bug 1389: Consistent indentation
[cacert-devel.git] / www / disputes.php
index 916357f..96c7c75 100644 (file)
@@ -17,6 +17,7 @@
 */ ?>
 <?
        require_once("../includes/loggedin.php");
+       require_once("../includes/notary.inc.php");
        require_once("../includes/lib/l10n.php");
 
        loadem("account");
                        {
                                $row = mysql_fetch_assoc($res);
                                echo $row['email']."<br>\n";
-                               $query = "select `emailcerts`.`id`
-                                               from `emaillink`,`emailcerts` where
-                                               `emailid`='$emailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and
-                                               `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0
-                                               group by `emailcerts`.`id`";
-                               $dres = mysql_query($query);
-                               while($drow = mysql_fetch_assoc($dres))
-                                       mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($drow['id'])."'");
-
-                               $do = `../scripts/runclient`;
-                               $query = "update `email` set `deleted`=NOW() where `id`='".intval($emailid)."'";
-                               mysql_query($query);
+                               account_email_delete($row['id']);
                        }
                        mysql_query("update `disputeemail` set hash='',action='accept' where `id`='$emailid'");
-                       $rc = mysql_num_rows(mysql_query("select * from `domains` where `memid`='$oldmemid' and `deleted`=0"));
-                       $rc = mysql_num_rows(mysql_query("select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'"));
-                       $res = mysql_query("select * from `users` where `id`='$oldmemid'");
-                       $user = mysql_fetch_assoc($res);
+                       $rc = mysql_num_rows(mysql_query("select * from `domains` where `memid`='$oldmemid' and `deleted`=0"));
+                       $rc2 = mysql_num_rows(mysql_query("select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'"));
+                       $res = mysql_query("select * from `users` where `id`='$oldmemid'");
+                       $user = mysql_fetch_assoc($res);
                        if($rc == 0 && $rc2 == 0 && $_SESSION['_config']['email'] == $user['email'])
                        {
                                mysql_query("update `users` set `deleted`=NOW() where `id`='$oldmemid'");
                        showheader(_("Domain Dispute"));
                        echo "<p>"._("You have opted to accept this dispute and the request will now remove this domain from the existing account, and revoke any current certificates.")."</p>";
                        echo "<p>"._("The following accounts have been removed:")."<br>\n";
+                       //new account_domain_delete($domainid, $memberID)
                        $query = "select * from `domains` where `id`='$domainid' and deleted=0";
                        $res = mysql_query($query);
                        if(mysql_num_rows($res) > 0)
                        {
-                                echo $_SESSION['_config']['domain']."<br>\n";
-                                mysql_query("update `domains` set `deleted`=NOW() where `id`='$domainid'");
-                               $query = "select * from `domlink` where `domid`='$domainid'";
-                               $res = mysql_query($query);
-                               while($row = mysql_fetch_assoc($res))
-                                       mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['certid']."' and `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0");
-                               $do = `../scripts/runserver`;
+                               echo $_SESSION['_config']['domain']."<br>\n";
+                               account_domain_delete($domainid);
                        }
                        mysql_query("update `disputedomain` set hash='',action='accept' where `id`='$domainid'");
                        showfooter();
                        exit;
                }
 
+               //check if email belongs to locked account
+               $res = mysql_query("select 1 from `email`, `users` where `email`.`email`='$email' and `email`.`memid`=`users`.`id` and (`users`.`assurer_blocked`=1 or `users`.`locked`=1)");
+               if(mysql_num_rows($res) > 0)
+               {
+                       showheader(_("Email Dispute"));
+                       printf(_("Sorry, the email address '%s' cannot be disputed for administrative reasons. To solve this problem please get in contact with %s."), sanitizeHTML($email),"<a href='mailto:support@cacert.org'>support@cacert.org</a>");
+                       $duser=$_SESSION['profile']['fname']." ".$_SESSION['profile']['lname'];
+                       $body = sprintf("Someone has just attempted to dispute this email '%s', which belongs to a locked account:\n".
+                               "Username(ID): %s (%s)\n".
+                               "email: %s\n".
+                               "IP/Hostname: %s\n", $email, $duser, $_SESSION['profile']['id'], $_SESSION['profile']['email'], $_SERVER['REMOTE_ADDR'].(array_key_exists('REMOTE_HOST',$_SERVER)?"/".$_SERVER['REMOTE_HOST']:""));
+                       sendmail("support@cacert.org", "[CAcert.org] failed dispute on locked account", $body, $_SESSION['profile']['email'], "", "", $duser);
+
+                       showfooter();
+                       exit;
+               }
+
                $res = mysql_query("select * from `disputeemail` where `email`='$email' and hash!=''");
                if(mysql_num_rows($res) > 0)
                {
                        echo _("You aren't allowed to dispute your own email addresses. Can't continue.");
                        showfooter();
                        exit;
-               }       
+               }
 
                $res = mysql_query("select * from `users` where `id`='$oldmemid'");
                $user = mysql_fetch_assoc($res);
                mysql_query($query);
 
                $my_translation = L10n::get_translation();
-               L10n::set__recipient_language($oldmemid);
+               L10n::set_recipient_language($oldmemid);
 
                $body = sprintf(_("You have been sent this email as the email address '%s' is being disputed. You have the option to accept or reject this request, after 2 days the request will automatically be discarded. Click the following link to accept or reject the dispute:"), $email)."\n\n";
                $body .= "https://".$_SESSION['_config']['normalhostname']."/disputes.php?type=email&emailid=$emailid&hash=$hash\n\n";
                        exit;
                }
 
+               //check if domain belongs to locked account
+               $res = mysql_query("select 1 from `domains`, `users` where `domains`.`domain`='$domain' and `domains`.`memid`=`users`.`id` and (`users`.`assurer_blocked`=1 or `users`.`locked`=1)");
+               if(mysql_num_rows($res) > 0)
+               {
+                       showheader(_("Domain Dispute"));
+                       printf(_("Sorry, the domain '%s' cannot be disputed for administrative reasons. To solve this problem please get in contact with %s."), sanitizeHTML($domain),"<a href='mailto:support@cacert.org'>support@cacert.org</a>");
+                       $duser=$_SESSION['profile']['fname']." ".$_SESSION['profile']['lname'];
+                       $body = sprintf("Someone has just attempted to dispute this domain '%s', which belongs to a locked account:\n".
+                               "Username(ID): %s (%s)\n".
+                               "email: %s\n".
+                               "IP/Hostname: %s\n", $domain, $duser, $_SESSION['profile']['id'], $_SESSION['profile']['email'], $_SERVER['REMOTE_ADDR'].(array_key_exists('REMOTE_HOST',$_SERVER)?"/".$_SERVER['REMOTE_HOST']:""));
+                       sendmail("support@cacert.org", "[CAcert.org] failed dispute on locked account", $body, $_SESSION['profile']['email'], "", "", $duser);
+
+                       showfooter();
+                       exit;
+               }
+
                $query = "select * from `disputedomain` where `domain`='$domain' and hash!=''";
                $res = mysql_query($query);
                if(mysql_num_rows($res) > 0)
                }
                unset($oldid);
                $query = "select * from `domains` where `domain`='$domain' and `deleted`=0";
-               $email = ""; if(array_key_exists('email',$_REQUEST)) $email=trim(mysql_real_escape_string($_REQUEST['email']));
                $res = mysql_query($query);
                if(mysql_num_rows($res) <= 0)
                {
+                       $query = "select 1 from `orgdomains` where `domain`='$domain'";
+                       $res = mysql_query($query);
+                       if(mysql_num_rows($res) > 0)
+                       {
+                               showheader(_("Domain Dispute"));
+                               printf(_("The domain '%s' is included in an organisation account. Please send a mail to %s to dispute this domain."), sanitizeHTML($domain),'<a href="mailto:support@cacert.org">support@cacert.org</a>');
+                               showfooter();
+                               exit;
+                       }
                        showheader(_("Domain Dispute"));
-                       printf(_("The domain '%s' doesn't exist in the system. Can't continue."), sanitizeHTML($email));
+                       printf(_("The domain '%s' doesn't exist in the system. Can't continue."), sanitizeHTML($domain));
                        showfooter();
                        exit;
                }
                        echo _("You aren't allowed to dispute your own domains. Can't continue.");
                        showfooter();
                        exit;
-               }       
+               }
 
                $domainid = $row['id'];
                $_SESSION['_config']['domainid'] = $domainid;
                                `oldmemid`='$oldmemid',`created`=NOW(),`hash`='$hash',`id`='$domainid'";
                mysql_query($query);
                $my_translation = L10n::get_translation();
-               L10n::set__recipient_language($oldmemid);
+               L10n::set_recipient_language($oldmemid);
 
                $body = sprintf(_("You have been sent this email as the domain '%s' is being disputed. You have the option to accept or reject this request, after 2 days the request will automatically be discarded. Click the following link to accept or reject the dispute:"), $domain)."\n\n";
                $body .= "https://".$_SESSION['_config']['normalhostname']."/disputes.php?type=domain&domainid=$domainid&hash=$hash\n\n";
                $body .= _("Best regards")."\n"._("CAcert.org Support!");
-               L10n::set__recipient_language($my_translation);
+               L10n::set_recipient_language($my_translation);
 
                sendmail($authaddy, "[CAcert.org] "._("Dispute Probe"), $body, "support@cacert.org", "", "", "CAcert Support");