")?>:</td>
265 <td class="DataTD"><a href="account.php?id=43&amp;assurer_blocked=<?=intval($row['id'])?>"><?=$row['assurer_blocked']?></a></td>
266 </tr>
267 <tr>
268 <td class="DataTD"><?=_("Account Locking")?>:</td>
269 <td class="DataTD"><a href="account.php?id=43&amp;locked=<?=$row['id']?>&amp;csrf=<?=make_csrf('admactlock')?>"><?=$row['locked']?></a></td>
270 </tr>
271 <tr>
272 <td class="DataTD"><?=_("Code Signing")?>:</td>
273 <td class="DataTD"><a href="account.php?id=43&amp;codesign=<?=$row['id']?>&amp;csrf=<?=make_csrf('admcodesign')?>"><?=$row['codesign']?></a></td>
274 </tr>
275 <tr>
276 <td class="DataTD"><?=_("Org Assurer")?>:</td>
277 <td class="DataTD"><a href="account.php?id=43&amp;orgadmin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admorgadmin')?>"><?=$row['orgadmin']?></a></td>
278 </tr>
279 <tr>
280 <td class="DataTD"><?=_("TTP Admin")?>:</td>
281 <td class="DataTD"><a href="account.php?id=43&amp;ttpadmin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admttpadmin')?>"><?=$row['ttpadmin']?></a></td>
282 </tr>
283 <tr>
284 <td class="DataTD"><?=_("Location Admin")?>:</td>
285 <td class="DataTD"><a href="account.php?id=43&amp;locadmin=<?=$row['id']?>"><?=$row['locadmin']?></a></td>
286 </tr>
287 <tr>
288 <td class="DataTD"><?=_("Admin")?>:</td>
289 <td class="DataTD"><a href="account.php?id=43&amp;admin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admsetadmin')?>"><?=$row['admin']?></a></td>
290 </tr>
291 <tr>
292 <td class="DataTD"><?=_("Ad Admin")?>:</td>
293 <td class="DataTD"><a href="account.php?id=43&amp;adadmin=<?=$row['id']?>"><?=$row['adadmin']?></a> (0 = none, 1 = submit, 2 = approve)</td>
294 </tr>
295 <!-- presently not needed
296 <tr>
297 <td class="DataTD"><?=_("Tverify Account")?>:</td>
298 <td class="DataTD"><a href="account.php?id=43&amp;tverify=<?=$row['id']?>"><?=$row['tverify']?></a></td>
299 </tr>
300 -->
301 <tr>
302 <td class="DataTD"><?=_("General Announcements")?>:</td>
303 <td class="DataTD"><a href="account.php?id=43&amp;general=<?=$row['id']?>"><?=$alerts['general']?></a></td>
304 </tr>
305 <tr>
306 <td class="DataTD"><?=_("Country Announcements")?>:</td>
307 <td class="DataTD"><a href="account.php?id=43&amp;country=<?=$row['id']?>"><?=$alerts['country']?></a></td>
308 </tr>
309 <tr>
310 <td class="DataTD"><?=_("Regional Announcements")?>:</td>
311 <td class="DataTD"><a href="account.php?id=43&amp;regional=<?=$row['id']?>"><?=$alerts['regional']?></a></td>
312 </tr>
313 <tr>
314 <td class="DataTD"><?=_("Within 200km Announcements")?>:</td>
315 <td class="DataTD"><a href="account.php?id=43&amp;radius=<?=$row['id']?>"><?=$alerts['radius']?></a></td>
316 </tr>
317 <? //change password, view secret questions and delete account section ?>
318 <tr>
319 <td class="DataTD"><?=_("Change Password")?>:</td>
320 <td class="DataTD"><a href="account.php?id=44&amp;userid=<?=$row['id']?>"><?=_("Change Password")?></a></td>
321 </tr>
322 <tr>
323 <td class="DataTD"><?=_("Delete Account")?>:</td>
324 <td class="DataTD"><a href="account.php?id=50&amp;userid=<?=$row['id']?>&amp;csrf=<?=make_csrf('admdelaccount')?>"><?=_("Delete Account")?></a></td>
325 </tr>
326 <?
327 // This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!!
328 if(array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==true) {
329 write_se_log($uid, $adminid, 'AD view lost password information', $ticketno);
330 ?>
331 <tr>
332 <td class="DataTD"><?=_("Lost Password")?> - Q1:</td>
333 <td class="DataTD"><?=sanitizeHTML($row['Q1'])?></td>
334 </tr>
335 <tr>
336 <td class="DataTD"><?=_("Lost Password")?> - A1:</td>
337 <td class="DataTD"><?=sanitizeHTML($row['A1'])?></td>
338 </tr>
339 <tr>
340 <td class="DataTD"><?=_("Lost Password")?> - Q2:</td>
341 <td class="DataTD"><?=sanitizeHTML($row['Q2'])?></td>
342 </tr>
343 <tr>
344 <td class="DataTD"><?=_("Lost Password")?> - A2:</td>
345 <td class="DataTD"><?=sanitizeHTML($row['A2'])?></td>
346 </tr>
347 <tr>
348 <td class="DataTD"><?=_("Lost Password")?> - Q3:</td>
349 <td class="DataTD"><?=sanitizeHTML($row['Q3'])?></td>
350 </tr>
351 <tr>
352 <td class="DataTD"><?=_("Lost Password")?> - A3:</td>
353 <td class="DataTD"><?=sanitizeHTML($row['A3'])?></td>
354 </tr>
355 <tr>
356 <td class="DataTD"><?=_("Lost Password")?> - Q4:</td>
357 <td class="DataTD"><?=sanitizeHTML($row['Q4'])?></td>
358 </tr>
359 <tr>
360 <td class="DataTD"><?=_("Lost Password")?> - A4:</td>
361 <td class="DataTD"><?=sanitizeHTML($row['A4'])?></td>
362 </tr>
363 <tr>
364 <td class="DataTD"><?=_("Lost Password")?> - Q5:</td>
365 <td class="DataTD"><?=sanitizeHTML($row['Q5'])?></td>
366 </tr>
367 <tr>
368 <td class="DataTD"><?=_("Lost Password")?> - A5:</td>
369 <td class="DataTD"><?=sanitizeHTML($row['A5'])?></td>
370 </tr>
371 <?
372 } elseif (array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==false) {
373 ?>
374 <tr>
375 <td class="DataTD" colspan="2"><?=_('No access granted. Ticket number is missing')?></td>
376 </tr>
377 <tr>
378 <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;showlostpw=yes"><?=_("Show Lost Password Details")?></a></td>
379 </tr>
380 <?
381 }
382
383 // list assurance points
384 ?>
385 <tr>
386 <td class="DataTD"><?=_("Assurance Points")?>:</td>
387 <td class="DataTD"><?=intval($drow['points'])?></td>
388 </tr>
389 <?
390 // show account history
391 ?>
392 <tr>
393 <td class="DataTD" colspan="2"><a href="account.php?id=59&amp;userid=<?=intval($row['id'])?>"><?=_('Show account history')?></a></td>
394 </tr>
395 </table>
396 <br/>
397 <?
398 //ticket number to track SE log
399 ?>
400 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
401 <tr>
402 <td td colspan="5" class="title"><?=_("Ticket/Arbitration No, needs to be entered to apply any changes")?></td>
403 </tr>
404 <tr>
405 <td class="DataTD"><?=_('Ticket/Arbitration No')?></td>
406 <td class="DataTD"><input name="ticketno" /></td>
407 </tr>
408 </table>
409 <br/>
410 <?
411 //list secondary email addresses
412 $dres = get_email_address(intval($row['id']),mysql_real_escape_string($row['email']));
413 if(mysql_num_rows($dres) > 0) {
414 ?>
415 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
416 <tr>
417 <td colspan="5" class="title"><?=_("Alternate Verified Email Addresses")?></td>
418 </tr>
419 <?
420 $rc = mysql_num_rows($dres);
421 while($drow = mysql_fetch_assoc($dres)) {
422 ?>
423 <tr>
424 <td class="DataTD"><?=_("Secondary Emails")?>:</td>
425 <td class="DataTD"><?=sanitizeHTML($drow['email'])?></td>
426 </tr>
427 <?
428 }
429 ?>
430 </table>
431 <br/>
432 <?
433 }
434
435 // list of domains domains
436 $dres=get_domains(intval($row['id']));
437 if(mysql_num_rows($dres) > 0) {
438 ?>
439 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
440 <tr>
441 <td colspan="5" class="title"><?=_("Verified Domains")?></td>
442 </tr>
443 <?
444 $rc = mysql_num_rows($dres);
445 while($drow = mysql_fetch_assoc($dres)) {
446 ?>
447 <tr>
448 <td class="DataTD"><?=_("Domain")?>:</td>
449 <td class="DataTD"><?=sanitizeHTML($drow['domain'])?></td>
450 </tr>
451 <?
452 }
453 ?>
454 </table>
455 <br/>
456 <?
457 }
458 ?>
459 <? // Begin - Debug infos ?>
460 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
461 <tr>
462 <td colspan="2" class="title"><?=_("Account State")?></td>
463 </tr>
464
465 <?
466 // --- bug-975 begin ---
467 // potential db inconsistency like in a20110804.1
468 // Admin console -> don't list user account
469 // User login -> impossible
470 // Assurer, assure someone -> user displayed
471 /* regular user account search with regular settings
472
473 --- Admin Console find user query
474 $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email`
475 where `users`.`id`=`email`.`memid` and
476 (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and
477 `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0
478 group by `users`.`id` limit 100";
479 => requirements
480 1. email.hash = ''
481 2. email.deleted = 0
482 3. users.deleted = 0
483 4. email.email = primary-email (???) or'd
484 not covered by admin console find user routine, but may block users login
485 5. users.verified = 0|1
486 further "special settings"
487 6. users.locked (setting displayed in display form)
488 7. users.assurer_blocked (setting displayed in display form)
489
490 --- User login user query
491 select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
492 `password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0
493 => requirements
494 1. users.verified = 1
495 2. users.deleted = 0
496 3. users.locked = 0
497 4. users.email = primary-email
498
499 --- Assurer, assure someone find user query
500 select * from `users` where `email`='".mysql_real_escape_string(stripslashes($_POST['email']))."'
501 and `deleted`=0
502 => requirements
503 1. users.deleted = 0
504 2. users.email = primary-email
505
506 Admin User Assurer
507 bit Console Login assure someone
508
509 1. email.hash = '' Yes No No
510 2. email.deleted = 0 Yes No No
511 3. users.deleted = 0 Yes Yes Yes
512 4. users.verified = 1 No Yes No
513 5. users.locked = 0 No Yes No
514 6. users.email = prim-email No Yes Yes
515 7. email.email = prim-email Yes No No
516
517 full usable account needs all 7 requirements fulfilled
518 so if one setting isn't set/cleared there is an inconsistency either way
519 if eg email.email is not avail, admin console cannot open user info
520 but user can login and assurer can display user info
521 if user verified is not set to 1, admin console displays user record
522 but user cannot login, but assurer can search for the user and the data displays
523
524 consistency check:
525 1. search primary-email in users.email
526 2. search primary-email in email.email
527 3. userid = email.memid
528 4. check settings from table 1. - 5.
529
530 */
531
532 $inconsistency = 0;
533 $inconsistencydisp = "";
534 $inccause = "";
535
536 // current userid intval($row['id'])
537 $query = "select `email` as `uemail`, `deleted` as `udeleted`, `verified`, `locked`
538 from `users` where `id`='".intval($row['id'])."' ";
539 $dres = mysql_query($query);
540 $drow = mysql_fetch_assoc($dres);
541 $uemail = $drow['uemail'];
542 $udeleted = $drow['udeleted'];
543 $uverified = $drow['verified'];
544 $ulocked = $drow['locked'];
545
546 $query = "select `hash`, `email` as `eemail` from `email`
547 where `memid`='".intval($row['id'])."' and
548 `email` ='".$uemail."' and
549 `deleted` = 0";
550 $dres = mysql_query($query);
551 if ($drow = mysql_fetch_assoc($dres)) {
552 $drow['edeleted'] = 0;
553 } else {
554 // try if there are deleted entries
555 $query = "select `hash`, `deleted` as `edeleted`, `email` as `eemail` from `email`
556 where `memid`='".intval($row['id'])."' and
557 `email` ='".$uemail."'";
558 $dres = mysql_query($query);
559 $drow = mysql_fetch_assoc($dres);
560 }
561
562 if ($drow) {
563 $eemail = $drow['eemail'];
564 $edeleted = $drow['edeleted'];
565 $ehash = $drow['hash'];
566 if ($udeleted!=0) {
567 $inconsistency += 1;
568 $inccause .= (empty($inccause)?"":"<br>")._("Users record set to deleted");
569 }
570 if ($uverified!=1) {
571 $inconsistency += 2;
572 $inccause .= (empty($inccause)?"":"<br>")._("Users record verified not set");
573 }
574 if ($ulocked!=0) {
575 $inconsistency += 4;
576 $inccause .= (empty($inccause)?"":"<br>")._("Users record locked set");
577 }
578 if ($edeleted!=0) {
579 $inconsistency += 8;
580 $inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted");
581 }
582 if ($ehash!='') {
583 $inconsistency += 16;
584 $inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset");
585 }
586 } else {
587 $inconsistency = 32;
588 $inccause = _("Prim. email, Email record doesn't exist");
589 }
590 if ($inconsistency>0) {
591 // $inconsistencydisp = _("Yes");
592 ?>
593 <tr>
594 <td class="DataTD"><?=_("Account inconsistency")?>:</td>
595 <td class="DataTD"><?=$inccause?><br>code: <?=$inconsistency?></td>
596 </tr>
597 <tr>
598 <td colspan="2" class="DataTD" style="max-width: 75ex;">
599 <?=_("Account inconsistency can cause problems in daily account operations and needs to be fixed manually through arbitration/critical team.")?>
600 </td>
601 </tr>
602 <?
603 }
604
605 // --- bug-975 end ---
606 ?>
607 </table>
608 <br />
609 <?
610 // End - Debug infos
611
612 // certificate overview
613 ?>
614
615 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
616 <tr>
617 <td colspan="6" class="title"><?=_("Certificates")?></td>
618 </tr>
619 <tr>
620 <td class="DataTD"><?=_("Cert Type")?>:</td>
621 <td class="DataTD"><?=_("Total")?></td>
622 <td class="DataTD"><?=_("Valid")?></td>
623 <td class="DataTD"><?=_("Expired")?></td>
624 <td class="DataTD"><?=_("Revoked")?></td>
625 <td class="DataTD"><?=_("Latest Expire")?></td>
626 </tr>
627 <!-- server certificates -->
628 <tr>
629 <td class="DataTD"><?=_("Server")?>:</td>
630 <?
631 $query = "
632 select COUNT(*) as `total`,
633 MAX(`domaincerts`.`expire`) as `maxexpire`
634 from `domains` inner join `domaincerts`
635 on `domains`.`id` = `domaincerts`.`domid`
636 where `domains`.`memid` = '".intval($row['id'])."'
637 ";
638 $dres = mysql_query($query);
639 $drow = mysql_fetch_assoc($dres);
640 $total = $drow['total'];
641
642 $maxexpire = "0000-00-00 00:00:00";
643 if ($drow['maxexpire']) {
644 $maxexpire = $drow['maxexpire'];
645 }
646
647 if($total > 0) {
648 $query = "
649 select COUNT(*) as `valid`
650 from `domains` inner join `domaincerts`
651 on `domains`.`id` = `domaincerts`.`domid`
652 where `domains`.`memid` = '".intval($row['id'])."'
653 and `revoked` = '0000-00-00 00:00:00'
654 and `expire` > NOW()
655 ";
656 $dres = mysql_query($query);
657 $drow = mysql_fetch_assoc($dres);
658 $valid = $drow['valid'];
659
660 $query = "
661 select COUNT(*) as `expired`
662 from `domains` inner join `domaincerts`
663 on `domains`.`id` = `domaincerts`.`domid`
664 where `domains`.`memid` = '".intval($row['id'])."'
665 and `expire` <= NOW()
666 ";
667 $dres = mysql_query($query);
668 $drow = mysql_fetch_assoc($dres);
669 $expired = $drow['expired'];
670
671 $query = "
672 select COUNT(*) as `revoked`
673 from `domains` inner join `domaincerts`
674 on `domains`.`id` = `domaincerts`.`domid`
675 where `domains`.`memid` = '".intval($row['id'])."'
676 and `revoked` != '0000-00-00 00:00:00'
677 ";
678 $dres = mysql_query($query);
679 $drow = mysql_fetch_assoc($dres);
680 $revoked = $drow['revoked'];
681 ?>
682 <td class="DataTD"><?=intval($total)?></td>
683 <td class="DataTD"><?=intval($valid)?></td>
684 <td class="DataTD"><?=intval($expired)?></td>
685 <td class="DataTD"><?=intval($revoked)?></td>
686 <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
687 <?
688 } else { // $total > 0
689 ?>
690 <td colspan="5" class="DataTD"><?=_("None")?></td>
691 <?
692 }
693 ?>
694 </tr>
695 <!-- client certificates -->
696 <tr>
697 <td class="DataTD"><?=_("Client")?>:</td>
698 <?
699 $query = "
700 select COUNT(*) as `total`, MAX(`expire`) as `maxexpire`
701 from `emailcerts`
702 where `memid` = '".intval($row['id'])."'
703 ";
704 $dres = mysql_query($query);
705 $drow = mysql_fetch_assoc($dres);
706 $total = $drow['total'];
707
708 $maxexpire = "0000-00-00 00:00:00";
709 if ($drow['maxexpire']) {
710 $maxexpire = $drow['maxexpire'];
711 }
712
713 if($total > 0) {
714 $query = "
715 select COUNT(*) as `valid`
716 from `emailcerts`
717 where `memid` = '".intval($row['id'])."'
718 and `revoked` = '0000-00-00 00:00:00'
719 and `expire` > NOW()
720 ";
721 $dres = mysql_query($query);
722 $drow = mysql_fetch_assoc($dres);
723 $valid = $drow['valid'];
724
725 $query = "
726 select COUNT(*) as `expired`
727 from `emailcerts`
728 where `memid` = '".intval($row['id'])."'
729 and `expire` <= NOW()
730 ";
731 $dres = mysql_query($query);
732 $drow = mysql_fetch_assoc($dres);
733 $expired = $drow['expired'];
734
735 $query = "
736 select COUNT(*) as `revoked`
737 from `emailcerts`
738 where `memid` = '".intval($row['id'])."'
739 and `revoked` != '0000-00-00 00:00:00'
740 ";
741 $dres = mysql_query($query);
742 $drow = mysql_fetch_assoc($dres);
743 $revoked = $drow['revoked'];
744 ?>
745 <td class="DataTD"><?=intval($total)?></td>
746 <td class="DataTD"><?=intval($valid)?></td>
747 <td class="DataTD"><?=intval($expired)?></td>
748 <td class="DataTD"><?=intval($revoked)?></td>
749 <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
750 <?
751 } else { // $total > 0
752 ?>
753 <td colspan="5" class="DataTD"><?=_("None")?></td>
754 <?
755 }
756 ?>
757 </tr>
758 <!-- gpg certificates -->
759 <tr>
760 <td class="DataTD"><?=_("GPG")?>:</td>
761 <?
762 $query = "
763 select COUNT(*) as `total`, MAX(`expire`) as `maxexpire`
764 from `gpg`
765 where `memid` = '".intval($row['id'])."'
766 ";
767 $dres = mysql_query($query);
768 $drow = mysql_fetch_assoc($dres);
769 $total = $drow['total'];
770
771 $maxexpire = "0000-00-00 00:00:00";
772 if ($drow['maxexpire']) {
773 $maxexpire = $drow['maxexpire'];
774 }
775
776 if($total > 0) {
777 $query = "
778 select COUNT(*) as `valid`
779 from `gpg`
780 where `memid` = '".intval($row['id'])."'
781 and `expire` > NOW()
782 ";
783 $dres = mysql_query($query);
784 $drow = mysql_fetch_assoc($dres);
785 $valid = $drow['valid'];
786
787 $query = "
788 select COUNT(*) as `expired`
789 from `gpg`
790 where `memid` = '".intval($row['id'])."'
791 and `expire` <= NOW()
792 ";
793 $dres = mysql_query($query);
794 $drow = mysql_fetch_assoc($dres);
795 $expired = $drow['expired'];
796 ?>
797 <td class="DataTD"><?=intval($total)?></td>
798 <td class="DataTD"><?=intval($valid)?></td>
799 <td class="DataTD"><?=intval($expired)?></td>
800 <td class="DataTD"></td>
801 <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
802 <?
803 } else { // $total > 0
804 ?>
805 <td colspan="5" class="DataTD"><?=_("None")?></td>
806 <?
807 }
808 ?>
809 </tr>
810 <!-- org server certificates -->
811 <tr>
812 <td class="DataTD"><a href="account.php?id=58&amp;userid=<?=intval($row['id'])?>"><?=_("Org Server")?></a>:</td>
813 <?
814 $query = "
815 select COUNT(*) as `total`,
816 MAX(`orgcerts`.`expire`) as `maxexpire`
817 from `orgdomaincerts` as `orgcerts` inner join `org`
818 on `orgcerts`.`orgid` = `org`.`orgid`
819 where `org`.`memid` = '".intval($row['id'])."'
820 ";
821 $dres = mysql_query($query);
822 $drow = mysql_fetch_assoc($dres);
823 $total = $drow['total'];
824
825 $maxexpire = "0000-00-00 00:00:00";
826 if ($drow['maxexpire']) {
827 $maxexpire = $drow['maxexpire'];
828 }
829
830 if($total > 0) {
831 $query = "
832 select COUNT(*) as `valid`
833 from `orgdomaincerts` as `orgcerts` inner join `org`
834 on `orgcerts`.`orgid` = `org`.`orgid`
835 where `org`.`memid` = '".intval($row['id'])."'
836 and `orgcerts`.`revoked` = '0000-00-00 00:00:00'
837 and `orgcerts`.`expire` > NOW()
838 ";
839 $dres = mysql_query($query);
840 $drow = mysql_fetch_assoc($dres);
841 $valid = $drow['valid'];
842
843 $query = "
844 select COUNT(*) as `expired`
845 from `orgdomaincerts` as `orgcerts` inner join `org`
846 on `orgcerts`.`orgid` = `org`.`orgid`
847 where `org`.`memid` = '".intval($row['id'])."'
848 and `orgcerts`.`expire` <= NOW()
849 ";
850 $dres = mysql_query($query);
851 $drow = mysql_fetch_assoc($dres);
852 $expired = $drow['expired'];
853
854 $query = "
855 select COUNT(*) as `revoked`
856 from `orgdomaincerts` as `orgcerts` inner join `org`
857 on `orgcerts`.`orgid` = `org`.`orgid`
858 where `org`.`memid` = '".intval($row['id'])."'
859 and `orgcerts`.`revoked` != '0000-00-00 00:00:00'
860 ";
861 $dres = mysql_query($query);
862 $drow = mysql_fetch_assoc($dres);
863 $revoked = $drow['revoked'];
864 ?>
865 <td class="DataTD"><?=intval($total)?></td>
866 <td class="DataTD"><?=intval($valid)?></td>
867 <td class="DataTD"><?=intval($expired)?></td>
868 <td class="DataTD"><?=intval($revoked)?></td>
869 <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
870 <?
871 } else { // $total > 0
872 ?>
873 <td colspan="5" class="DataTD"><?=_("None")?></td>
874 <?
875 }
876 ?>
877 </tr>
878 <!-- org client certificates -->
879 <tr>
880 <td class="DataTD"><?=_("Org Client")?>:</td>
881 <?
882 $query = "
883 select COUNT(*) as `total`,
884 MAX(`orgcerts`.`expire`) as `maxexpire`
885 from `orgemailcerts` as `orgcerts` inner join `org`
886 on `orgcerts`.`orgid` = `org`.`orgid`
887 where `org`.`memid` = '".intval($row['id'])."'
888 ";
889 $dres = mysql_query($query);
890 $drow = mysql_fetch_assoc($dres);
891 $total = $drow['total'];
892
893 $maxexpire = "0000-00-00 00:00:00";
894 if ($drow['maxexpire']) {
895 $maxexpire = $drow['maxexpire'];
896 }
897
898 if($total > 0) {
899 $query = "
900 select COUNT(*) as `valid`
901 from `orgemailcerts` as `orgcerts` inner join `org`
902 on `orgcerts`.`orgid` = `org`.`orgid`
903 where `org`.`memid` = '".intval($row['id'])."'
904 and `orgcerts`.`revoked` = '0000-00-00 00:00:00'
905 and `orgcerts`.`expire` > NOW()
906 ";
907 $dres = mysql_query($query);
908 $drow = mysql_fetch_assoc($dres);
909 $valid = $drow['valid'];
910
911 $query = "
912 select COUNT(*) as `expired`
913 from `orgemailcerts` as `orgcerts` inner join `org`
914 on `orgcerts`.`orgid` = `org`.`orgid`
915 where `org`.`memid` = '".intval($row['id'])."'
916 and `orgcerts`.`expire` <= NOW()
917 ";
918 $dres = mysql_query($query);
919 $drow = mysql_fetch_assoc($dres);
920 $expired = $drow['expired'];
921
922 $query = "
923 select COUNT(*) as `revoked`
924 from `orgemailcerts` as `orgcerts` inner join `org`
925 on `orgcerts`.`orgid` = `org`.`orgid`
926 where `org`.`memid` = '".intval($row['id'])."'
927 and `orgcerts`.`revoked` != '0000-00-00 00:00:00'
928 ";
929 $dres = mysql_query($query);
930 $drow = mysql_fetch_assoc($dres);
931 $revoked = $drow['revoked'];
932 ?>
933 <td class="DataTD"><?=intval($total)?></td>
934 <td class="DataTD"><?=intval($valid)?></td>
935 <td class="DataTD"><?=intval($expired)?></td>
936 <td class="DataTD"><?=intval($revoked)?></td>
937 <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
938 <?
939 } else { // $total > 0
940 ?>
941 <td colspan="5" class="DataTD"><?=_("None")?></td>
942 <?
943 }
944 ?>
945 </tr>
946 <tr>
947 <td colspan="6" class="title">
948 <form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to revoke all private certificates?")?>')) return false;">
949 <input type="hidden" name="action" value="revokecert">
950 <input type="hidden" name="oldid" value="43">
951 <input type="hidden" name="userid" value="<?=intval($userid)?>">
952 <input type="submit" value="<?=_('revoke certificates')?>">
953 </form>
954 </td>
955 </tr>
956 </table>
957 <br />
958 <? // list assurances ?>
959 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
960 <tr>
961 <td class="DataTD">
962 <a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredto"><?=_("Show Assurances the user got")?></a>
963 (<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredto15"><?=_("New calculation")?></a>)
964 </td>
965 </tr>
966 <tr>
967 <td class="DataTD">
968 <a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredby"><?=_("Show Assurances the user gave")?></a>
969 (<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredby15"><?=_("New calculation")?></a>)
970 </td>
971 </tr>
972 </table>
973 <?
974 // if(array_key_exists('assuredto',$_GET) && $_GET['assuredto'] == "yes") {
975
976 function showassuredto()
977 {
978 ?>
979 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
980 <tr>
981 <td colspan="8" class="title"><?=_("Assurance Points")?></td>
982 </tr>
983 <tr>
984 <td class="DataTD"><b><?=_("ID")?></b></td>
985 <td class="DataTD"><b><?=_("Date")?></b></td>
986 <td class="DataTD"><b><?=_("Who")?></b></td>
987 <td class="DataTD"><b><?=_("Email")?></b></td>
988 <td class="DataTD"><b><?=_("Points")?></b></td>
989 <td class="DataTD"><b><?=_("Location")?></b></td>
990 <td class="DataTD"><b><?=_("Method")?></b></td>
991 <td class="DataTD"><b><?=_("Revoke")?></b></td>
992 </tr>
993 <?
994 $query = "select * from `notary` where `to`='".intval($_GET['userid'])."' and `deleted` = 0";
995 $dres = mysql_query($query);
996 $points = 0;
997 while($drow = mysql_fetch_assoc($dres)) {
998 $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['from'])."'"));
999 $points += $drow['points'];
1000 ?>
1001 <tr>
1002 <td class="DataTD"><?=$drow['id']?></td>
1003 <td class="DataTD"><?=sanitizeHTML($drow['date'])?></td>
1004 <td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['fname'])." ".sanitizeHTML($fromuser['lname'])?></td>
1005 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td>
1006 <td class="DataTD"><?=intval($drow['points'])?></td>
1007 <td class="DataTD"><?=sanitizeHTML($drow['location'])?></td>
1008 <td class="DataTD"><?=sanitizeHTML($drow['method'])?></td>
1009 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>&amp;assurance=<?=intval($drow['id'])?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$drow['id'])?>');"><?=_("Revoke")?></a></td>
1010 </tr>
1011 <?
1012 }
1013 ?>
1014 <tr>
1015 <td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td>
1016 <td class="DataTD"><?=$points?></td>
1017 <td class="DataTD" colspan="3">&nbsp;</td>
1018 </tr>
1019 </table>
1020 <?
1021 }
1022
1023 function showassuredby()
1024 {
1025 ?>
1026 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
1027 <tr>
1028 <td colspan="8" class="title"><?=_("Assurance Points The User Issued")?></td>
1029 </tr>
1030 <tr>
1031 <td class="DataTD"><b><?=_("ID")?></b></td>
1032 <td class="DataTD"><b><?=_("Date")?></b></td>
1033 <td class="DataTD"><b><?=_("Who")?></b></td>
1034 <td class="DataTD"><b><?=_("Email")?></b></td>
1035 <td class="DataTD"><b><?=_("Points")?></b></td>
1036 <td class="DataTD"><b><?=_("Location")?></b></td>
1037 <td class="DataTD"><b><?=_("Method")?></b></td>
1038 <td class="DataTD"><b><?=_("Revoke")?></b></td>
1039 </tr>
1040 <?
1041 $query = "select * from `notary` where `from`='".intval($_GET['userid'])."' and `deleted` = 0";
1042 $dres = mysql_query($query);
1043 $points = 0;
1044 while($drow = mysql_fetch_assoc($dres)) {
1045 $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$drow['to']."'"));
1046 $points += $drow['points'];
1047 ?>
1048 <tr>
1049 <td class="DataTD"><?=$drow['id']?></td>
1050 <td class="DataTD"><?=$drow['date']?></td>
1051 <td class="DataTD"><a href="wot.php?id=9&userid=<?=$drow['to']?>"><?=$fromuser['fname']." ".$fromuser['lname']?></td>
1052 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td>
1053 <td class="DataTD"><?=$drow['points']?></td>
1054 <td class="DataTD"><?=$drow['location']?></td>
1055 <td class="DataTD"><?=$drow['method']?></td>
1056 <td class="DataTD"><a href="account.php?id=43&userid=<?=$drow['from']?>&assurance=<?=$drow['id']?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$drow['id'])?>');"><?=_("Revoke")?></a></td>
1057 </tr>
1058 <?
1059 }
1060 ?>
1061 <tr>
1062 <td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td>
1063 <td class="DataTD"><?=$points?></td>
1064 <td class="DataTD" colspan="3">&nbsp;</td>
1065 </tr>
1066 </table>
1067 <?} ?>
1068 <br/><br/>
1069 <?
1070 } }
1071
1072 if(isset($_GET['shownotary'])) {
1073 switch($_GET['shownotary']) {
1074 case 'assuredto':
1075 showassuredto();
1076 break;
1077 case 'assuredby':
1078 showassuredby();
1079 break;
1080 case 'assuredto15':
1081 output_received_assurances(intval($_GET['userid']),1);
1082 break;
1083 case 'assuredby15':
1084 output_given_assurances(intval($_GET['userid']),1);
1085 break;
1086 }
1087 }