bug 1138: And yet another bunch of missing escapes
[cacert-devel.git] / pages / account / 52.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */ ?>
18 <? if($_SESSION['profile']['tverify'] <= 0) { echo _("You don't have access to this area."); } else { ?>
19 <?
20 $uid = intval($_GET['uid']);
21 $query = "select * from `tverify` where `id`='".intval($uid)."' and `modified`=0";
22 $res = mysql_query($query);
23 if(mysql_num_rows($res) > 0)
24 {
25 $row = mysql_fetch_assoc($res);
26 $memid = intval($row['memid']);
27
28 $query2 = "select * from `tverify-vote` where `tverify`='".intval($uid)."' and `memid`='".intval($_SESSION['profile']['id'])."'";
29 $rc2 = mysql_num_rows(mysql_query($query2));
30 if($rc2 > 0)
31 {
32 showheader(_("My CAcert.org Account!"));
33 echo _("You have already voted on this request.");
34 showfooter();
35 exit;
36 }
37
38 $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($memid)."' and `deleted` = 0";
39 $notary = mysql_fetch_assoc(mysql_query($query));
40 $query = "select * from `users` where `id`='".intval($memid)."'";
41 $user = mysql_fetch_assoc(mysql_query($query));
42 $tobe = 50 - $notary['points'];
43 if($row['URL'] != '' && $row['photoid'] != '')
44 $tobe = 150 - $notary['points'];
45 else if($row['URL'] != '')
46 $tobe = 90 - $notary['points'];
47 if(intval($tobe) <= 0)
48 $tobe = 0;
49 ?>
50 <?=_("Request Details")?>:<br>
51 <?=_("Name on file")?>: <?=sanitizeHTML($user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix'])?><br>
52 <?=_("Primary email address")?>: <?=sanitizeHTML($user['email'])." (".intval($user['id']).")"?><br>
53 <?=_("Certificate Subject")?>: <?=sanitizeHTML($row['CN'])?><br>
54 <? if($row['URL'] != '') { ?><?=_("Notary URL")?>: <a href="<?=$row['URL']?>"><?=$row['URL']?></a><br><? } ?>
55 <? if($row['photoid'] != '') { ?><?=_("Photo ID URL")?>: <a href="/account.php?id=51&amp;photoid=<?=intval($row['id'])?>"><?=_("Here")?></a><br><? } ?>
56 <?=_("Current Points")?>: <?=intval($notary['points'])?><br>
57 <?=_("Potential Points")?>: <?=intval($tobe)?><br>
58 <?=_("Date of Birth")?>: <?=$user['dob']?> (YYYY-MM-DD)<br>
59
60 <br>
61 <form method="post" action="account.php">
62 <?=_("Comment")?>: <input type="text" name="comment"><br>
63 <input type="submit" name="agree" value="<?=_("I agree with this Application")?>">
64 <input type="submit" name="disagree" value="<?=_("I don't agree with this Application")?>">
65 <input type="hidden" name="oldid" value="<?=intval($_GET['id'])?>">
66 <input type="hidden" name="uid" value="<?=intval($uid)?>">
67 </form>
68 <? } else {
69 $query = "select * from `tverify` where `id`='".intval($uid)."' and `modified`=1";
70 $res = mysql_query($query);
71 if(mysql_num_rows($res) > 0)
72 {
73 echo _("This UID has already been voted on.")."<br/>";
74 } else {
75 if($uid) echo _("Unable to locate a valid request for that UID.")."<br/>";
76 }
77
78 // Search for open requests:
79 $query = "select * from `tverify` where `modified`=0";
80 $res = mysql_query($query);
81 if(mysql_num_rows($res) > 0)
82 {
83 echo "<br/>"._("The following requests are still open:")."<br/><ul>";
84 while($row = mysql_fetch_assoc($res))
85 {
86 $uid=intval($row['id']);
87 $query3 = "select * from `tverify-vote` where `tverify`='".intval($uid)."' and `memid`='".intval($_SESSION['profile']['id'])."'";
88 $rc3 = mysql_num_rows(mysql_query($query3));
89 if($rc3 <= 0)
90 {
91 echo "<li><a href='account.php?id=52&amp;uid=".intval($row['id'])."'>".intval($row['id'])."</a></li>\n";
92 }
93 }
94 echo "</ul>\n<br>\n";
95 }
96 else
97 {
98 echo "<br/>"._("There are no pending requests where you haven't voted yet.");
99 }
100
101
102 } } ?>