bug 893:extracted delete functionalities to temp_functions.php, modified www/disputes...
authorINOPIAE <inopiae@cacert.org>
Sat, 15 Dec 2012 13:38:44 +0000 (14:38 +0100)
committerBenny Baumann <BenBE@geshi.org>
Sun, 6 Jan 2013 23:18:47 +0000 (00:18 +0100)
Late the functions from temp_functions.php should be moved to notary_inc.php???

includes/account.php
includes/temp_functions.php [new file with mode: 0644]
pages/account/50.php
www/disputes.php

index 4faa0e5..5ac5a6a 100644 (file)
@@ -18,7 +18,8 @@
        require_once("../includes/loggedin.php");
        require_once("../includes/lib/l10n.php");
        require_once('lib/check_weak_key.php');
-
+       require_once("../includes/temp_functions.php");
+       
        loadem("account");
 
        $id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']);
                                {
                                        $row = mysql_fetch_assoc($res);
                                        echo $row['email']."<br>\n";
-                                       $query = "select `emailcerts`.`id` 
-                                                       from `emaillink`,`emailcerts` where
-                                                       `emailid`='$id' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and
-                                                       `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0
-                                                       group by `emailcerts`.`id`";
-                                       $dres = mysql_query($query);
-                                       while($drow = mysql_fetch_assoc($dres))
-                                               mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['id']."'");
-       
-                                       $query = "update `email` set `deleted`=NOW() where `id`='$id'";
-                                       mysql_query($query);
+                                       account_email_delete($row['id']);
                                        $delcount++;
                                }
                        }
                                {
                                        $row = mysql_fetch_assoc($res);
                                        echo $row['domain']."<br>\n";
-                                       
-                                       $dres = mysql_query(
-                                               "select distinct `domaincerts`.`id`
-                                                       from `domaincerts`, `domlink`
-                                                       where `domaincerts`.`domid` = '$id'
-                                                       or (
-                                                               `domaincerts`.`id` = `domlink`.`certid`
-                                                               and `domlink`.`domid` = '$id'
-                                                               )");
-                                       while($drow = mysql_fetch_assoc($dres))
-                                       {
-                                               mysql_query(
-                                                       "update `domaincerts`
-                                                               set `revoked`='1970-01-01 10:00:01'
-                                                               where `id` = '".$drow['id']."'
-                                                               and `revoked` = 0
-                                                               and UNIX_TIMESTAMP(`expire`) -
-                                                                               UNIX_TIMESTAMP() > 0");
-                                       }
-                                       
-                                       mysql_query(
-                                               "update `domains`
-                                                       set `deleted`=NOW()
-                                                       where `id` = '$id'");
+                                       account_domain_delete($row['id']);
                                }
+
                        }
                }
                else
                        $row = mysql_fetch_assoc($res);
                        if ( !is_assurer(intval($row['id'])) )
                        {
-                               $id = $oldid;\r
-                               $oldid=0;\r
+                               $id = $oldid;
+                               $oldid=0;
                                $_SESSION['_config']['errmsg'] =
                                                _("The user is not an Assurer yet");
                        } else {
        if($oldid == 50 && $process != "")
        {
                $_REQUEST['userid'] = intval($_REQUEST['userid']);
-               $res = mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'");
-               if(mysql_num_rows($res) > 0)
-               {
-                       $query = "update `domaincerts`,`domains` SET `domaincerts`.`revoked`='1970-01-01 10:00:01'
-                                       WHERE `domaincerts`.`domid` = `domains`.`id` AND `domains`.`memid`='".intval($_REQUEST['userid'])."'";
-                       mysql_query($query);
-                       $query = "update `domains` SET `deleted`=NOW() WHERE `domains`.`memid`='".intval($_REQUEST['userid'])."'";
-                       mysql_query($query);
-                       $query = "update `emailcerts` SET `revoked`='1970-01-01 10:00:01' WHERE `memid`='".intval($_REQUEST['userid'])."'";
-                       mysql_query($query);
-                       $query = "update `email` SET `deleted`=NOW() WHERE `memid`='".intval($_REQUEST['userid'])."'";
-                       mysql_query($query);
-                       $query = "delete from `org` WHERE `memid`='".intval($_REQUEST['userid'])."'";
-                       mysql_query($query);
-                       $query = "update `users` SET `deleted`=NOW() WHERE `id`='".intval($_REQUEST['userid'])."'";
-                       mysql_query($query);
+               if (!isset($_REQUEST['arbitrationno'])){
+                       echo _("You did not enter an arbitration number.");
+                       exit;
                }
+               account_delete($_REQUEST['userid'], $_REQUEST['arbitrationno'], $_SESSION['profile']['id']);
        }
 
        if(($id == 51 || $id == 52 || $oldid == 52) && $_SESSION['profile']['tverify'] <= 0)
diff --git a/includes/temp_functions.php b/includes/temp_functions.php
new file mode 100644 (file)
index 0000000..bd07127
--- /dev/null
@@ -0,0 +1,153 @@
+<?php
+//just temoprary file to find all function needed for account delete
+
+function account_email_delete($mailid){
+//deletes an email entry from an acount
+//revolkes all certifcates for that email address
+//called from www/account.php if($process != "" && $oldid == 2)
+//called from www/diputes.php if($type == "reallyemail") / if($action == "accept")
+
+       $query = "select `emailcerts`.`id` 
+               from `emaillink`,`emailcerts` where
+               emailid`='$mailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and
+               `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0
+                       group by `emailcerts`.`id`";
+       $dres = mysql_query($query);
+       while($drow = mysql_fetch_assoc($dres)){
+               mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$drow['id']."'");
+       }
+       $query = "update `email` set `deleted`=NOW() where `id`='$mailid'";
+       mysql_query($query);
+}
+
+function account_domain_delete($domainid){
+//deletes an domain entry from an acount
+//revolkes all certifcates for that domain address
+//called from www/account.php if($process != "" && $oldid == 9)
+//called from www/diputes.php if($type == "reallydomain") / if($action == "accept")
+
+       $query = "select distinct `domaincerts`.`id`
+               from `domaincerts`, `domlink`
+               where `domaincerts`.`domid` = '$domainid'
+               or (
+               `domaincerts`.`id` = `domlink`.`certid`
+               and `domlink`.`domid` = '$domainid'";
+       $dres = mysql_query($query);
+       while($drow = mysql_fetch_assoc($dres))
+       {
+               mysql_query(
+                       "update `domaincerts`
+                       set `revoked`='1970-01-01 10:00:01'
+                       where `id` = '".$drow['id']."'
+                       and `revoked` = 0
+                       and UNIX_TIMESTAMP(`expire`) -
+                       UNIX_TIMESTAMP() > 0");
+       }
+       mysql_query(
+               "update `domains`
+               set `deleted`=NOW()
+               where `id` = '$domainid'");
+
+}
+
+function account_delete($id, $arbno, $adminid){
+//deletes an account following the deleted account routnie V3 
+// called from www/account.php if($oldid == 50 && $process != "")
+//change password
+       $pool = "abcdefghijklmnopqrstuvwxyz";
+       $pool .= "0123456789!()ยง";
+       $pool .= "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+       srand ((double)microtime()*1000000);
+       $password="";
+       for($index = 0; $index < 30; $index++)
+       {
+               $password .= substr($pool,(rand()%(strlen ($pool))), 1);
+       }
+       mysql_query("update `users` set `password`=sha1('".$password."') where `id`='".$id."'");
+       
+//create new mail for arbitration number
+       $query = "insert into `email` set `email`='".$arbno."@cacert.org',`memid`='".$id."',`created`=NOW(),`modified`=NOW(), `attempts`=-1";
+       mysql_query($query);
+       $emailid = mysql_insert_id();
+       
+//set new mail as default
+       $query = "update `users` set `email`='".$arbno."@cacert.org' where `id`='".$id."'";
+       mysql_query($query);
+       
+//delete all other email address
+       $query = "select * from `email` where `memid`='".$id."' and `memid`='".$emailid."'" ;
+       $res=mysql_query($query);
+       while($row = mysql_fetch_assoc(dres)){}
+               account_email_delete($row['id']);
+       }
+
+//delete all domains
+       $query = "select * from `domains` where `memid`='".$id."'";
+       $res=mysql_query($query);
+       while($row = mysql_fetch_assoc($res)){}
+               account_email_delete($row['id']);
+       }
+//clear alert settings
+       mysql_query("update `alerts` set `general`='1' where `memid`='$id'");
+       mysql_query("update `alerts` set `country`='1' where `memid`='$id'");
+       mysql_query("update `alerts` set `regional`='1' where `memid`='$id'");
+       mysql_query("update `alerts` set `radius`='1' where `memid`='$id'");
+       
+//set default location
+               $query = "update `users` set `locid`='2256755', `regid`='243', `ccid`='12' where `id`='".$id."'";
+               mysql_query($query);
+               
+//clear listings
+       $query = "update `users` set `listme`=' ',`contactinfo`=' ' where `id`='".$id."'";
+       mysql_query($query);
+       
+//set lanuage to default
+       //set default language
+       mysql_query("update `users` set `language`='en_AU' where `id`='".$id."'");
+       //delete secondary langugaes
+       mysql_query("delete from `addlang` where `userid`='".$id."'");
+       
+//change secret questions 
+       for($i=1;$i<=5;$i++){}
+               $q="";
+               $a=""
+               for($index = 0; $index < 30; $index++)
+               {
+                       $q .= substr($pool,(rand()%(strlen ($pool))), 1);
+                       $a .= substr($pool,(rand()%(strlen ($pool))), 1);
+               }
+               $query = "update `users` set `Q".$i."`='".$q."',
+                                               `A".$i."`='".$a."',
+                                               where `id`='".$id."'";
+               mysql_query($query);
+       }
+
+//change personal information to arbitration number and DOB=1900-01-01
+       $query = "select `fname`,`mname`,`lname`,`suffix`,`dob` from `users` where `id`='$userid'";
+       $details = mysql_fetch_assoc(mysql_query($query));
+       $query = "insert into `adminlog` set `when`=NOW(),`old-lname`='${details['lname']}',`old-dob`='${details['dob']}',
+               `new-lname`='$arbno',`new-dob`='1900-01-01',`uid`='$id',`adminid`='".$adminid."'";
+       mysql_query($query);
+       $query = "update `users` set `fname`='".$arbno."',
+               `mname`='".$arbno."',
+               `lname`='".$arbno."',
+               `suffix`='".$arbno."',
+               `dob`='1900-01-01'
+               where `id`='".$id."'";
+       mysql_query($query);
+       
+//clear all admin flags
+       mysql_query("update `users` set `assurer`='0' where `id`='$id'");
+       mysql_query("update `users` set `assurer_blocked`='0' where `id`='$id'");
+       mysql_query("update `users` set `codesign`='0' where `id`='$id'");
+       mysql_query("update `users` set `orgadmin`='0' where `id`='$id'");
+       mysql_query("update `users` set `ttpadmin`='0' where `id`='$id'");
+       mysql_query("update `users` set `locadmin`='0' where `id`='$id'");
+       mysql_query("update `users` set `admin`='0' where `id`='$id'");
+       mysql_query("update `users` set `adadmin`='0' where `id`='$id'");
+       mysql_query("update `users` set `tverify`='0' where `id`='$id'");
+       
+//block account
+       mysql_query("update `users` set `locked`='1' where `id`='$id'");
+}
+?>
index 1604156..48c8896 100644 (file)
 <form method="post" action="account.php">
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
   <tr>
-    <td colspan="2" class="title"><?=_("Change Password")?></td>
+    <td colspan="2" class="title"><?=_("Delete Account")?></td>
   </tr>
   <tr>
     <td class="DataTD"><?=_("Email")?>:</td>
     <td class="DataTD"><b><?=sanitizeHTML($_REQUEST['email'])?></b></td>
   </tr>
   <tr>
+    <td class="DataTD"><?=_("Username from arbitration number.")?>:</td>
+    <td class="DataTD"><input type="text" name="arbitrationno"></td>
+  </tr>
+  <tr>
     <td class="DataTD" colspan="2"><?=_("Are you sure you want to delete this user, while not actually deleting the account it will completely disable it and revoke any/all certificates currently issued.")?></td>
   </tr>
   <tr>
index 5b78c1e..3eec20b 100644 (file)
@@ -17,7 +17,8 @@
 */ ?>
 <?
        require_once("../includes/loggedin.php");
-
+       require_once("../includes/temp_functions.php");
+       
        loadem("account");
 
         $type=""; if(array_key_exists('type',$_REQUEST)) $type=$_REQUEST['type'];
                        {
                                $row = mysql_fetch_assoc($res);
                                echo $row['email']."<br>\n";
-                               $query = "select `emailcerts`.`id`
-                                               from `emaillink`,`emailcerts` where
-                                               `emailid`='$emailid' and `emaillink`.`emailcertsid`=`emailcerts`.`id` and
-                                               `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0
-                                               group by `emailcerts`.`id`";
-                               $dres = mysql_query($query);
-                               while($drow = mysql_fetch_assoc($dres))
-                                       mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='".intval($drow['id'])."'");
-
-                               $do = `../scripts/runclient`;
-                               $query = "update `email` set `deleted`=NOW() where `id`='".intval($emailid)."'";
-                               mysql_query($query);
+                               account_email_delete($row['id']);
                        }
                        mysql_query("update `disputeemail` set hash='',action='accept' where `id`='$emailid'");
-                       $rc = mysql_num_rows(mysql_query("select * from `domains` where `memid`='$oldmemid' and `deleted`=0"));
-                       $rc = mysql_num_rows(mysql_query("select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'"));
-                       $res = mysql_query("select * from `users` where `id`='$oldmemid'");
-                       $user = mysql_fetch_assoc($res);
+                       $rc = mysql_num_rows(mysql_query("select * from `domains` where `memid`='$oldmemid' and `deleted`=0"));
+                       $rc = mysql_num_rows(mysql_query("select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'"));
+                       $res = mysql_query("select * from `users` where `id`='$oldmemid'");
+                       $user = mysql_fetch_assoc($res);
                        if($rc == 0 && $rc2 == 0 && $_SESSION['_config']['email'] == $user['email'])
                        {
                                mysql_query("update `users` set `deleted`=NOW() where `id`='$oldmemid'");
                        showheader(_("Domain Dispute"));
                        echo "<p>"._("You have opted to accept this dispute and the request will now remove this domain from the existing account, and revoke any current certificates.")."</p>";
                        echo "<p>"._("The following accounts have been removed:")."<br>\n";
+                       //new account_domain_delete($domainid, $memberID)
                        $query = "select * from `domains` where `id`='$domainid' and deleted=0";
                        $res = mysql_query($query);
                        if(mysql_num_rows($res) > 0)
                        {
-                                echo $_SESSION['_config']['domain']."<br>\n";
-                                mysql_query("update `domains` set `deleted`=NOW() where `id`='$domainid'");
-                               $query = "select * from `domlink` where `domid`='$domainid'";
-                               $res = mysql_query($query);
-                               while($row = mysql_fetch_assoc($res))
-                                       mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='".$row['certid']."' and `revoked`=0 and UNIX_TIMESTAMP(`expire`)-UNIX_TIMESTAMP() > 0");
-                               $do = `../scripts/runserver`;
-                       }
+                       echo $_SESSION['_config']['domain']."<br>\n";
+                       account_domain_delete($domainid);
                        mysql_query("update `disputedomain` set hash='',action='accept' where `id`='$domainid'");
                        showfooter();
                        exit;