Merge branch 'bug-893' into bug-1136
authorMichael Tänzer <neo@nhng.de>
Tue, 6 Aug 2013 21:09:32 +0000 (23:09 +0200)
committerMichael Tänzer <neo@nhng.de>
Tue, 6 Aug 2013 21:56:07 +0000 (23:56 +0200)
Conflicts:
        includes/notary.inc.php

Signed-off-by: Michael Tänzer <neo@nhng.de>
includes/account.php
includes/notary.inc.php

index 76de567..eae7500 100644 (file)
                }
                if ( 1 !== preg_match('/^[a-z]\d{8}\.\d+\.\d+$/i',trim($_REQUEST['arbitrationno'])) ) {
                        showheader(_("My CAcert.org Account!"));
-                       echo _("You did not enter an arbitration number entry.");
+                       printf(_("'%s' is not a valid arbitration number entry."), sanitizeHTML(trim($_REQUEST['arbitrationno'])));
                        showfooter();
                        exit;
                }
-               if (check_email_exists($_REQUEST['arbitrationno'].'@cacert.org')) {
+               if (check_email_exists(trim($_REQUEST['arbitrationno']).'@cacert.org')) {
                        showheader(_("My CAcert.org Account!"));
                        printf(_("The email address '%s' is already in a different account. Can't continue."), sanitizeHTML($_REQUEST['arbitrationno'].'@cacert.org'));
                        showfooter();
                        showfooter();
                        exit;
                }
-               account_delete($_REQUEST['userid'], $_REQUEST['arbitrationno'], $_SESSION['profile']['id']);
+               account_delete($_REQUEST['userid'], trim($_REQUEST['arbitrationno']), $_SESSION['profile']['id']);
        }
 
        if(($id == 51 || $id == 52 || $oldid == 52) && $_SESSION['profile']['tverify'] <= 0)
index 55f731c..1ca6ba1 100644 (file)
                mysql_query($query);
 
        //delete all other email address
-               $query = "select * from `email` where `memid`='".$id."' and `id`!='".$emailid."'" ;
+               $query = "select `id` from `email` where `memid`='".$id."' and `id`!='".$emailid."'" ;
                $res=mysql_query($query);
                while($row = mysql_fetch_assoc($res)){
                        account_email_delete($row['id']);
                }
 
        //delete all domains
-               $query = "select * from `domains` where `memid`='".$id."'";
+               $query = "select `id` from `domains` where `memid`='".$id."'";
                $res=mysql_query($query);
                while($row = mysql_fetch_assoc($res)){
                        account_domain_delete($row['id']);
                }
 
        //clear alert settings
-               mysql_query("update `alerts` set `general`='0' where `memid`='$id'");
-               mysql_query("update `alerts` set `country`='0' where `memid`='$id'");
-               mysql_query("update `alerts` set `regional`='0' where `memid`='$id'");
-               mysql_query("update `alerts` set `radius`='0' where `memid`='$id'");
+               mysql_query(
+                       "update `alerts` set
+                               `general`='0',
+                               `country`='0',
+                               `regional`='0',
+                               `radius`='0'
+                       where `memid`='$id'");
 
        //set default location
                $query = "update `users` set `locid`='2256755', `regid`='243', `ccid`='12' where `id`='".$id."'";
                mysql_query($query);
 
        //clear all admin and board flags
-               mysql_query("update `users` set `assurer`='0' where `id`='$id'");
-               mysql_query("update `users` set `assurer_blocked`='0' where `id`='$id'");
-               mysql_query("update `users` set `codesign`='0' where `id`='$id'");
-               mysql_query("update `users` set `orgadmin`='0' where `id`='$id'");
-               mysql_query("update `users` set `ttpadmin`='0' where `id`='$id'");
-               mysql_query("update `users` set `locadmin`='0' where `id`='$id'");
-               mysql_query("update `users` set `admin`='0' where `id`='$id'");
-               mysql_query("update `users` set `adadmin`='0' where `id`='$id'");
-               mysql_query("update `users` set `tverify`='0' where `id`='$id'");
-               mysql_query("update `users` set `board`='0' where `id`='$id'");
+               mysql_query(
+                       "update `users` set
+                               `assurer`='0',
+                               `assurer_blocked`='0',
+                               `codesign`='0',
+                               `orgadmin`='0',
+                               `ttpadmin`='0',
+                               `locadmin`='0',
+                               `admin`='0',
+                               `adadmin`='0',
+                               `tverify`='0',
+                               `board`='0'
+                       where `id`='$id'");
 
        //block account
                mysql_query("update `users` set `locked`='1' where `id`='$id'");  //, `deleted`=Now()
                // called from includes/account.php     if($oldid == 50 && $process != "")
                $uid = intval($uid);
                if (0==$cca) {
-                       $query1 = "select 1 from `domiancerts` where `memid`='$uid' and `expire`>NOW()";
-                       $query2 = "select 1 from `domiancerts` where `memid`='$uid' and `revoked`>NOW()";
+                       $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>NOW() and `revoked`<`created`";
+                       $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>NOW()";
                }else{
-                       $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>NOW()+90*86400";
-                       $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>NOW()+90*86400";
+                       $query1 = "select 1 from `emailcerts` where `memid`='$uid' and `expire`>(NOW()-90*86400)  and `revoked`<`created`";
+                       $query2 = "select 1 from `emailcerts` where `memid`='$uid' and `revoked`>(NOW()-90*86400)";
                }
                $res = mysql_query($query1);
                $r1 = mysql_num_rows($res)>0;
                // called from includes/account.php     if($oldid == 50 && $process != "")
                $uid = intval($uid);
                if (0==$cca) {
-                       $query1 = "select 1 from `domiancerts` where `memid`='$uid' and `expire`>NOW()";
-                       $query2 = "select 1 from `domiancerts` where `memid`='$uid' and `revoked`>NOW()";
+                       $query1 = "select 1 from `domaincerts` where `memid`='$uid' and `expire`>NOW() and `revoked`<`created`";
+                       $query2 = "select 1 from `domaincerts` where `memid`='$uid' and `revoked`>NOW()";
                }else{
-                       $query1 = "select 1 from `domiancerts` where `memid`='$uid' and `expire`>NOW()+90*86400";
-                       $query2 = "select 1 from `domiancerts` where `memid`='$uid' and `revoked`>NOW()+90*86400";
+                       $query1 = "select 1 from `domaincerts` where `memid`='$uid' and `expire`>(NOW()-90*86400)  and `revoked`<`created`";
+                       $query2 = "select 1 from `domaincerts` where `memid`='$uid' and `revoked`>(NOW()-90*86400)";
                }
                $res = mysql_query($query1);
                $r1 = mysql_num_rows($res)>0;