All mysql_-statments replaced by their corresponding mysqli_-statements
[cacert-devel.git] / pages / wot / 9.php
index bfa7a98..ea7a384 100644 (file)
     along with this program; if not, write to the Free Software
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */
-       
+
        require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php');
-       
 
-       $res = mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."' and `listme`='1'");
-       if(mysql_num_rows($res) <= 0)
+
+       $res = mysqli_query($_SESSION['mconn'], "select * from `users` where `id`='".intval($_REQUEST['userid'])."' and `listme`='1'");
+       if(mysqli_num_rows($res) <= 0)
        {
                echo _("Sorry, I was unable to locate that user, the person doesn't wish to be contacted, or isn't an assurer.");
        } else {
 
-               $user = mysql_fetch_array($res);
-               $userlang = $user['language'];
-               $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
-                               where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0"));
-               if($points <= 0)
-               {
+               $user = mysqli_fetch_array($res);
+               $userlang = L10n::normalise_translation($user['language']);
+               $points = mysqli_num_rows(mysqli_query($_SESSION['mconn'], "select sum(`points`) as `total` from `notary`
+                               where `to`='".intval($user['id'])."' and `deleted`=0 group by `to` HAVING SUM(`points`) > 0"));
+               if($points <= 0) {
                        echo _("Sorry, I was unable to locate that user.");
                } else {
 
 ?>
 <? if($_SESSION['_config']['error'] != "") { ?><font color="#ff0000" size="+1">ERROR: <?=$_SESSION['_config']['error']?></font><? unset($_SESSION['_config']['error']); } ?>
 <form method="post" action="wot.php">
-<input type="hidden" name="userid" value="<?=$user['id']?>">
+<input type="hidden" name="userid" value="<?=intval($user['id'])?>">
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
   <tr>
     <td colspan="2" class="title"><?=_("Contact Assurer")?></td>
   </tr>
   <tr>
     <td class="DataTD"><?=_("To")?>:</td>
-    <td class="DataTD" align="left"><?=$user['fname']?> <?=substr($user['lname'], 0, 1)?></td>
+    <td class="DataTD" align="left"><?=sanitizeHTML(trim($user['fname'].' '.substr($user['lname'], 0, 1)))?></td>
   </tr>
 <? if($userlang != "") { ?>
   <tr>
     <td class="DataTD"><?=_("Language")?>:</td>
-    <td class="DataTD" align="left"><? printf(_("%s prefers to be contacted in %s"), $user['fname'], L10n::$translations[$userlang]) ?></td>
+    <td class="DataTD" align="left"><? printf(_("%s prefers to be contacted in %s"), sanitizeHTML($user['fname']), L10n::$translations[$userlang]) ?></td>
   </tr>
 <? } ?>
 <?
-       $query = "select * from `addlang` where `userid`='".$user['id']."'";
-       $res = mysql_query($query);
-       while($row = mysql_fetch_assoc($res))
+       $query = "select * from `addlang` where `userid`='".intval($user['id'])."'";
+       $res = mysqli_query($_SESSION['mconn'], $query);
+       while($row = mysqli_fetch_assoc($res))
        {
-               $lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='${row['lang']}'"));
+               $lang = mysqli_fetch_assoc(mysqli_query($_SESSION['mconn'], "select * from `languages` where `locale`='".mysqli_real_escape_string($_SESSION['mconn'], $row['lang'])."'"));
 ?>
   <tr>
     <td class="DataTD"><?=_("Additional Language")?>:</td>
-    <td class="DataTD" align="left"><? printf(_("%s will also accept email in %s - %s"), $user['fname'], $lang['lang'], $lang['country']) ?></td>
+    <td class="DataTD" align="left"><? printf(_("%s will also accept email in %s - %s"), sanitizeHTML($user['fname']), $lang['lang'], $lang['country']) ?></td>
   </tr>
 <? } ?>
   <tr>
@@ -79,7 +78,7 @@
 </table>
 <input type="hidden" name="pageid" value="<?=$_SESSION['_config']['pagehash']?>">
 <input type="hidden" name="userid" value="<?=intval($_REQUEST['userid'])?>">
-<input type="hidden" name="oldid" value="<?=$id?>">
+<input type="hidden" name="oldid" value="<?=intval($id)?>">
 </form>
 <p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p>
 <? } } ?>