First commit of tag changes. bug-1444
[cacert-devel.git] / pages / account / 43.php
1 <?php /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */
18
19 include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
20
21 $ticketno='';
22 $ticketvalidation=FALSE;
23
24 if (isset($_SESSION['ticketno'])) {
25 $ticketno = $_SESSION['ticketno'];
26 $ticketvalidation = valid_ticket_number($ticketno);
27 }
28 if (isset($_SESSION['ticketmsg'])) {
29 $ticketmsg = $_SESSION['ticketmsg'];
30 } else {
31 $ticketmsg = '';
32 }
33
34
35 // search for an account by email search, if more than one is found display list to choose
36 if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
37 {
38 $_REQUEST['userid'] = 0;
39
40 $emailsearch = $email = mysql_real_escape_string(stripslashes($_REQUEST['email']));
41
42 //Disabled to speed up the queries
43 //if(!strstr($email, "%"))
44 // $emailsearch = "%$email%";
45
46 // bug-975 ted+uli changes --- begin
47 if(preg_match("/^[0-9]+$/", $email)) {
48 // $email consists of digits only ==> search for IDs
49 // Be defensive here (outer join) if primary mail is not listed in email table
50 $query = "select `users`.`id` as `id`, `email`.`email` as `email`
51 from `users` left outer join `email` on (`users`.`id`=`email`.`memid`)
52 where (`email`.`id`='$email' or `users`.`id`='$email')
53 and `users`.`deleted`=0
54 group by `users`.`id` limit 100";
55 } else {
56 // $email contains non-digits ==> search for mail addresses
57 // Be defensive here (outer join) if primary mail is not listed in email table
58 $query = "select `users`.`id` as `id`, `email`.`email` as `email`
59 from `users` left outer join `email` on (`users`.`id`=`email`.`memid`)
60 where (`email`.`email` like '$emailsearch'
61 or `users`.`email` like '$emailsearch')
62 and `users`.`deleted`=0
63 group by `users`.`id` limit 100";
64 }
65 // bug-975 ted+uli changes --- end
66 $res = mysql_query($query);
67 if(mysql_num_rows($res) > 1) {
68 ?>
69 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
70 <tr>
71 <td colspan="5" class="title"><?php echo _("Select Specific Account Details")?></td>
72 </tr>
73 <tr>
74 <td class="DataTD"><?php echo _("User ID")?></td>
75 <td class="DataTD"><?php echo _("Email")?></td>
76 </tr>
77 <?php while($row = mysql_fetch_assoc($res))
78 {
79 ?>
80 <tr>
81 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?php echo intval($row['id'])?>"><?php echo intval($row['id'])?></a></td>
82 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?php echo intval($row['id'])?>"><?php echo sanitizeHTML($row['email'])?></a></td>
83 </tr>
84 <?php }
85
86 if(mysql_num_rows($res) >= 100) {
87 ?>
88 <tr>
89 <td class="DataTD" colspan="2"><?php echo _("Only the first 100 rows are displayed.")?></td>
90 </tr>
91 <?php } else {
92 ?>
93 <tr>
94 <td class="DataTD" colspan="2"><?php printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td>
95 </tr>
96 <?php }
97 ?>
98 </table><br><br>
99 <?php } elseif(mysql_num_rows($res) == 1) {
100 $row = mysql_fetch_assoc($res);
101 $_REQUEST['userid'] = $row['id'];
102 } else {
103 printf(_("No users found matching %s"), sanitizeHTML($email));
104 }
105 }
106
107 // display user information for given user id
108 if(intval($_REQUEST['userid']) > 0) {
109 $userid = intval($_REQUEST['userid']);
110 $res =get_user_data($userid);
111 if(mysql_num_rows($res) <= 0) {
112 echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!");
113 } else {
114 $row = mysql_fetch_assoc($res);
115 $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."' and `deleted` = 0";
116 $dres = mysql_query($query);
117 $drow = mysql_fetch_assoc($dres);
118 $alerts =get_alerts(intval($row['id']));
119
120 //display account data
121
122 //deletes an assurance
123 if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0 && $ticketvalidation == true)
124 {
125 if (!write_se_log($userid, $_SESSION['profile']['id'], 'SE assurance revoke', $ticketno)) {
126 $ticketmsg=_("Writing to the admin log failed. Can't continue.");
127 } else {
128 $assurance = intval($_REQUEST['assurance']);
129 $trow = 0;
130 $res = mysql_query("select `to` from `notary` where `id`='".intval($assurance)."' and `deleted` = 0");
131 if ($res) {
132 $trow = mysql_fetch_assoc($res);
133 if ($trow) {
134 mysql_query("update `notary` set `deleted`=NOW() where `id`='".intval($assurance)."'");
135 fix_assurer_flag($trow['to']);
136 }
137 }
138 }
139 } elseif(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0 && $ticketvalidation == FALSE) {
140 $ticketmsg=_('No assurance revoked. Ticket number is missing!');
141 }
142
143 //Ticket number
144 ?>
145
146 <form method="post" action="account.php?id=43&userid=<?php echo intval($_REQUEST['userid'])?>">
147 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
148 <tr>
149 <td colspan="2" class="title"><?php echo _('Ticket handling') ?></td>
150 </tr>
151 <tr>
152 <td class="DataTD"><?php echo _('Ticket no')?>:</td>
153 <td class="DataTD"><input type="text" name="ticketno" value="<?php echo sanitizeHTML($ticketno)?>"/></td>
154 </tr>
155 <tr>
156 <td colspan="2" class="DataTDError"><?php echo $ticketmsg?></td><?php $_SESSION['ticketmsg']='' ?>
157 </tr>
158 <tr>
159 <td colspan="2" ><input type="submit" value="<?php echo _('Set ticket number') ?>"></td>
160 </tr>
161 </table>
162 </form>
163 <br/>
164
165
166 <!-- display data table -->
167 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
168 <tr>
169 <td colspan="5" class="title"><?php printf(_("%s's Account Details"), sanitizeHTML($row['email'])); ?></td>
170 </tr>
171 <tr>
172 <td class="DataTD"><?php echo _("Email")?>:</td>
173 <td class="DataTD"><?php echo sanitizeHTML($row['email'])?></td>
174 </tr>
175 <tr>
176 <td class="DataTD"><?php echo _("First Name")?>:</td>
177 <td class="DataTD"><form method="post" action="account.php" onSubmit="if(!confirm('<?php echo _("Are you sure you want to modify this DOB and/or last name?")?>')) return false;">
178 <input type="hidden" name="csrf" value="<?php echo make_csrf('admchangepers')?>" />
179 <input type="text" name="fname" value="<?php echo sanitizeHTML($row['fname'])?>">
180 </td>
181 </tr>
182 <tr>
183 <td class="DataTD"><?php echo _("Middle Name")?>:</td>
184 <td class="DataTD"><input type="text" name="mname" value="<?php echo sanitizeHTML($row['mname'])?>"></td>
185 </tr>
186 <tr>
187 <td class="DataTD"><?php echo _("Last Name")?>:</td>
188 <td class="DataTD"> <input type="hidden" name="oldid" value="43">
189 <input type="hidden" name="action" value="updatedob">
190 <input type="hidden" name="userid" value="<?php echo intval($userid)?>">
191 <input type="text" name="lname" value="<?php echo sanitizeHTML($row['lname'])?>">
192 </td>
193 </tr>
194 <tr>
195 <td class="DataTD"><?php echo _("Suffix")?>:</td>
196 <td class="DataTD"><input type="text" name="suffix" value="<?php echo sanitizeHTML($row['suffix'])?>"></td>
197 </tr>
198 <tr>
199 <td class="DataTD"><?php echo _("Date of Birth")?>:</td>
200 <td class="DataTD">
201 <?php $year = intval(substr($row['dob'], 0, 4));
202 $month = intval(substr($row['dob'], 5, 2));
203 $day = intval(substr($row['dob'], 8, 2));
204 ?>
205 <nobr>
206 <select name="day">
207 <?php for($i = 1; $i <= 31; $i++) {
208 echo "<option";
209 if($day == $i) {
210 echo " selected='selected'";
211 }
212 echo ">$i</option>";
213 }
214 ?>
215 </select>
216 <select name="month">
217 <?php for($i = 1; $i <= 12; $i++) {
218 echo "<option value='$i'";
219 if($month == $i)
220 echo " selected='selected'";
221 echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))."</option>";
222 }
223 ?>
224 </select>
225 <input type="text" name="year" value="<?php echo $year?>" size="4">
226 <input type="submit" value="Go">
227 <input type="hidden" name="ticketno" value="<?php echo sanitizeHTML($ticketno)?>"/>
228 </form>
229 </nobr>
230 </td>
231 </tr>
232
233 <?php // list of flags ?>
234 <tr>
235 <td class="DataTD"><?php echo _("CCA accepted")?>:</td>
236 <td class="DataTD"><a href="account.php?id=57&amp;userid=<?php echo intval($row['id'])?>"><?php echo intval(get_user_agreement_status($row['id'], 'CCA')) ? _("Yes") : _("No") ?></a></td>
237 </tr>
238 <tr>
239 <td class="DataTD"><?php echo _("Trainings")?>:</td>
240 <td class="DataTD"><a href="account.php?id=55&amp;userid=<?php echo intval($row['id'])?>">show</a></td>
241 </tr>
242 <tr>
243 <td class="DataTD"><?php echo _("Is Assurer")?>:</td>
244 <td class="DataTD"><a href="account.php?id=43&amp;assurer=<?php echo intval($row['id'])?>&amp;csrf=<?php echo make_csrf('admsetassuret')?>&amp;ticketno=<?php echo sanitizeHTML($ticketno)?>"><?php echo intval($row['assurer'])?></a></td>
245 </tr>
246 <tr>
247 <td class="DataTD"><?php echo _("Blocked Assurer")?>:</td>
248 <td class="DataTD"><a href="account.php?id=43&amp;assurer_blocked=<?php echo intval($row['id'])?>&amp;ticketno=<?php echo sanitizeHTML($ticketno)?>"><?php echo intval($row['assurer_blocked'])?></a></td>
249 </tr>
250 <tr>
251 <td class="DataTD"><?php echo _("Account Locking")?>:</td>
252 <td class="DataTD"><a href="account.php?id=43&amp;locked=<?php echo intval($row['id'])?>&amp;csrf=<?php echo make_csrf('admactlock')?>&amp;ticketno=<?php echo sanitizeHTML($ticketno)?>"><?php echo intval($row['locked'])?></a></td>
253 </tr>
254 <tr>
255 <td class="DataTD"><?php echo _("Code Signing")?>:</td>
256 <td class="DataTD"><a href="account.php?id=43&amp;codesign=<?php echo intval($row['id'])?>&amp;csrf=<?php echo make_csrf('admcodesign')?>&amp;ticketno=<?php echo sanitizeHTML($ticketno)?>"><?php echo intval($row['codesign'])?></a></td>
257 </tr>
258 <tr>
259 <td class="DataTD"><?php echo _("Org Assurer")?>:</td>
260 <td class="DataTD"><a href="account.php?id=43&amp;orgadmin=<?php echo intval($row['id'])?>&amp;csrf=<?php echo make_csrf('admorgadmin')?>&amp;ticketno=<?php echo sanitizeHTML($ticketno)?>"><?php echo intval($row['orgadmin'])?></a></td>
261 </tr>
262 <tr>
263 <td class="DataTD"><?php echo _("TTP Admin")?>:</td>
264 <td class="DataTD"><a href="account.php?id=43&amp;ttpadmin=<?php echo intval($row['id'])?>&amp;csrf=<?php echo make_csrf('admttpadmin')?>&amp;ticketno=<?php echo sanitizeHTML($ticketno)?>"><?php echo intval($row['ttpadmin'])?></a></td>
265 </tr>
266 <tr>
267 <td class="DataTD"><?php echo _("Location Admin")?>:</td>
268 <td class="DataTD"><a href="account.php?id=43&amp;locadmin=<?php echo intval($row['id'])?>&amp;ticketno=<?php echo sanitizeHTML($ticketno)?>"><?php echo $row['locadmin']?></a></td>
269 </tr>
270 <tr>
271 <td class="DataTD"><?php echo _("Admin")?>:</td>
272 <td class="DataTD"><a href="account.php?id=43&amp;admin=<?php echo intval($row['id'])?>&amp;csrf=<?php echo make_csrf('admsetadmin')?>&amp;ticketno=<?php echo sanitizeHTML($ticketno)?>"><?php echo intval($row['admin'])?></a></td>
273 </tr>
274 <tr>
275 <td class="DataTD"><?php echo _("Ad Admin")?>:</td>
276 <td class="DataTD"><a href="account.php?id=43&amp;adadmin=<?php echo intval($row['id'])?>&amp;ticketno=<?php echo sanitizeHTML($ticketno)?>"><?php echo intval($row['adadmin'])?></a> (0 = none, 1 = submit, 2 = approve)</td>
277 </tr>
278 <!-- presently not needed
279 <tr>
280 <td class="DataTD"><?php echo _("Tverify Account")?>:</td>
281 <td class="DataTD"><a href="account.php?id=43&amp;tverify=<?php echo intval($row['id'])?>&amp;ticketno=<?php echo sanitizeHTML($ticketno)?>"><?php echo intval($row['tverify'])?></a></td>
282 </tr>
283 -->
284 <tr>
285 <td class="DataTD"><?php echo _("General Announcements")?>:</td>
286 <td class="DataTD"><a href="account.php?id=43&amp;general=<?php echo intval($row['id'])?>&amp;ticketno=<?php echo sanitizeHTML($ticketno)?>"><?php echo intval($alerts['general'])?></a></td>
287 </tr>
288 <tr>
289 <td class="DataTD"><?php echo _("Country Announcements")?>:</td>
290 <td class="DataTD"><a href="account.php?id=43&amp;country=<?php echo intval($row['id'])?>&amp;ticketno=<?php echo sanitizeHTML($ticketno)?>"><?php echo intval($alerts['country'])?></a></td>
291 </tr>
292 <tr>
293 <td class="DataTD"><?php echo _("Regional Announcements")?>:</td>
294 <td class="DataTD"><a href="account.php?id=43&amp;regional=<?php echo intval($row['id'])?>&amp;ticketno=<?php echo sanitizeHTML($ticketno)?>"><?php echo intval($alerts['regional'])?></a></td>
295 </tr>
296 <tr>
297 <td class="DataTD"><?php echo _("Within 200km Announcements")?>:</td>
298 <td class="DataTD"><a href="account.php?id=43&amp;radius=<?php echo intval($row['id'])?>&amp;ticketno=<?php echo sanitizeHTML($ticketno)?>"><?php echo intval($alerts['radius'])?></a></td>
299 </tr>
300 <?php //change password, view secret questions and delete account section ?>
301 <tr>
302 <td class="DataTD"><?php echo _("Change Password")?>:</td>
303 <td class="DataTD"><a href="account.php?id=44&amp;userid=<?php echo intval($row['id'])?>&amp;ticketno=<?php echo sanitizeHTML($ticketno)?>"><?php echo _("Change Password")?></a></td>
304 </tr>
305 <tr>
306 <td class="DataTD"><?php echo _("Delete Account")?>:</td>
307 <td class="DataTD"><a href="account.php?id=50&amp;userid=<?php echo intval($row['id'])?>&amp;csrf=<?php echo make_csrf('admdelaccount')?>&amp;ticketno=<?php echo sanitizeHTML($ticketno)?>"><?php echo _("Delete Account")?></a></td>
308 </tr>
309 <?php // This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!!
310 if(array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==true) {
311 if (!write_se_log($userid, $_SESSION['profile']['id'], 'SE view lost password information', $ticketno)) {
312 ?>
313 <tr>
314 <td class="DataTD" colspan="2"><?php echo _("Writing to the admin log failed. Can't continue.")?></td>
315 </tr>
316 <tr>
317 <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?php echo intval($row['id'])?>&amp;showlostpw=yes&amp;ticketno=<?php echo sanitizeHTML($ticketno)?>"><?php echo _("Show Lost Password Details")?></a></td>
318 </tr>
319 <?php } else {
320 ?>
321 <tr>
322 <td class="DataTD"><?php echo _("Lost Password")?> - Q1:</td>
323 <td class="DataTD"><?php echo sanitizeHTML($row['Q1'])?></td>
324 </tr>
325 <tr>
326 <td class="DataTD"><?php echo _("Lost Password")?> - A1:</td>
327 <td class="DataTD"><?php echo sanitizeHTML($row['A1'])?></td>
328 </tr>
329 <tr>
330 <td class="DataTD"><?php echo _("Lost Password")?> - Q2:</td>
331 <td class="DataTD"><?php echo sanitizeHTML($row['Q2'])?></td>
332 </tr>
333 <tr>
334 <td class="DataTD"><?php echo _("Lost Password")?> - A2:</td>
335 <td class="DataTD"><?php echo sanitizeHTML($row['A2'])?></td>
336 </tr>
337 <tr>
338 <td class="DataTD"><?php echo _("Lost Password")?> - Q3:</td>
339 <td class="DataTD"><?php echo sanitizeHTML($row['Q3'])?></td>
340 </tr>
341 <tr>
342 <td class="DataTD"><?php echo _("Lost Password")?> - A3:</td>
343 <td class="DataTD"><?php echo sanitizeHTML($row['A3'])?></td>
344 </tr>
345 <tr>
346 <td class="DataTD"><?php echo _("Lost Password")?> - Q4:</td>
347 <td class="DataTD"><?php echo sanitizeHTML($row['Q4'])?></td>
348 </tr>
349 <tr>
350 <td class="DataTD"><?php echo _("Lost Password")?> - A4:</td>
351 <td class="DataTD"><?php echo sanitizeHTML($row['A4'])?></td>
352 </tr>
353 <tr>
354 <td class="DataTD"><?php echo _("Lost Password")?> - Q5:</td>
355 <td class="DataTD"><?php echo sanitizeHTML($row['Q5'])?></td>
356 </tr>
357 <tr>
358 <td class="DataTD"><?php echo _("Lost Password")?> - A5:</td>
359 <td class="DataTD"><?php echo sanitizeHTML($row['A5'])?></td>
360 </tr>
361 <?php }
362 } elseif (array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==false) {
363 ?>
364 <tr>
365 <td class="DataTD" colspan="2"><?php echo _('No access granted. Ticket number is missing')?></td>
366 </tr>
367 <tr>
368 <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?php echo intval($row['id'])?>&amp;showlostpw=yes&amp;ticketno=<?php echo sanitizeHTML($ticketno)?>"><?php echo _("Show Lost Password Details")?></a></td>
369 </tr>
370 <?php } else {
371 ?>
372 <tr>
373 <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?php echo intval($row['id'])?>&amp;showlostpw=yes&amp;ticketno=<?php echo sanitizeHTML($ticketno)?>"><?php echo _("Show Lost Password Details")?></a></td>
374 </tr>
375 <?php }
376
377 // list assurance points
378 ?>
379 <tr>
380 <td class="DataTD"><?php echo _("Assurance Points")?>:</td>
381 <td class="DataTD"><?php echo intval($drow['points'])?></td>
382 </tr>
383 <?php // show account history
384 ?>
385 <tr>
386 <td class="DataTD" colspan="2"><a href="account.php?id=59&amp;oldid=43&amp;userid=<?php echo intval($row['id'])?>&amp;ticketno=<?php echo sanitizeHTML($ticketno)?>"><?php echo _('Show account history')?></a></td>
387 </tr>
388 </table>
389 <br/>
390 <?php //list secondary email addresses
391 $dres = get_email_addresses(intval($row['id']),$row['email']);
392 if(mysql_num_rows($dres) > 0) {
393 ?>
394 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
395 <tr>
396 <td colspan="5" class="title"><?php echo _("Alternate Verified Email Addresses")?></td>
397 </tr>
398 <?php while($drow = mysql_fetch_assoc($dres)) {
399 ?>
400 <tr>
401 <td class="DataTD"><?php echo _("Secondary Emails")?>:</td>
402 <td class="DataTD"><?php echo sanitizeHTML($drow['email'])?></td>
403 </tr>
404 <?php }
405 ?>
406 </table>
407 <br/>
408 <?php }
409
410 // list of domains
411 $dres=get_domains(intval($row['id']));
412 if(mysql_num_rows($dres) > 0) {
413 ?>
414 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
415 <tr>
416 <td colspan="5" class="title"><?php echo _("Verified Domains")?></td>
417 </tr>
418 <?php while($drow = mysql_fetch_assoc($dres)) {
419 ?>
420 <tr>
421 <td class="DataTD"><?php echo _("Domain")?>:</td>
422 <td class="DataTD"><?php echo sanitizeHTML($drow['domain'])?></td>
423 </tr>
424 <?php }
425 ?>
426 </table>
427 <br/>
428 <?php }
429 ?>
430 <?php // Begin - Debug infos ?>
431 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
432 <tr>
433 <td colspan="2" class="title"><?php echo _("Account State")?></td>
434 </tr>
435
436 <?php // --- bug-975 begin ---
437 // potential db inconsistency like in a20110804.1
438 // Admin console -> don't list user account
439 // User login -> impossible
440 // Assurer, assure someone -> user displayed
441 /* regular user account search with regular settings
442
443 --- Admin Console find user query
444 $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email`
445 where `users`.`id`=`email`.`memid` and
446 (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and
447 `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0
448 group by `users`.`id` limit 100";
449 => requirements
450 1. email.hash = ''
451 2. email.deleted = 0
452 3. users.deleted = 0
453 4. email.email = primary-email (???) or'd
454 not covered by admin console find user routine, but may block users login
455 5. users.verified = 0|1
456 further "special settings"
457 6. users.locked (setting displayed in display form)
458 7. users.assurer_blocked (setting displayed in display form)
459
460 --- User login user query
461 select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
462 `password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0
463 => requirements
464 1. users.verified = 1
465 2. users.deleted = 0
466 3. users.locked = 0
467 4. users.email = primary-email
468
469 --- Assurer, assure someone find user query
470 select * from `users` where `email`='".mysql_real_escape_string(stripslashes($_POST['email']))."'
471 and `deleted`=0
472 => requirements
473 1. users.deleted = 0
474 2. users.email = primary-email
475
476 Admin User Assurer
477 bit Console Login assure someone
478
479 1. email.hash = '' Yes No No
480 2. email.deleted = 0 Yes No No
481 3. users.deleted = 0 Yes Yes Yes
482 4. users.verified = 1 No Yes No
483 5. users.locked = 0 No Yes No
484 6. users.email = prim-email No Yes Yes
485 7. email.email = prim-email Yes No No
486
487 full usable account needs all 7 requirements fulfilled
488 so if one setting isn't set/cleared there is an inconsistency either way
489 if eg email.email is not avail, admin console cannot open user info
490 but user can login and assurer can display user info
491 if user verified is not set to 1, admin console displays user record
492 but user cannot login, but assurer can search for the user and the data displays
493
494 consistency check:
495 1. search primary-email in users.email
496 2. search primary-email in email.email
497 3. userid = email.memid
498 4. check settings from table 1. - 5.
499
500 */
501
502 $inconsistency = 0;
503 $inconsistencydisp = "";
504 $inccause = "";
505
506 // current userid intval($row['id'])
507 $query = "select `email` as `uemail`, `deleted` as `udeleted`, `verified`, `locked`
508 from `users` where `id`='".intval($row['id'])."' ";
509 $dres = mysql_query($query);
510 $drow = mysql_fetch_assoc($dres);
511 $uemail = $drow['uemail'];
512 $udeleted = $drow['udeleted'];
513 $uverified = $drow['verified'];
514 $ulocked = $drow['locked'];
515
516 $query = "select `hash`, `email` as `eemail` from `email`
517 where `memid`='".intval($row['id'])."' and
518 `email` ='".$uemail."' and
519 `deleted` = 0";
520 $dres = mysql_query($query);
521 if ($drow = mysql_fetch_assoc($dres)) {
522 $drow['edeleted'] = 0;
523 } else {
524 // try if there are deleted entries
525 $query = "select `hash`, `deleted` as `edeleted`, `email` as `eemail` from `email`
526 where `memid`='".intval($row['id'])."' and
527 `email` ='".$uemail."'";
528 $dres = mysql_query($query);
529 $drow = mysql_fetch_assoc($dres);
530 }
531
532 if ($drow) {
533 $eemail = $drow['eemail'];
534 $edeleted = $drow['edeleted'];
535 $ehash = $drow['hash'];
536 if ($udeleted!=0) {
537 $inconsistency += 1;
538 $inccause .= (empty($inccause)?"":"<br>")._("Users record set to deleted");
539 }
540 if ($uverified!=1) {
541 $inconsistency += 2;
542 $inccause .= (empty($inccause)?"":"<br>")._("Users record verified not set");
543 }
544 if ($ulocked!=0) {
545 $inconsistency += 4;
546 $inccause .= (empty($inccause)?"":"<br>")._("Users record locked set");
547 }
548 if ($edeleted!=0) {
549 $inconsistency += 8;
550 $inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted");
551 }
552 if ($ehash!='') {
553 $inconsistency += 16;
554 $inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset");
555 }
556 } else {
557 $inconsistency = 32;
558 $inccause = _("Prim. email, Email record doesn't exist");
559 }
560 if ($inconsistency>0) {
561 // $inconsistencydisp = _("Yes");
562 ?>
563 <tr>
564 <td class="DataTD"><?php echo _("Account inconsistency")?>:</td>
565 <td class="DataTD"><?php echo $inccause?><br>code: <?php echo intval($inconsistency)?></td>
566 </tr>
567 <tr>
568 <td colspan="2" class="DataTD" style="max-width: 75ex;">
569 <?php echo _("Account inconsistency can cause problems in daily account operations and needs to be fixed manually through arbitration/critical team.")?>
570 </td>
571 </tr>
572 <?php }
573
574 // --- bug-975 end ---
575 ?>
576 </table>
577 <br />
578 <?php // End - Debug infos
579
580 // certificate overview
581 ?>
582
583 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
584 <tr>
585 <td colspan="6" class="title"><?php echo _("Certificates")?></td>
586 </tr>
587 <tr>
588 <td class="DataTD"><?php echo _("Cert Type")?>:</td>
589 <td class="DataTD"><?php echo _("Total")?></td>
590 <td class="DataTD"><?php echo _("Valid")?></td>
591 <td class="DataTD"><?php echo _("Expired")?></td>
592 <td class="DataTD"><?php echo _("Revoked")?></td>
593 <td class="DataTD"><?php echo _("Latest Expire")?></td>
594 </tr>
595 <!-- server certificates -->
596 <tr>
597 <td class="DataTD"><?php echo _("Server")?>:</td>
598 <?php $query = "
599 select COUNT(*) as `total`,
600 MAX(`domaincerts`.`expire`) as `maxexpire`
601 from `domains` inner join `domaincerts`
602 on `domains`.`id` = `domaincerts`.`domid`
603 where `domains`.`memid` = '".intval($row['id'])."'
604 ";
605 $dres = mysql_query($query);
606 $drow = mysql_fetch_assoc($dres);
607 $total = $drow['total'];
608
609 $maxexpire = "0000-00-00 00:00:00";
610 if ($drow['maxexpire']) {
611 $maxexpire = $drow['maxexpire'];
612 }
613
614 if($total > 0) {
615 $query = "
616 select COUNT(*) as `valid`
617 from `domains` inner join `domaincerts`
618 on `domains`.`id` = `domaincerts`.`domid`
619 where `domains`.`memid` = '".intval($row['id'])."'
620 and `revoked` = '0000-00-00 00:00:00'
621 and `expire` > NOW()
622 ";
623 $dres = mysql_query($query);
624 $drow = mysql_fetch_assoc($dres);
625 $valid = $drow['valid'];
626
627 $query = "
628 select COUNT(*) as `expired`
629 from `domains` inner join `domaincerts`
630 on `domains`.`id` = `domaincerts`.`domid`
631 where `domains`.`memid` = '".intval($row['id'])."'
632 and `expire` <= NOW()
633 ";
634 $dres = mysql_query($query);
635 $drow = mysql_fetch_assoc($dres);
636 $expired = $drow['expired'];
637
638 $query = "
639 select COUNT(*) as `revoked`
640 from `domains` inner join `domaincerts`
641 on `domains`.`id` = `domaincerts`.`domid`
642 where `domains`.`memid` = '".intval($row['id'])."'
643 and `revoked` != '0000-00-00 00:00:00'
644 ";
645 $dres = mysql_query($query);
646 $drow = mysql_fetch_assoc($dres);
647 $revoked = $drow['revoked'];
648 ?>
649 <td class="DataTD"><?php echo intval($total)?></td>
650 <td class="DataTD"><?php echo intval($valid)?></td>
651 <td class="DataTD"><?php echo intval($expired)?></td>
652 <td class="DataTD"><?php echo intval($revoked)?></td>
653 <td class="DataTD"><?php echo ($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
654 <?php } else { // $total > 0
655 ?>
656 <td colspan="5" class="DataTD"><?php echo _("None")?></td>
657 <?php }
658 ?>
659 </tr>
660 <!-- client certificates -->
661 <tr>
662 <td class="DataTD"><?php echo _("Client")?>:</td>
663 <?php $query = "
664 select COUNT(*) as `total`, MAX(`expire`) as `maxexpire`
665 from `emailcerts`
666 where `memid` = '".intval($row['id'])."'
667 ";
668 $dres = mysql_query($query);
669 $drow = mysql_fetch_assoc($dres);
670 $total = $drow['total'];
671
672 $maxexpire = "0000-00-00 00:00:00";
673 if ($drow['maxexpire']) {
674 $maxexpire = $drow['maxexpire'];
675 }
676
677 if($total > 0) {
678 $query = "
679 select COUNT(*) as `valid`
680 from `emailcerts`
681 where `memid` = '".intval($row['id'])."'
682 and `revoked` = '0000-00-00 00:00:00'
683 and `expire` > NOW()
684 ";
685 $dres = mysql_query($query);
686 $drow = mysql_fetch_assoc($dres);
687 $valid = $drow['valid'];
688
689 $query = "
690 select COUNT(*) as `expired`
691 from `emailcerts`
692 where `memid` = '".intval($row['id'])."'
693 and `expire` <= NOW()
694 ";
695 $dres = mysql_query($query);
696 $drow = mysql_fetch_assoc($dres);
697 $expired = $drow['expired'];
698
699 $query = "
700 select COUNT(*) as `revoked`
701 from `emailcerts`
702 where `memid` = '".intval($row['id'])."'
703 and `revoked` != '0000-00-00 00:00:00'
704 ";
705 $dres = mysql_query($query);
706 $drow = mysql_fetch_assoc($dres);
707 $revoked = $drow['revoked'];
708 ?>
709 <td class="DataTD"><?php echo intval($total)?></td>
710 <td class="DataTD"><?php echo intval($valid)?></td>
711 <td class="DataTD"><?php echo intval($expired)?></td>
712 <td class="DataTD"><?php echo intval($revoked)?></td>
713 <td class="DataTD"><?php echo ($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
714 <?php } else { // $total > 0
715 ?>
716 <td colspan="5" class="DataTD"><?php echo _("None")?></td>
717 <?php }
718 ?>
719 </tr>
720 <!-- gpg certificates -->
721 <tr>
722 <td class="DataTD"><?php echo _("GPG")?>:</td>
723 <?php $query = "
724 select COUNT(*) as `total`, MAX(`expire`) as `maxexpire`
725 from `gpg`
726 where `memid` = '".intval($row['id'])."'
727 ";
728 $dres = mysql_query($query);
729 $drow = mysql_fetch_assoc($dres);
730 $total = $drow['total'];
731
732 $maxexpire = "0000-00-00 00:00:00";
733 if ($drow['maxexpire']) {
734 $maxexpire = $drow['maxexpire'];
735 }
736
737 if($total > 0) {
738 $query = "
739 select COUNT(*) as `valid`
740 from `gpg`
741 where `memid` = '".intval($row['id'])."'
742 and `expire` > NOW()
743 ";
744 $dres = mysql_query($query);
745 $drow = mysql_fetch_assoc($dres);
746 $valid = $drow['valid'];
747
748 $query = "
749 select COUNT(*) as `expired`
750 from `gpg`
751 where `memid` = '".intval($row['id'])."'
752 and `expire` <= NOW()
753 ";
754 $dres = mysql_query($query);
755 $drow = mysql_fetch_assoc($dres);
756 $expired = $drow['expired'];
757 ?>
758 <td class="DataTD"><?php echo intval($total)?></td>
759 <td class="DataTD"><?php echo intval($valid)?></td>
760 <td class="DataTD"><?php echo intval($expired)?></td>
761 <td class="DataTD"></td>
762 <td class="DataTD"><?php echo ($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
763 <?php } else { // $total > 0
764 ?>
765 <td colspan="5" class="DataTD"><?php echo _("None")?></td>
766 <?php }
767 ?>
768 </tr>
769 <!-- org server certificates -->
770 <tr>
771 <td class="DataTD"><a href="account.php?id=58&amp;userid=<?php echo intval($row['id'])?>"><?php echo _("Org Server")?></a>:</td>
772 <?php $query = "
773 select COUNT(*) as `total`,
774 MAX(`orgcerts`.`expire`) as `maxexpire`
775 from `orgdomaincerts` as `orgcerts` inner join `org`
776 on `orgcerts`.`orgid` = `org`.`orgid`
777 where `org`.`memid` = '".intval($row['id'])."'
778 ";
779 $dres = mysql_query($query);
780 $drow = mysql_fetch_assoc($dres);
781 $total = $drow['total'];
782
783 $maxexpire = "0000-00-00 00:00:00";
784 if ($drow['maxexpire']) {
785 $maxexpire = $drow['maxexpire'];
786 }
787
788 if($total > 0) {
789 $query = "
790 select COUNT(*) as `valid`
791 from `orgdomaincerts` as `orgcerts` inner join `org`
792 on `orgcerts`.`orgid` = `org`.`orgid`
793 where `org`.`memid` = '".intval($row['id'])."'
794 and `orgcerts`.`revoked` = '0000-00-00 00:00:00'
795 and `orgcerts`.`expire` > NOW()
796 ";
797 $dres = mysql_query($query);
798 $drow = mysql_fetch_assoc($dres);
799 $valid = $drow['valid'];
800
801 $query = "
802 select COUNT(*) as `expired`
803 from `orgdomaincerts` as `orgcerts` inner join `org`
804 on `orgcerts`.`orgid` = `org`.`orgid`
805 where `org`.`memid` = '".intval($row['id'])."'
806 and `orgcerts`.`expire` <= NOW()
807 ";
808 $dres = mysql_query($query);
809 $drow = mysql_fetch_assoc($dres);
810 $expired = $drow['expired'];
811
812 $query = "
813 select COUNT(*) as `revoked`
814 from `orgdomaincerts` as `orgcerts` inner join `org`
815 on `orgcerts`.`orgid` = `org`.`orgid`
816 where `org`.`memid` = '".intval($row['id'])."'
817 and `orgcerts`.`revoked` != '0000-00-00 00:00:00'
818 ";
819 $dres = mysql_query($query);
820 $drow = mysql_fetch_assoc($dres);
821 $revoked = $drow['revoked'];
822 ?>
823 <td class="DataTD"><?php echo intval($total)?></td>
824 <td class="DataTD"><?php echo intval($valid)?></td>
825 <td class="DataTD"><?php echo intval($expired)?></td>
826 <td class="DataTD"><?php echo intval($revoked)?></td>
827 <td class="DataTD"><?php echo ($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
828 <?php } else { // $total > 0
829 ?>
830 <td colspan="5" class="DataTD"><?php echo _("None")?></td>
831 <?php }
832 ?>
833 </tr>
834 <!-- org client certificates -->
835 <tr>
836 <td class="DataTD"><?php echo _("Org Client")?>:</td>
837 <?php $query = "
838 select COUNT(*) as `total`,
839 MAX(`orgcerts`.`expire`) as `maxexpire`
840 from `orgemailcerts` as `orgcerts` inner join `org`
841 on `orgcerts`.`orgid` = `org`.`orgid`
842 where `org`.`memid` = '".intval($row['id'])."'
843 ";
844 $dres = mysql_query($query);
845 $drow = mysql_fetch_assoc($dres);
846 $total = $drow['total'];
847
848 $maxexpire = "0000-00-00 00:00:00";
849 if ($drow['maxexpire']) {
850 $maxexpire = $drow['maxexpire'];
851 }
852
853 if($total > 0) {
854 $query = "
855 select COUNT(*) as `valid`
856 from `orgemailcerts` as `orgcerts` inner join `org`
857 on `orgcerts`.`orgid` = `org`.`orgid`
858 where `org`.`memid` = '".intval($row['id'])."'
859 and `orgcerts`.`revoked` = '0000-00-00 00:00:00'
860 and `orgcerts`.`expire` > NOW()
861 ";
862 $dres = mysql_query($query);
863 $drow = mysql_fetch_assoc($dres);
864 $valid = $drow['valid'];
865
866 $query = "
867 select COUNT(*) as `expired`
868 from `orgemailcerts` as `orgcerts` inner join `org`
869 on `orgcerts`.`orgid` = `org`.`orgid`
870 where `org`.`memid` = '".intval($row['id'])."'
871 and `orgcerts`.`expire` <= NOW()
872 ";
873 $dres = mysql_query($query);
874 $drow = mysql_fetch_assoc($dres);
875 $expired = $drow['expired'];
876
877 $query = "
878 select COUNT(*) as `revoked`
879 from `orgemailcerts` as `orgcerts` inner join `org`
880 on `orgcerts`.`orgid` = `org`.`orgid`
881 where `org`.`memid` = '".intval($row['id'])."'
882 and `orgcerts`.`revoked` != '0000-00-00 00:00:00'
883 ";
884 $dres = mysql_query($query);
885 $drow = mysql_fetch_assoc($dres);
886 $revoked = $drow['revoked'];
887 ?>
888 <td class="DataTD"><?php echo intval($total)?></td>
889 <td class="DataTD"><?php echo intval($valid)?></td>
890 <td class="DataTD"><?php echo intval($expired)?></td>
891 <td class="DataTD"><?php echo intval($revoked)?></td>
892 <td class="DataTD"><?php echo ($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
893 <?php } else { // $total > 0
894 ?>
895 <td colspan="5" class="DataTD"><?php echo _("None")?></td>
896 <?php }
897 ?>
898 </tr>
899 <tr>
900 <td colspan="6" class="title">
901 <form method="post" action="account.php" onSubmit="if(!confirm('<?php echo _("Are you sure you want to revoke all private certificates?")?>')) return false;">
902 <input type="hidden" name="action" value="revokecert">
903 <input type="hidden" name="oldid" value="43">
904 <input type="hidden" name="userid" value="<?php echo intval($userid)?>">
905 <input type="submit" value="<?php echo _('revoke certificates')?>">
906 <input type="hidden" name="ticketno" value="<?php echo sanitizeHTML($ticketno)?>"/>
907 </form>
908 </td>
909 </tr>
910 </table>
911 <br />
912 <?php // list assurances ?>
913 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
914 <tr>
915 <td class="DataTD">
916 <a href="account.php?id=43&amp;userid=<?php echo intval($row['id'])?>&amp;shownotary=assuredto&amp;ticketno=<?php echo sanitizeHTML($ticketno)?>"><?php echo _("Show Assurances the user got")?></a>
917 (<a href="account.php?id=43&amp;userid=<?php echo intval($row['id'])?>&amp;shownotary=assuredto15&amp;ticketno=<?php echo sanitizeHTML($ticketno)?>"><?php echo _("New calculation")?></a>)
918 </td>
919 </tr>
920 <tr>
921 <td class="DataTD">
922 <a href="account.php?id=43&amp;userid=<?php echo intval($row['id'])?>&amp;shownotary=assuredby&amp;ticketno=<?php echo sanitizeHTML($ticketno)?>"><?php echo _("Show Assurances the user gave")?></a>
923 (<a href="account.php?id=43&amp;userid=<?php echo intval($row['id'])?>&amp;shownotary=assuredby15&amp;ticketno=<?php echo sanitizeHTML($ticketno)?>"><?php echo _("New calculation")?></a>)
924 </td>
925 </tr>
926 </table>
927 <?php // if(array_key_exists('assuredto',$_GET) && $_GET['assuredto'] == "yes") {
928
929
930 function showassuredto($ticketno)
931 {
932 ?>
933 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
934 <tr>
935 <td colspan="8" class="title"><?php echo _("Assurance Points")?></td>
936 </tr>
937 <tr>
938 <td class="DataTD"><b><?php echo _("ID")?></b></td>
939 <td class="DataTD"><b><?php echo _("Date")?></b></td>
940 <td class="DataTD"><b><?php echo _("Who")?></b></td>
941 <td class="DataTD"><b><?php echo _("Email")?></b></td>
942 <td class="DataTD"><b><?php echo _("Points")?></b></td>
943 <td class="DataTD"><b><?php echo _("Location")?></b></td>
944 <td class="DataTD"><b><?php echo _("Method")?></b></td>
945 <td class="DataTD"><b><?php echo _("Revoke")?></b></td>
946 </tr>
947 <?php $query = "select * from `notary` where `to`='".intval($_GET['userid'])."' and `deleted` = 0";
948 $dres = mysql_query($query);
949 $points = 0;
950 while($drow = mysql_fetch_assoc($dres)) {
951 $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['from'])."'"));
952 $points += $drow['points'];
953 ?>
954 <tr>
955 <td class="DataTD"><?php echo $drow['id']?></td>
956 <td class="DataTD"><?php echo sanitizeHTML($drow['date'])?></td>
957 <td class="DataTD"><a href="wot.php?id=9&amp;userid=<?php echo intval($drow['from'])?>"><?php echo sanitizeHTML($fromuser['fname'])." ".sanitizeHTML($fromuser['lname'])?></td>
958 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?php echo intval($drow['from'])?>"><?php echo sanitizeHTML($fromuser['email'])?></a></td>
959 <td class="DataTD"><?php echo intval($drow['points'])?></td>
960 <td class="DataTD"><?php echo sanitizeHTML($drow['location'])?></td>
961 <td class="DataTD"><?php echo sanitizeHTML($drow['method'])?></td>
962 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?php echo intval($drow['to'])?>&amp;assurance=<?php echo intval($drow['id'])?>&amp;csrf=<?php echo make_csrf('admdelassurance')?>&amp;ticketno=<?php echo sanitizeHTML($ticketno)?>" onclick="return confirm('<?php echo sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),intval($drow['id']))?>');"><?php echo _("Revoke")?></a></td>
963 </tr>
964 <?php }
965 ?>
966 <tr>
967 <td class="DataTD" colspan="4"><b><?php echo _("Total Points")?>:</b></td>
968 <td class="DataTD"><?php echo intval($points)?></td>
969 <td class="DataTD" colspan="3">&nbsp;</td>
970 </tr>
971 </table>
972 <?php }
973
974 function showassuredby($ticketno)
975 {
976 ?>
977 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
978 <tr>
979 <td colspan="8" class="title"><?php echo _("Assurance Points The User Issued")?></td>
980 </tr>
981 <tr>
982 <td class="DataTD"><b><?php echo _("ID")?></b></td>
983 <td class="DataTD"><b><?php echo _("Date")?></b></td>
984 <td class="DataTD"><b><?php echo _("Who")?></b></td>
985 <td class="DataTD"><b><?php echo _("Email")?></b></td>
986 <td class="DataTD"><b><?php echo _("Points")?></b></td>
987 <td class="DataTD"><b><?php echo _("Location")?></b></td>
988 <td class="DataTD"><b><?php echo _("Method")?></b></td>
989 <td class="DataTD"><b><?php echo _("Revoke")?></b></td>
990 </tr>
991 <?php $query = "select * from `notary` where `from`='".intval($_GET['userid'])."' and `deleted` = 0";
992 $dres = mysql_query($query);
993 $points = 0;
994 while($drow = mysql_fetch_assoc($dres)) {
995 $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['to'])."'"));
996 $points += intval($drow['points']);
997 ?>
998 <tr>
999 <td class="DataTD"><?php echo intval($drow['id'])?></td>
1000 <td class="DataTD"><?php echo $drow['date']?></td>
1001 <td class="DataTD"><a href="wot.php?id=9&userid=<?php echo intval($drow['to'])?>"><?php echo sanitizeHTML($fromuser['fname']." ".$fromuser['lname'])?></td>
1002 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?php echo intval($drow['to'])?>"><?php echo sanitizeHTML($fromuser['email'])?></a></td>
1003 <td class="DataTD"><?php echo intval($drow['points'])?></td>
1004 <td class="DataTD"><?php echo sanitizeHTML($drow['location'])?></td>
1005 <td class="DataTD"><?php echo sanitizeHTML($drow['method'])?></td>
1006 <td class="DataTD"><a href="account.php?id=43&userid=<?php echo intval($drow['from'])?>&assurance=<?php echo intval($drow['id'])?>&amp;csrf=<?php echo make_csrf('admdelassurance')?>&amp;ticketno=<?php echo sanitizeHTML($ticketno)?>" onclick="return confirm('<?php echo sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),intval($drow['id']))?>');"><?php echo _("Revoke")?></a></td>
1007 </tr>
1008 <?php }
1009 ?>
1010 <tr>
1011 <td class="DataTD" colspan="4"><b><?php echo _("Total Points")?>:</b></td>
1012 <td class="DataTD"><?php echo intval($points)?></td>
1013 <td class="DataTD" colspan="3">&nbsp;</td>
1014 </tr>
1015 </table>
1016 <?} ?>
1017 <br/><br/>
1018 <?php } }
1019
1020 if(isset($_GET['shownotary'])) {
1021 switch($_GET['shownotary']) {
1022 case 'assuredto':
1023 showassuredto($ticketno);
1024 break;
1025 case 'assuredby':
1026 showassuredby($ticketno);
1027 break;
1028 case 'assuredto15':
1029 output_received_assurances(intval($_GET['userid']),1,$ticketno);
1030 break;
1031 case 'assuredby15':
1032 output_given_assurances(intval($_GET['userid']),1, $ticketno);
1033 break;
1034 }
1035 }