dc56c36fd4a7037c6a31eb61f78accd2efb2389a
[cacert-devel.git] / pages / account / 43.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */ ?>
18 <?
19 if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0)
20 {
21 $assurance = mysql_escape_string(intval($_REQUEST['assurance']));
22 $row = 0;
23 $res = mysql_query("select `to` from `notary` where `id`='$assurance'");
24 if ($res) {
25 $row = mysql_fetch_assoc($res);
26 }
27 mysql_query("delete from `notary` where `id`='$assurance'");
28 if ($row) {
29 fix_assurer_flag($row['to']);
30 }
31 }
32
33 if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
34 {
35 $emailsearch = $email = mysql_escape_string(stripslashes($_REQUEST['email']));
36
37 //Disabled to speed up the queries
38 //if(!strstr($email, "%"))
39 // $emailsearch = "%$email%";
40
41 if(intval($email) > 0)
42 $emailsearch = "";
43
44 $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email`
45 where `users`.`id`=`email`.`memid` and
46 (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and
47 `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0
48 group by `users`.`id` limit 100";
49 $res = mysql_query($query);
50 if(mysql_num_rows($res) > 1) { ?>
51 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
52 <tr>
53 <td colspan="5" class="title"><?=_("Select Specific Account Details")?></td>
54 </tr>
55 <tr>
56 <td class="DataTD"><?=_("User ID")?></td>
57 <td class="DataTD"><?=_("Email")?></td>
58 </tr>
59 <?
60 while($row = mysql_fetch_assoc($res))
61 { ?>
62 <tr>
63 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>"><?=intval($row['id'])?></a></td>
64 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td>
65 </tr>
66 <? } if(mysql_num_rows($res) >= 100) { ?>
67 <tr>
68 <td class="DataTD" colspan="2"><?=_("Only the first 100 rows are displayed.")?></td>
69 </tr>
70 <? } else { ?>
71 <tr>
72 <td class="DataTD" colspan="2"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td>
73 </tr>
74 <? } ?>
75 </table><br><br>
76 <? } elseif(mysql_num_rows($res) == 1) {
77 $row = mysql_fetch_assoc($res);
78 $_REQUEST['userid'] = $row['id'];
79 } else {
80 printf(_("No users found matching %s"), sanitizeHTML($email));
81 }
82 }
83
84 if(intval($_REQUEST['userid']) > 0)
85 {
86 $id = intval($_REQUEST['userid']);
87 $query = "select * from `users` where `id`='$id' and `users`.`deleted`=0";
88 $res = mysql_query($query);
89 if(mysql_num_rows($res) <= 0)
90 {
91 echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
92 } else {
93 $row = mysql_fetch_assoc($res);
94 $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."'";
95 $dres = mysql_query($query);
96 $drow = mysql_fetch_assoc($dres);
97 $alerts = mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($row['id'])."'"));
98 ?>
99 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
100 <tr>
101 <td colspan="5" class="title"><? printf(_("%s's Account Details"), sanitizeHTML($row['email'])); ?></td>
102 </tr>
103 <tr>
104 <td class="DataTD"><?=_("Email")?>:</td>
105 <td class="DataTD"><?=sanitizeHTML($row['email'])?></td>
106 </tr>
107 <tr>
108 <td class="DataTD"><?=_("First Name")?>:</td>
109 <td class="DataTD"><form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to modify this DOB and/or last name?")?>')) return false;">
110 <input type="hidden" name="csrf" value="<?=make_csrf('admchangepers')?>" />
111 <input type="text" name="fname" value="<?=sanitizeHTML($row['fname'])?>"></td>
112 </tr>
113 <tr>
114 <td class="DataTD"><?=_("Middle Name")?>:</td>
115 <td class="DataTD"><input type="text" name="mname" value="<?=sanitizeHTML($row['mname'])?>"></td>
116 </tr>
117 <tr>
118 <td class="DataTD"><?=_("Last Name")?>:</td>
119 <td class="DataTD"> <input type="hidden" name="oldid" value="43">
120 <input type="hidden" name="action" value="updatedob">
121 <input type="hidden" name="userid" value="<?=intval($id)?>">
122 <input type="text" name="lname" value="<?=sanitizeHTML($row['lname'])?>"></td>
123 </tr>
124 <tr>
125 <td class="DataTD"><?=_("Suffix")?>:</td>
126 <td class="DataTD"><input type="text" name="suffix" value="<?=sanitizeHTML($row['suffix'])?>"></td>
127 </tr>
128 <tr>
129 <td class="DataTD"><?=_("Date of Birth")?>:</td>
130 <td class="DataTD">
131 <?
132 $year = intval(substr($row['dob'], 0, 4));
133 $month = intval(substr($row['dob'], 5, 2));
134 $day = intval(substr($row['dob'], 8, 2));
135 ?><nobr><select name="day">
136 <?
137 for($i = 1; $i <= 31; $i++)
138 {
139 echo "<option";
140 if($day == $i)
141 echo " selected='selected'";
142 echo ">$i</option>";
143 }
144 ?>
145 </select>
146 <select name="month">
147 <?
148 for($i = 1; $i <= 12; $i++)
149 {
150 echo "<option value='$i'";
151 if($month == $i)
152 echo " selected='selected'";
153 echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))."</option>";
154 }
155 ?>
156 </select>
157 <input type="text" name="year" value="<?=$year?>" size="4">
158 <input type="submit" value="Go"></form></nobr></td>
159 </tr>
160 <tr>
161 <td class="DataTD"><?=_("Trainings")?>:</td>
162 <td class="DataTD"><a href="account.php?id=55&amp;userid=<?=intval($row['id'])?>">show</a></td>
163 </tr>
164 <tr>
165 <td class="DataTD"><?=_("Is Assurer")?>:</td>
166 <td class="DataTD"><a href="account.php?id=43&amp;assurer=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admsetassuret')?>"><?=$row['assurer']?></a></td>
167 </tr>
168 <tr>
169 <td class="DataTD"><?=_("Blocked Assurer")?>:</td>
170 <td class="DataTD"><a href="account.php?id=43&amp;assurer_blocked=<?=intval($row['id'])?>"><?=$row['assurer_blocked']?></a></td>
171 </tr>
172 <tr>
173 <td class="DataTD"><?=_("Account Locking")?>:</td>
174 <td class="DataTD"><a href="account.php?id=43&amp;locked=<?=$row['id']?>&amp;csrf=<?=make_csrf('admactlock')?>"><?=$row['locked']?></a></td>
175 </tr>
176 <tr>
177 <td class="DataTD"><?=_("Code Signing")?>:</td>
178 <td class="DataTD"><a href="account.php?id=43&amp;codesign=<?=$row['id']?>&amp;csrf=<?=make_csrf('admcodesign')?>"><?=$row['codesign']?></a></td>
179 </tr>
180 <tr>
181 <td class="DataTD"><?=_("Org Admin")?>:</td>
182 <td class="DataTD"><a href="account.php?id=43&amp;orgadmin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admorgadmin')?>"><?=$row['orgadmin']?></a></td>
183 </tr>
184 <tr>
185 <td class="DataTD"><?=_("TTP Admin")?>:</td>
186 <td class="DataTD"><a href="account.php?id=43&amp;ttpadmin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admttpadmin')?>"><?=$row['ttpadmin']?></a></td>
187 </tr>
188 <tr>
189 <td class="DataTD"><?=_("Location Admin")?>:</td>
190 <td class="DataTD"><a href="account.php?id=43&amp;locadmin=<?=$row['id']?>"><?=$row['locadmin']?></a></td>
191 </tr>
192 <tr>
193 <td class="DataTD"><?=_("Admin")?>:</td>
194 <td class="DataTD"><a href="account.php?id=43&amp;admin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admsetadmin')?>"><?=$row['admin']?></a></td>
195 </tr>
196 <tr>
197 <td class="DataTD"><?=_("Ad Admin")?>:</td>
198 <td class="DataTD"><a href="account.php?id=43&amp;adadmin=<?=$row['id']?>"><?=$row['adadmin']?></a> (0 = none, 1 = submit, 2 = approve)</td>
199 </tr>
200 <tr>
201 <td class="DataTD"><?=_("Tverify Account")?>:</td>
202 <td class="DataTD"><a href="account.php?id=43&amp;tverify=<?=$row['id']?>"><?=$row['tverify']?></a></td>
203 </tr>
204 <tr>
205 <td class="DataTD"><?=_("General Announcements")?>:</td>
206 <td class="DataTD"><a href="account.php?id=43&amp;general=<?=$row['id']?>"><?=$alerts['general']?></a></td>
207 </tr>
208 <tr>
209 <td class="DataTD"><?=_("Country Announcements")?>:</td>
210 <td class="DataTD"><a href="account.php?id=43&amp;country=<?=$row['id']?>"><?=$alerts['country']?></a></td>
211 </tr>
212 <tr>
213 <td class="DataTD"><?=_("Regional Announcements")?>:</td>
214 <td class="DataTD"><a href="account.php?id=43&amp;regional=<?=$row['id']?>"><?=$alerts['regional']?></a></td>
215 </tr>
216 <tr>
217 <td class="DataTD"><?=_("Within 200km Announcements")?>:</td>
218 <td class="DataTD"><a href="account.php?id=43&amp;radius=<?=$row['id']?>"><?=$alerts['radius']?></a></td>
219 </tr>
220 <tr>
221 <td class="DataTD"><?=_("Change Password")?>:</td>
222 <td class="DataTD"><a href="account.php?id=44&amp;userid=<?=$row['id']?>"><?=_("Change Password")?></a></td>
223 </tr>
224 <tr>
225 <td class="DataTD"><?=_("Delete Account")?>:</td>
226 <td class="DataTD"><a href="account.php?id=50&amp;userid=<?=$row['id']?>&amp;csrf=<?=make_csrf('admdelaccount')?>"><?=_("Delete Account")?></a></td>
227 </tr>
228 <?
229 // This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!!
230 if(array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes") {
231 ?>
232 <tr>
233 <td class="DataTD"><?=_("Lost Password")?> - Q1:</td>
234 <td class="DataTD"><?=sanitizeHTML($row['Q1'])?></td>
235 </tr>
236 <tr>
237 <td class="DataTD"><?=_("Lost Password")?> - A1:</td>
238 <td class="DataTD"><?=sanitizeHTML($row['A1'])?></td>
239 </tr>
240 <tr>
241 <td class="DataTD"><?=_("Lost Password")?> - Q2:</td>
242 <td class="DataTD"><?=sanitizeHTML($row['Q2'])?></td>
243 </tr>
244 <tr>
245 <td class="DataTD"><?=_("Lost Password")?> - A2:</td>
246 <td class="DataTD"><?=sanitizeHTML($row['A2'])?></td>
247 </tr>
248 <tr>
249 <td class="DataTD"><?=_("Lost Password")?> - Q3:</td>
250 <td class="DataTD"><?=sanitizeHTML($row['Q3'])?></td>
251 </tr>
252 <tr>
253 <td class="DataTD"><?=_("Lost Password")?> - A3:</td>
254 <td class="DataTD"><?=sanitizeHTML($row['A3'])?></td>
255 </tr>
256 <tr>
257 <td class="DataTD"><?=_("Lost Password")?> - Q4:</td>
258 <td class="DataTD"><?=sanitizeHTML($row['Q4'])?></td>
259 </tr>
260 <tr>
261 <td class="DataTD"><?=_("Lost Password")?> - A4:</td>
262 <td class="DataTD"><?=sanitizeHTML($row['A4'])?></td>
263 </tr>
264 <tr>
265 <td class="DataTD"><?=_("Lost Password")?> - Q5:</td>
266 <td class="DataTD"><?=sanitizeHTML($row['Q5'])?></td>
267 </tr>
268 <tr>
269 <td class="DataTD"><?=_("Lost Password")?> - A5:</td>
270 <td class="DataTD"><?=sanitizeHTML($row['A5'])?></td>
271 </tr>
272 <? } else { ?>
273 <tr>
274 <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;showlostpw=yes"><?=_("Show Lost Password Details")?></a></td>
275 </tr>
276 <? } ?>
277 <tr>
278 <td class="DataTD"><?=_("Assurance Points")?>:</td>
279 <td class="DataTD"><?=intval($drow['points'])?></td>
280 </tr>
281 </table>
282 <br><?
283 $query = "select * from `email` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`=''
284 and `email`!='".mysql_escape_string($row['email'])."'";
285 $dres = mysql_query($query);
286 if(mysql_num_rows($dres) > 0) { ?>
287 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
288 <tr>
289 <td colspan="5" class="title"><?=_("Alternate Verified Email Addresses")?></td>
290 </tr><?
291 $rc = mysql_num_rows($dres);
292 while($drow = mysql_fetch_assoc($dres))
293 { ?>
294 <tr>
295 <td class="DataTD"><?=_("Secondary Emails")?>:</td>
296 <td class="DataTD"><?=sanitizeHTML($drow['email'])?></td>
297 </tr>
298 <? } ?>
299 </table>
300 <br><? } ?>
301 <?
302 $query = "select * from `domains` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`=''";
303 $dres = mysql_query($query);
304 if(mysql_num_rows($dres) > 0) { ?>
305 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
306 <tr>
307 <td colspan="5" class="title"><?=_("Verified Domains")?></td>
308 </tr><?
309 $rc = mysql_num_rows($dres);
310 while($drow = mysql_fetch_assoc($dres))
311 { ?>
312 <tr>
313 <td class="DataTD"><?=_("Domain")?>:</td>
314 <td class="DataTD"><?=sanitizeHTML($drow['domain'])?></td>
315 </tr>
316 <? } ?>
317 </table>
318 <br>
319 <? } ?>
320
321 <? // Begin - Debug infos
322
323 // --- bug-794 begin ---
324
325 // list total, expired, deleted, latest_expire_date ?
326
327 $query = "select COUNT(`domaincerts`.`id`) as `countdomaincerts` from `domains` inner join `domaincerts` on `domaincerts`.`domid` = `domains`.`id` where `memid`='".intval($row['id'])."' ";
328 $dres = mysql_query($query);
329 $drow = mysql_fetch_assoc($dres);
330 $rctotal = $drow['countdomaincerts'];
331 if($rctotal > 0) {
332 // select domid's
333 $query = "select `id` as `domids` from `domains` where `memid`='".intval($row['id'])."' ";
334 $dres = mysql_query($query);
335 $rcexpired = 0;
336 $rcrevoked = 0;
337 $rcexpiremax = "0000-00-00 00:00:00";
338 while ($drow = mysql_fetch_assoc($dres)) {
339 $ndomid = intval($drow['domids']);
340
341 $query2 = "select COUNT(`id`) as `dexpired` from `domaincerts` where `domid`='".$ndomid."' and `revoked` = '0000-00-00 00:00:00' and `expire` < now() ";
342 $dres2 = mysql_query($query2);
343 $drow2 = mysql_fetch_assoc($dres2);
344 $rcexpired += intval($drow2['dexpired']);
345
346 $query2 = "select COUNT(`id`) as `drevoked` from `domaincerts` where `domid`='".$ndomid."' and `revoked` != '0000-00-00 00:00:00' ";
347 $dres2 = mysql_query($query2);
348 $drow2 = mysql_fetch_assoc($dres2);
349 $rcrevoked += intval($drow2['drevoked']);
350
351 // For Arbitration purpose expiry dates of revoked certs are also relevant!
352 $query2 = "select `expire` as `mexpire` from `domaincerts` where `domid`='".$ndomid."' order by `expire` desc ";
353 $dres2 = mysql_query($query2);
354 $drow2 = mysql_fetch_assoc($dres2);
355 $rcexpiremax = max($rcexpiremax,$drow2['mexpire']);
356
357 $rcactive = intval($rctotal)-intval($rcexpired)-intval($rcrevoked);
358 }
359 }
360 ?>
361 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
362 <tr>
363 <td colspan="6" class="title"><?=_("Total Certificates Status")?></td>
364 </tr>
365
366 <tr>
367 <td class="DataTD"><?=_("Certificates")?>:</td>
368 <td class="DataTD"><?=_("Total")?></td>
369 <td class="DataTD"><?=_("Active")?></td>
370 <td class="DataTD"><?=_("Expired")?></td>
371 <td class="DataTD"><?=_("Revoked")?></td>
372 <td class="DataTD"><?=_("Latest Expire")?></td>
373 </tr>
374
375 <tr>
376 <td class="DataTD"><?=_("Total domain-certificates")?>:</td>
377 <?
378 if($rctotal > 0) {
379 ?>
380 <td class="DataTD"><?=intval($rctotal)?></td>
381 <td class="DataTD"><?=intval($rcactive)?></td>
382 <td class="DataTD"><?=intval($rcexpired)?></td>
383 <td class="DataTD"><?=intval($rcrevoked)?></td>
384 <td class="DataTD"><?=($rcexpiremax!="0000-00-00 00:00:00")?substr($rcexpiremax,0,10):(($rcactive>0)?"Pending":"&nbsp;") ?></td>
385 </tr>
386 <? } else { ?>
387 <td colspan="5" class="DataTD"><?=_("None")?></td>
388 </tr>
389 <? }
390
391 $query = "select COUNT(`id`) as `countemailcerts` from `emailcerts` where `memid`='".intval($row['id'])."' ";
392 $dres = mysql_query($query);
393 $drow = mysql_fetch_assoc($dres);
394 $rctotal = $drow['countemailcerts'];
395 if($rctotal > 0) {
396 $rcexpired = 0;
397 $rcrevoked = 0;
398 $rcexpiremax = "0000-00-00 00:00:00";
399
400 $query2 = "select COUNT(`id`) as `eexpired` from `emailcerts` where `memid`='".intval($row['id'])."' and `revoked` = '0000-00-00 00:00:00' and `expire` < now() ";
401 $dres2 = mysql_query($query2);
402 $drow2 = mysql_fetch_assoc($dres2);
403 $rcexpired = intval($drow2['eexpired']);
404
405 $query2 = "select COUNT(`id`) as `erevoked` from `emailcerts` where `memid`='".intval($row['id'])."' and `revoked` != '0000-00-00 00:00:00' ";
406 $dres2 = mysql_query($query2);
407 $drow2 = mysql_fetch_assoc($dres2);
408 $rcrevoked = intval($drow2['erevoked']);
409
410 $query2 = "select `expire` as `eexpire` from `emailcerts` where `memid`='".intval($row['id'])."' order by `expire` desc ";
411 $dres2 = mysql_query($query2);
412 $drow2 = mysql_fetch_assoc($dres2);
413 $rcexpiremax = $drow2['eexpire'];
414
415 $rcactive = intval($rctotal)-intval($rcexpired)-intval($rcrevoked);
416
417 ?>
418 <tr>
419 <td class="DataTD"><?=_("Total email-certificates")?>:</td>
420 <td class="DataTD"><?=intval($rctotal)?></td>
421 <td class="DataTD"><?=intval($rcactive)?></td>
422 <td class="DataTD"><?=intval($rcexpired)?></td>
423 <td class="DataTD"><?=intval($rcrevoked)?></td>
424 <td class="DataTD"><?=($rcexpiremax!="0000-00-00 00:00:00")?substr($rcexpiremax,0,10):(($rcactive>0)?"Pending":"&nbsp;") ?></td>
425 </tr>
426 <? } else { ?>
427 <tr>
428 <td class="DataTD"><?=_("Total email-certificates")?>:</td>
429 <td colspan="5" class="DataTD"><?=_("None")?></td>
430 </tr>
431 <? }
432 $query = "select COUNT(`id`) as `countgpgcerts` from `gpg` where `memid`='".intval($row['id'])."' ";
433 $dres = mysql_query($query);
434 $drow = mysql_fetch_assoc($dres);
435 $rctotal = $drow['countgpgcerts'];
436 if($rctotal > 0) {
437 $rcexpired = 0;
438 $rcexpiremax = "0000-00-00 00:00:00";
439
440 $query2 = "select COUNT(`id`) as `gexpired` from `gpg` where `memid`='".intval($row['id'])."' and `expire` < now() ";
441 $dres2 = mysql_query($query2);
442 $drow2 = mysql_fetch_assoc($dres2);
443 $rcexpired = intval($drow2['gexpired']);
444
445 /*
446 $query2 = "select COUNT(`id`) as `erevoked` from `gpg` where `memid`='".intval($row['id'])."' and `revoked` != '0000-00-00 00:00:00' ";
447 $dres2 = mysql_query($query2);
448 $drow2 = mysql_fetch_assoc($dres2);
449 $rcrevoked = intval($drow2['erevoked']);
450 */
451
452 $query2 = "select `expire` as `gexpire` from `gpg` where `memid`='".intval($row['id'])."' order by `expire` desc ";
453 $dres2 = mysql_query($query2);
454 $drow2 = mysql_fetch_assoc($dres2);
455 $rcexpiremax = $drow2['gexpire'];
456
457 $rcactive = intval($rctotal)-intval($rcexpired);
458 ?>
459 <tr>
460 <td class="DataTD"><?=_("Total GPG keys")?>:</td>
461 <td class="DataTD"><?=intval($rctotal)?></td>
462 <td class="DataTD"><?=intval($rcactive)?></td>
463 <td class="DataTD"><?=intval($rcexpired)?></td>
464 <td class="DataTD">&nbsp;</td>
465 <td class="DataTD"><?=($rcexpiremax!="0000-00-00 00:00:00")?substr($rcexpiremax,0,10):(($rcactive>0)?"Pending":"&nbsp;") ?></td>
466 </tr>
467 <? } else { ?>
468 <tr>
469 <td class="DataTD"><?=_("Total GPG keys")?>:</td>
470 <td colspan="5" class="DataTD"><?=_("None")?></td>
471 </tr>
472 <? }
473
474 $query = "SELECT count(`org`.`orgid`) as `countorgs` FROM `org` where `memid`='".intval($row['id'])."' ";
475 $dres = mysql_query($query);
476 $drow = mysql_fetch_assoc($dres);
477 $rctotal = $drow['countorgs'];
478 if($rctotal > 0) {
479 // user account is linked into orgs
480
481 // $query = "select COUNT(`orgdomaincerts`.`id`) as `orgcountdomaincerts` from `orgdomains` inner join `orgdomaincerts` on `orgdomaincerts`.`orgid` = `orgdomains`.`id` where `memid`='".intval($row['id'])."' ";
482 $query = "SELECT count(`orgdomaincerts`.`id`) as `countorgdomcerts` FROM `orgdomaincerts` inner join `orgdomains` on `orgdomaincerts`.`orgid`=`orgdomains`.`orgid` inner join `org` on `orgdomains`.`orgid`=`org`.`orgid` where `memid`='".intval($row['id'])."' ";
483
484 $dres = mysql_query($query);
485 $drow = mysql_fetch_assoc($dres);
486 $rctotal = $drow['countorgdomcerts'];
487 if($rctotal > 0) {
488 // select domid's
489 $query = "select `orgdomains`.`orgid` as `orgdomorgids` from `orgdomains` inner join `org` on `orgdomains`.`orgid`=`org`.`orgid` where `memid`='".intval($row['id'])."' ";
490 $dres = mysql_query($query);
491 $rcexpired = 0;
492 $rcrevoked = 0;
493 $rcexpiremax = "0000-00-00 00:00:00";
494 while ($drow = mysql_fetch_assoc($dres)) {
495 $ndomid = intval($drow['orgdomorgids']);
496
497 $query2 = "select COUNT(`orgdomaincerts`.`id`) as `dexpired` from `orgdomaincerts` where `orgid`='".$ndomid."' and `revoked` = '0000-00-00 00:00:00' and `expire` < now() ";
498 $dres2 = mysql_query($query2);
499 $drow2 = mysql_fetch_assoc($dres2);
500 $rcexpired += intval($drow2['dexpired']); // active, but expired
501
502 $query2 = "select COUNT(`orgdomaincerts`.`id`) as `drevoked` from `orgdomaincerts` where `orgid`='".$ndomid."' and `revoked` != '0000-00-00 00:00:00' ";
503 $dres2 = mysql_query($query2);
504 $drow2 = mysql_fetch_assoc($dres2);
505 $rcrevoked += intval($drow2['drevoked']); // revoked
506
507 // For Arbitration purpose expiry dates of revoked certs are also relevant!
508 $query2 = "select `expire` as `mexpire` from `orgdomaincerts` where `orgid`='".$ndomid."' order by `expire` desc ";
509 $dres2 = mysql_query($query2);
510 $drow2 = mysql_fetch_assoc($dres2);
511 $rcexpiremax = max($rcexpiremax,$drow2['mexpire']);
512
513 }
514 $rcactive = intval($rctotal)-intval($rcexpired)-intval($rcrevoked);
515 }
516 if($rctotal > 0) {
517 ?>
518 <tr>
519 <td class="DataTD"><?=_("Total org-domain-certificates")?>:</td>
520 <td class="DataTD"><?=intval($rctotal)?></td>
521 <td class="DataTD"><?=intval($rcactive)?></td>
522 <td class="DataTD"><?=intval($rcexpired)?></td>
523 <td class="DataTD"><?=intval($rcrevoked)?></td>
524 <td class="DataTD"><?=($rcexpiremax!="0000-00-00 00:00:00")?substr($rcexpiremax,0,10):(($rcactive>0)?"Pending":"&nbsp;") ?></td>
525 </tr>
526 <? } else { ?>
527 <tr>
528 <td class="DataTD"><?=_("Total org-domain-certificates")?>:</td>
529 <td colspan="5" class="DataTD"><?=_("None")?></td>
530 </tr>
531 <? }
532
533 // $query = "select COUNT(`id`) as `countorgemailcerts` from `orgemailcerts`
534 $query = "SELECT count(`orgemailcerts`.`id`) as `countorgemailcerts` FROM `orgemailcerts` inner join `org` on `orgemailcerts`.`orgid`=`org`.`orgid` where `memid`='".intval($row['id'])."' ";
535 $dres = mysql_query($query);
536 $drow = mysql_fetch_assoc($dres);
537 $rctotal = $drow['countorgemailcerts'];
538 if($rctotal > 0) {
539 $rcexpired = 0;
540 $rcrevoked = 0;
541 $rcexpiremax = "0000-00-00 00:00:00";
542 $query2 = "select COUNT(`orgemailcerts`.`id`) as `eexpired` from `orgemailcerts` inner join `org` on `orgemailcerts`.`orgid`=`org`.`orgid` where `org`.`memid`='".intval($row['id'])."' and `revoked` = '0000-00-00 00:00:00' and `expire` < now() ";
543 $dres2 = mysql_query($query2);
544 $drow2 = mysql_fetch_assoc($dres2);
545 $rcexpired = intval($drow2['eexpired']);
546
547 $query2 = "select COUNT(`orgemailcerts`.`id`) as `erevoked` from `orgemailcerts` inner join `org` on `orgemailcerts`.`orgid`=`org`.`orgid` where `org`.`memid`='".intval($row['id'])."' and `revoked` != '0000-00-00 00:00:00' ";
548 $dres2 = mysql_query($query2);
549 $drow2 = mysql_fetch_assoc($dres2);
550 $rcrevoked = intval($drow2['erevoked']);
551
552 $query2 = "select `expire` as `eexpire` from `orgemailcerts` inner join `org` on `orgemailcerts`.`orgid`=`org`.`orgid` where `memid`='".intval($row['id'])."' order by `expire` desc ";
553 $dres2 = mysql_query($query2);
554 $drow2 = mysql_fetch_assoc($dres2);
555 $rcexpiremax = $drow2['eexpire'];
556
557 $rcactive = intval($rctotal)-intval($rcexpired)-intval($rcrevoked);
558
559 ?>
560 <tr>
561 <td class="DataTD"><?=_("Total org-email-certificates")?>:</td>
562 <td class="DataTD"><?=intval($rctotal)?></td>
563 <td class="DataTD"><?=intval($rcactive)?></td>
564 <td class="DataTD"><?=intval($rcexpired)?></td>
565 <td class="DataTD"><?=intval($rcrevoked)?></td>
566 <td class="DataTD"><?=($rcexpiremax!="0000-00-00 00:00:00")?substr($rcexpiremax,0,10):(($rcactive>0)?"Pending":"&nbsp;") ?></td>
567 </tr>
568 <? } else { ?>
569 <tr>
570 <td class="DataTD"><?=_("Total org-email-certificates")?>:</td>
571 <td colspan="5" class="DataTD"><?=_("None")?></td>
572 </tr>
573 <? }
574 } else { ?>
575 <tr>
576 <td class="DataTD"><?=_("Org certificates")?>:</td>
577 <td colspan="5" class="DataTD"><?=_("None")?></td>
578 </tr>
579 <? } ?>
580 </table>
581 <br>
582 <?
583 // --- bug-794 end ---
584 ?>
585 <?
586 // End - Debug infos
587 ?>
588
589 <?
590 if(array_key_exists('assuredto',$_GET) && $_GET['assuredto'] == "yes") {
591 ?>
592
593 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
594 <tr>
595 <td colspan="7" class="title"><?=_("Assurance Points")?></td>
596 </tr>
597 <tr>
598 <td class="DataTD"><b><?=_("Date")?></b></td>
599 <td class="DataTD"><b><?=_("Who")?></b></td>
600 <td class="DataTD"><b><?=_("Email")?></b></td>
601 <td class="DataTD"><b><?=_("Points")?></b></td>
602 <td class="DataTD"><b><?=_("Location")?></b></td>
603 <td class="DataTD"><b><?=_("Method")?></b></td>
604 <td class="DataTD"><b><?=_("Revoke")?></b></td>
605 </tr>
606 <?
607 $query = "select * from `notary` where `to`='".intval($row['id'])."'";
608 $dres = mysql_query($query);
609 $points = 0;
610 while($drow = mysql_fetch_assoc($dres))
611 {
612 $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['from'])."'"));
613 $points += $drow['points'];
614 ?>
615 <tr>
616 <td class="DataTD"><?=sanitizeHTML($drow['date'])?></td>
617 <td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['fname'])." ".sanitizeHTML($fromuser['lname'])?></td>
618 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td>
619 <td class="DataTD"><?=intval($drow['points'])?></td>
620 <td class="DataTD"><?=sanitizeHTML($drow['location'])?></td>
621 <td class="DataTD"><?=sanitizeHTML($drow['method'])?></td>
622 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>&amp;assurance=<?=intval($drow['id'])?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a></td>
623 </tr>
624 <? } ?>
625 <tr>
626 <td class="DataTD" colspan="2"><b><?=_("Total Points")?>:</b></td>
627 <td class="DataTD"><?=$points?></td>
628 <td class="DataTD" colspan="3">&nbsp;</td>
629 </tr>
630 </table>
631 <? } else { ?>
632 <tr>
633 <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;assuredto=yes"><?=_("Show Assurances the user got")?></a></td>
634 </tr>
635 <? } ?>
636 <br>
637 <?
638 if(array_key_exists('assuredby',$_GET) && $_GET['assuredby'] == "yes") {
639 ?>
640 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
641 <tr>
642 <td colspan="7" class="title"><?=_("Assurance Points The User Issued")?></td>
643 </tr>
644 <tr>
645 <td class="DataTD"><b><?=_("Date")?></b></td>
646 <td class="DataTD"><b><?=_("Who")?></b></td>
647 <td class="DataTD"><b><?=_("Email")?></b></td>
648 <td class="DataTD"><b><?=_("Points")?></b></td>
649 <td class="DataTD"><b><?=_("Location")?></b></td>
650 <td class="DataTD"><b><?=_("Method")?></b></td>
651 <td class="DataTD"><b><?=_("Revoke")?></b></td>
652 </tr>
653 <?
654 $query = "select * from `notary` where `from`='".$row['id']."' and `to`!='".$row['id']."'";
655 $dres = mysql_query($query);
656 $points = 0;
657 while($drow = mysql_fetch_assoc($dres))
658 {
659 $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$drow['to']."'"));
660 $points += $drow['points'];
661 ?>
662 <tr>
663 <td class="DataTD"><?=$drow['date']?></td>
664 <td class="DataTD"><a href="wot.php?id=9&userid=<?=$drow['to']?>"><?=$fromuser['fname']." ".$fromuser['lname']?></td>
665 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td>
666 <td class="DataTD"><?=$drow['points']?></td>
667 <td class="DataTD"><?=$drow['location']?></td>
668 <td class="DataTD"><?=$drow['method']?></td>
669 <td class="DataTD"><a href="account.php?id=43&userid=<?=$drow['from']?>&assurance=<?=$drow['id']?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a></td>
670 </tr>
671 <? } ?>
672 <tr>
673 <td class="DataTD" colspan="2"><b><?=_("Total Points")?>:</b></td>
674 <td class="DataTD"><?=$points?></td>
675 <td class="DataTD" colspan="3">&nbsp;</td>
676 </tr>
677 </table>
678 <? } else { ?>
679 <tr>
680 <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;assuredby=yes"><?=_("Show Assurances the user gave")?></a></td>
681 </tr>
682 <? } ?>
683 <br><br>
684 <? } } ?>
685