bug 1138: And yet another bunch of missing escapes
[cacert-devel.git] / pages / account / 59.php
1 <?/*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */
18 include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
19
20
21 $userid = intval($_REQUEST['userid']);
22
23 $res = get_user_data($userid);
24 if (mysql_num_rows($res) <= 0)
25 {
26 echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!");
27 exit;
28 }
29
30 $user = mysql_fetch_assoc($res);
31
32 $fname = $user['fname'];
33 $mname = $user['mname'];
34 $lname = $user['lname'];
35 $suffix = $user['suffix'];
36 $dob = $user['dob'];
37 $username = $fname." ".$mname." ".$lname." ".$suffix;
38 $email = $user['email'];
39 $alerts =get_alerts($userid);
40
41 $ticketno = "";
42 if (array_key_exists('ticketno', $_SESSION)) {
43 $ticketno = $_SESSION['ticketno'];
44 }
45
46 $oldid = 0;
47 if (array_key_exists('oldid', $_REQUEST)) {
48 $oldid = intval($_REQUEST['oldid']);
49 }
50
51 // Support Engineer access restrictions
52 $support=0;
53 if ($userid != $_SESSION['profile']['id']) {
54 // Check if support engineer
55 if (array_key_exists('admin', $_SESSION['profile']) &&
56 $_SESSION['profile']['admin'] != 0)
57 {
58 $support=$_SESSION['profile']['admin'];
59
60 } else {
61 echo _("You do not have access to this page.");
62 showfooter();
63 exit;
64 }
65
66 if (!valid_ticket_number($ticketno)) {
67 printf(_("I'm sorry, you did not enter a ticket number! %s Support is not allowed to view the account history without a ticket number."), '<br/>');
68 echo '<br/><a href="account.php?id=43&amp;userid='.intval($userid).'">'. _('Back to previous page.') .'</a>';
69 showfooter();
70 exit;
71 }
72
73 if (!write_se_log($userid, $_SESSION['profile']['id'], 'SE View account history', $ticketno)) {
74 echo _("Writing to the admin log failed. Can't continue.");
75 echo '<br/><a href="account.php?id=43&amp;userid='.intval($userid).'">'. _('Back to previous page.') .'</a>';
76 showfooter();
77 exit;
78 }
79 }
80
81 // Account details
82 ?>
83 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
84 <tr>
85 <td colspan="2" class="title"><?printf(_('Account history of %s'),$username)?></td>
86 </tr>
87 <tr>
88 <td colspan="2" class="title"><?=_('User actions')?></td>
89 </tr>
90 <tr>
91 <td class="DataTD"><?=_('User name')?></td>
92 <td class="DataTD"><?=sanitizeHTML($username)?></td>
93 </tr>
94 <tr>
95 <td class="DataTD"><?=_('Date of Birth')?></td>
96 <td class="DataTD"><?=sanitizeHTML($dob)?></td>
97 </tr>
98 <tr>
99 <td class="DataTD"><?=_("Is Assurer")?>:</td>
100 <td class="DataTD"><?= ($user['assurer']==0)? _('No'):_('Yes')?></td>
101 </tr>
102 <tr>
103 <td class="DataTD"><?=_("Blocked Assurer")?>:</td>
104 <td class="DataTD"><?= ($user['assurer_blocked']==0)? _('No'):_('Yes')?></td>
105 </tr>
106 <tr>
107 <td class="DataTD"><?=_("Account Locking")?>:</td>
108 <td class="DataTD"><?= ($user['locked']==0)? _('No'):_('Yes')?></td>
109 </tr>
110 <tr>
111 <td class="DataTD"><?=_("Code Signing")?>:</td>
112 <td class="DataTD"><?= ($user['codesign']==0)? _('No'):_('Yes')?></td>
113 </tr>
114 <tr>
115 <td class="DataTD"><?=_("Org Assurer")?>:</td>
116 <td class="DataTD"><?= ($user['orgadmin']==0)? _('No'):_('Yes')?></td>
117 </tr>
118 <tr>
119 <td class="DataTD"><?=_("TTP Admin")?>:</td>
120 <td class="DataTD"><?= $user['ttpadmin']._(' - 0 = none, 1 = TTP Admin, 2 = TTP TOPUP admin')?></td>
121 </tr>
122 <tr>
123 <td class="DataTD"><?=_("Location Admin")?>:</td>
124 <td class="DataTD"><?= ($user['locadmin']==0)? _('No'):_('Yes')?></td>
125 </tr>
126 <tr>
127 <td class="DataTD"><?=_("Admin")?>:</td>
128 <td class="DataTD"><?= ($user['admin']==0)? _('No'):_('Yes')?></td>
129 </tr>
130 <tr>
131 <td class="DataTD"><?=_("Ad Admin")?>:</td>
132 <td class="DataTD"><?= $user['adadmin']._(' - 0 = none, 1 = submit, 2 = approve')?></td>
133 </tr>
134 <tr>
135 <td class="DataTD"><?=_("General Announcements")?>:</td>
136 <td class="DataTD"><?= ($alerts['general']==0)? _('No'):_('Yes')?></td>
137 </tr>
138 <tr>
139 <td class="DataTD"><?=_("Country Announcements")?>:</td>
140 <td class="DataTD"><?= ($alerts['country']==0)? _('No'):_('Yes')?></td>
141 </tr>
142 <tr>
143 <td class="DataTD"><?=_("Regional Announcements")?>:</td>
144 <td class="DataTD"><?= ($alerts['regional']==0)? _('No'):_('Yes')?></td>
145 </tr>
146 <tr>
147 <td class="DataTD"><?=_("Within 200km Announcements")?>:</td>
148 <td class="DataTD"><?= ($alerts['radius']==0)? _('No'):_('Yes')?></td>
149 </tr>
150 </table>
151 <br/>
152 <?
153
154 // Email addresses
155 $dres = get_email_addresses($userid,'',1);
156 ?>
157 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
158 <tr>
159 <td colspan="3" class="title"><?=_('Email addresses')?></td>
160 </tr>
161 <?
162 if (mysql_num_rows($dres) > 0) {
163 output_log_email_header();
164 while ($drow = mysql_fetch_assoc($dres))
165 {
166 output_log_email($drow,$email);
167 }
168 } else {
169 ?>
170 <tr>
171 <td colspan="3" ><?=_('no entry available')?></td>
172 </tr>
173 <?
174 }
175 ?>
176 </table>
177 <br/>
178 <?
179
180 // Domains
181 $dres = get_domains($userid, 1);
182 ?>
183 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
184 <tr>
185 <td colspan="3" class="title"><?=_('Domains')?></td>
186 </tr>
187 <?
188 if (mysql_num_rows($dres) > 0) {
189 output_log_domains_header();
190 while ($drow = mysql_fetch_assoc($dres))
191 {
192 output_log_domains($drow);
193 }
194 } else {
195 ?>
196 <tr>
197 <td colspan="3" ><?=_('no entry available')?></td>
198 </tr>
199 <?
200 }
201 ?>
202 </table>
203 <br/>
204
205 <?
206 // Trainings
207 $dres = get_training_results($userid);
208 ?>
209 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
210 <tr>
211 <td colspan="3" class="title"><?=_('Trainings')?></td>
212 </tr>
213 <?
214 if (mysql_num_rows($dres) > 0) {
215 output_log_training_header();
216 while ($drow = mysql_fetch_assoc($dres))
217 {
218 output_log_training($drow);
219 }
220 } else {
221 ?>
222 <tr>
223 <td colspan="3" ><?=_('no entry available')?></td>
224 </tr>
225 <?
226 }
227 ?>
228 </table>
229 <br/>
230
231 <?
232 // User Agreements
233 $dres = get_user_agreements($userid);
234 ?>
235 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
236 <tr>
237 <td colspan="4" class="title"><?=_('User agreements')?></td>
238 </tr>
239 <?
240 if (mysql_num_rows($dres) > 0) {
241 output_log_agreement_header();
242 while ($drow = mysql_fetch_assoc($dres))
243 {
244 output_log_agreement($drow);
245 }
246 } else {
247 ?>
248 <tr>
249 <td colspan="4" ><?=_('no entry available')?></td>
250 </tr>
251 <?
252 }
253 ?>
254 </table>
255 <br/>
256
257 <?
258 // Client Certificates
259 $dres = get_client_certs($userid, 1);
260 $colspan=8;
261 if (1 == $support) {
262 $colspan=6;
263 }
264 ?>
265 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
266 <tr>
267 <td colspan="<?=$colspan?>" class="title"><?=_('Client certificates')?></td>
268 </tr>
269 <?
270 if (mysql_num_rows($dres) > 0) {
271 output_client_cert_header($support);
272 while ($drow = mysql_fetch_assoc($dres))
273 {
274 output_client_cert($drow,$support);
275 }
276 } else {
277 ?>
278 <tr>
279 <td colspan="<?=$colspan?>" ><?=_('no entry available')?></td>
280 </tr>
281 <?
282 }
283 ?>
284 </table>
285 <br/>
286
287 <?
288 // Server Certificates
289 $dres = get_server_certs($userid,1);
290 $colspan = 7;
291 if (1 == $support) {
292 $colspan = 5;
293 }
294 ?>
295 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
296 <tr>
297 <td colspan="<?=$colspan?>" class="title"><?=_('Server certificates')?></td>
298 </tr>
299 <?
300 if (mysql_num_rows($dres) > 0) {
301 output_server_certs_header($support);
302 while ($drow = mysql_fetch_assoc($dres))
303 {
304 output_server_certs($drow,$support);
305 }
306 } else {
307 ?>
308 <tr>
309 <td colspan="<?=$colspan?>" ><?=_('no entry available')?></td>
310 </tr>
311 <?
312 }
313 ?>
314 </table>
315 <br/>
316
317 <?
318 // GPG Certificates
319 $dres = get_gpg_certs($userid,1);
320 $colspan = 6;
321 if (1 == $support) {
322 $colspan = 4;
323 }
324 ?>
325 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
326 <tr>
327 <td colspan="<?=$colspan?>" class="title"><?=_('GPG/PGP certificates')?></td>
328 </tr>
329 <?
330 if (mysql_num_rows($dres) > 0) {
331 output_gpg_certs_header($support);
332 while ($drow = mysql_fetch_assoc($dres))
333 {
334 output_gpg_certs($drow, $support);
335 }
336 } else {
337 ?>
338 <tr>
339 <td colspan="<?=$colspan?>" ><?=_('no entry available')?></td>
340 </tr>
341 <?
342 }?>
343 </table>
344 <br/>
345
346 <?
347
348 output_given_assurances($userid, $support, $ticketno, 1);
349 ?><br/><?
350
351 output_received_assurances($userid, $support, $ticketno, 1);
352 ?><br/><?
353
354 $dres = get_se_log($userid);
355 $colspan = 2;
356 if (1 == $support) {
357 $colspan = 4;
358 }
359 ?>
360 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
361 <tr>
362 <td colspan="<?=$colspan?>" class="title"><?=_('Admin log')?></td>
363 </tr>
364 <?
365 if (mysql_num_rows($dres) > 0) {
366 output_log_se_header($support);
367 while ($drow = mysql_fetch_assoc($dres))
368 {
369 output_log_se($drow,$support);
370 }
371 } else {
372 ?>
373 <tr>
374 <td colspan="<?=$colspan?>" ><?=_('no entry available')?></td>
375 </tr>
376 <?
377 }
378 ?>
379 <tr>
380 <td colspan="<?=$colspan?>" >
381 <a href="account.php?id=<?=$oldid?intval($oldid):($support?43:13)?>&amp;userid=<?=intval($userid)?>"><?= _('Back to previous page.')?></a>
382 </td>
383 </tr>
384
385 </table>