Merge branch 'bug-1138' of https://github.com/INOPIAE/CAcert into bug-1138
authorINOPIAE <inopiae@cacert.org>
Sun, 8 Dec 2013 17:25:16 +0000 (18:25 +0100)
committerINOPIAE <inopiae@cacert.org>
Sun, 8 Dec 2013 17:25:16 +0000 (18:25 +0100)
Conflicts:
includes/account.php
includes/temp_functions.php
pages/account/43.php

1  2 
includes/account.php
pages/account/43.php

                $month = intval($_REQUEST['month']);
                $year = intval($_REQUEST['year']);
                $userid = intval($_REQUEST['userid']);
-               $query = "select `fname`,`mname`,`lname`,`suffix`,`dob` from `users` where `id`='$userid'";
-               $details = mysql_fetch_assoc(mysql_query($query));
-               $query = "insert into `adminlog` set `when`=NOW(),`old-lname`='${details['lname']}',`old-dob`='${details['dob']}',
-                               `new-lname`='$lname',`new-dob`='$year-$month-$day',`uid`='$userid',`adminid`='".$_SESSION['profile']['id']."'";
-               mysql_query($query);
                $query = "update `users` set `fname`='$fname',`mname`='$mname',`lname`='$lname',`suffix`='$suffix',`dob`='$year-$month-$day' where `id`='$userid'";
                mysql_query($query);
+               write_se_log($userid,$_SESSION[''], $_SESSION['profile']['id'],'AD Name/DOB Change',$ticketno);
+       }else{
+               $_SESSION['ticketmsg']='No action taken. Ticket number is missing!';
        }
  
 +      if($oldid == 43 && $_REQUEST['action'] == 'revokecert')
 +      {
 +              $userid = intval($_REQUEST['userid']);
 +              revoke_all_private_cert($userid);
 +              $id=43;
 +      }
 +
        if($oldid == 48 && $_REQUEST['domain'] == "")
        {
                $id = $oldid;
                        showfooter();
                        exit;
                }
 -              account_delete($_REQUEST['userid'], $_REQUEST['arbitrationno'], $_SESSION['profile']['id']);
 +              account_delete($_REQUEST['userid'], trim($_REQUEST['arbitrationno']), $_SESSION['profile']['id']);
        }
  
+       if(($id == 51 || $id == 52 || $oldid == 52))
+       {
+               showheader(_("My CAcert.org Account!"));
+               echo _("You don't have access to this area.\nThe Tverify programme is terminated as of 16th November 2010" );
+               showfooter();
+               exit;
+       }
+       /* this area not needed as the The Tverify programme is Terminated as of 16th November 2010
        if(($id == 51 || $id == 52 || $oldid == 52) && $_SESSION['profile']['tverify'] <= 0)
        {
                showheader(_("My CAcert.org Account!"));
                showfooter();
                exit;
        }
+  */
 +      if($id == 59){
 +              if ($oldid==43) {
 +                      se_write_log($_REQUEST['userid'], $_SESSION['profile']['id'], 'View account history', $_REQUEST['ticketno']);
 +                      $support=1;
 +              }ELSEIF ($oldid==13){
 +                      $support=0;
 +              }ELSE{
 +                      showheader(_("My CAcert.org Account!"));
 +                      echo _("You do not have access to this page.");
 +                      showfooter();
 +                      exit;
 +              }
 +      }
 +
 +
        if(intval($cert) > 0)
                $_SESSION['_config']['cert'] = intval($cert);
        if(intval($orgid) > 0)
  */ ?>
  <?
  include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
+       $ticketno='';
+       $ticketvalidation=FALSE;
  
 -      //check if a ticket number is entered
 -      if (isset($_REQUEST['ticketno'])) {
 -              $ticketno=trim(mysql_real_escape_string($_REQUEST['ticketno']));
 -              $ticketvalidation=valid_ticket_number($ticketno);
 -              if ($ticket==true) {
 -                      $_SESSION['ticketno']=$ticketno;
 -              }
 -      }
 +//check if an assurance should be deleted
 +  if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0)
 +  {
 +    $assurance = mysql_escape_string(intval($_REQUEST['assurance']));
 +    $row = 0;
 +    $res = mysql_query("select `to` from `notary` where `id`='$assurance'");
 +    if ($res) {
 +      $row = mysql_fetch_assoc($res);
 +    }
-     mysql_query("delete from `notary` where `id`='$assurance'");
-     if ($row) {
-       fix_assurer_flag($row['to']);
 +    }
+       if (isset($_SESSION['ticketno'])) {
+               $ticketno=$_SESSION['ticketno'];
+               $ticketvalidation=TRUE;
 -      }
 +  }
+       if (isset($_SESSION['ticketmsg'])) {
+               $ticketmsg=$_SESSION['ticketmsg'];
+       } else {
+               $ticketmsg='';
+       }
  
 -
 -      //searches for a user account if no userid is given
 +// search for an account by email search, if more than one is found display list to choose
    if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
    {
 +    $_REQUEST['userid'] = 0;
 +
      $emailsearch = $email = mysql_escape_string(stripslashes($_REQUEST['email']));
  
      //Disabled to speed up the queries
      }
    }
  
 -      //actions if a userid is present
 -      if(intval($_REQUEST['userid']) > 0)
 -      {
 -              $uid = intval($_REQUEST['userid']);
 -              $adminid=intval($_SESSION['profile']['id']);
 -              $query = "select * from `users` where `id`='$uid' and `users`.`deleted`=0";
 -              $res = mysql_query($query);
 -              if(mysql_num_rows($res) <= 0)
 -              {
 -                      echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
 -              } else {
 -                      $row = mysql_fetch_assoc($res);
 -                      $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."'";
 -                      $dres = mysql_query($query);
 -                      $drow = mysql_fetch_assoc($dres);
 -                      $alerts = mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($row['id'])."'"));
 +// display user information for given user id
 +  if(intval($_REQUEST['userid']) > 0)
 +  {
 +    $userid = intval($_REQUEST['userid']);
 +// comment to be deleted before release
 +//    $query = "select * from `users` where `users`.`id`='$userid' and `users`.`deleted`=0";
 +//    $res = mysql_query($query);
 +    $res =get_user_data($userid);
 +    if(mysql_num_rows($res) <= 0)
 +    {
 +      echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
 +    } else {
 +      $row = mysql_fetch_assoc($res);
 +      $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."'";
 +      $dres = mysql_query($query);
 +      $drow = mysql_fetch_assoc($dres);
 +// comment to be deleted before release
 +//      $alerts = mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($row['id'])."'"));
 +      $alerts =get_alerts(intval($row['id']));
 +//display account data
+               //deletes an assurance
+                       if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0 && $ticketvalidation==true)
+                       {
+                               $assurance = mysql_escape_string(intval($_REQUEST['assurance']));
+                               $row = 0;
+                               $res = mysql_query("select `to` from `notary` where `id`='$assurance'");
+                               if ($res) {
+                                       $row = mysql_fetch_assoc($res);
+                               }
+                               mysql_query("delete from `notary` where `id`='$assurance'");
+                               if ($row) {
+                                       fix_assurer_flag($row['to']);
+                                       write_se_log($uid, $adminid, 'AD block account', $ticketno);
+                               }
+                       } else {
+                               $ticketmsg=_('No assurance revoked. Ticket number is missing!');
+                       }
+               //Ticket number
  ?>
+ <form method="post" action="account.php?id=43&userid=<?=$uid?>">
+       <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+               <tr>
+                       <td colspan="2" class="title"><?=_('Ticket handling') ?></td>
+               </tr>
+               <tr>
+                       <td class="DataTD"><?=_('Ticket no:')?>:</td>
+                       <td class="DataTD"><input type="text" name="ticketno" value="<?=$ticketno?>"/></td>
+               </tr>
+               <tr>
+                       <td colspan="2" ><?=$ticketmsg?></td>
+ <? $_SESSION['ticketmsg']='' ?>'
+               </tr>
+               <tr>
+                       <td colspan="2" ><input type="submit" value="<?=_('Set ticket number') ?>"></td>
+               </tr>
+       </table>
+ </form>
+ <br/>
+ <!-- display data table -->
  <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
 -      <tr>
 -              <td colspan="5" class="title"><? printf(_("%s's Account Details"), sanitizeHTML($row['email'])); ?></td>
 -      </tr>
 -      <tr>
 -              <td class="DataTD"><?=_("Email")?>:</td>
 -              <td class="DataTD"><?=sanitizeHTML($row['email'])?></td>
 -      </tr>
 -      <tr>
 -              <td class="DataTD"><?=_("First Name")?>:</td>
 -              <td class="DataTD"><form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to modify this DOB and/or last name?")?>')) return false;">
 -              <input type="hidden" name="csrf" value="<?=make_csrf('admchangepers')?>" />
 -              <input type="text" name="fname" value="<?=sanitizeHTML($row['fname'])?>"></td>
 -      </tr>
 -      <tr>
 -              <td class="DataTD"><?=_("Middle Name")?>:</td>
 -              <td class="DataTD"><input type="text" name="mname" value="<?=sanitizeHTML($row['mname'])?>"></td>
 -      </tr>
 -      <tr>
 -              <td class="DataTD"><?=_("Last Name")?>:</td>
 -              <td class="DataTD">  <input type="hidden" name="oldid" value="43">
 -              <input type="hidden" name="action" value="updatedob">
 -              <input type="hidden" name="userid" value="<?=intval($uid)?>">
 -              <input type="text" name="lname" value="<?=sanitizeHTML($row['lname'])?>"></td>
 -      </tr>
 -      <tr>
 -              <td class="DataTD"><?=_("Suffix")?>:</td>
 -              <td class="DataTD"><input type="text" name="suffix" value="<?=sanitizeHTML($row['suffix'])?>"></td>
 -      </tr>
 -      <tr>
 -      <td class="DataTD"><?=_("Date of Birth")?>:</td>
 -      <td class="DataTD">
 +  <tr>
 +    <td colspan="5" class="title"><? printf(_("%s's Account Details"), sanitizeHTML($row['email'])); ?></td>
 +  </tr>
 +  <tr>
 +    <td class="DataTD"><?=_("Email")?>:</td>
 +    <td class="DataTD"><?=sanitizeHTML($row['email'])?></td>
 +  </tr>
 +  <tr>
 +    <td class="DataTD"><?=_("First Name")?>:</td>
 +    <td class="DataTD"><form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to modify this DOB and/or last name?")?>')) return false;">
 +  <input type="hidden" name="csrf" value="<?=make_csrf('admchangepers')?>" />
 +  <input type="text" name="fname" value="<?=sanitizeHTML($row['fname'])?>"></td>
 +  </tr>
 +  <tr>
 +    <td class="DataTD"><?=_("Middle Name")?>:</td>
 +    <td class="DataTD"><input type="text" name="mname" value="<?=sanitizeHTML($row['mname'])?>"></td>
 +  </tr>
 +  <tr>
 +    <td class="DataTD"><?=_("Last Name")?>:</td>
 +    <td class="DataTD">  <input type="hidden" name="oldid" value="43">
 +  <input type="hidden" name="action" value="updatedob">
 +  <input type="hidden" name="userid" value="<?=intval($userid)?>">
 +  <input type="text" name="lname" value="<?=sanitizeHTML($row['lname'])?>"></td>
 +  </tr>
 +  <tr>
 +    <td class="DataTD"><?=_("Suffix")?>:</td>
 +    <td class="DataTD"><input type="text" name="suffix" value="<?=sanitizeHTML($row['suffix'])?>"></td>
 +  </tr>
 +  <tr>
 +    <td class="DataTD"><?=_("Date of Birth")?>:</td>
 +    <td class="DataTD">
- <?
              <?
 -              $year = intval(substr($row['dob'], 0, 4));
 -              $month = intval(substr($row['dob'], 5, 2));
 -              $day = intval(substr($row['dob'], 8, 2));
 -              ?><nobr><select name="day">
 +  $year = intval(substr($row['dob'], 0, 4));
 +  $month = intval(substr($row['dob'], 5, 2));
 +  $day = intval(substr($row['dob'], 8, 2));
 +  ?><nobr><select name="day">
- <?
                      <?
 -                      for($i = 1; $i <= 31; $i++)
 -                      {
 -                              echo "<option";
 -                              if($day == $i)
 -                                      echo " selected='selected'";
 -                              echo ">$i</option>";
 -                      }
 +        for($i = 1; $i <= 31; $i++)
 +        {
 +                echo "<option";
 +                if($day == $i)
 +                    echo " selected='selected'";
 +                echo ">$i</option>";
 +        }
- ?>
                      ?>
 -              </select>
 -              <select name="month">
 +    </select>
 +    <select name="month">
- <?
                      <?
 -                      for($i = 1; $i <= 12; $i++)
 -                      {
 -                              echo "<option value='$i'";
 -                              if($month == $i)
 -                                      echo " selected='selected'";
 -                              echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))."</option>";
 -                      }
 +        for($i = 1; $i <= 12; $i++)
 +        {
 +                echo "<option value='$i'";
 +                if($month == $i)
 +                        echo " selected='selected'";
 +                echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))."</option>";
 +        }
- ?>
                      ?>
 -              </select>
 -              <input type="text" name="year" value="<?=$year?>" size="4">
 -              <input type="submit" value="Go"></form></nobr></td>
 -      </tr>
 -      <tr>
 -              <td class="DataTD"><?=_("Trainings")?>:</td>
 -              <td class="DataTD"><a href="account.php?id=55&amp;userid=<?=intval($row['id'])?>">show</a></td>
 -      </tr>
 -      <tr>
 -              <td class="DataTD"><?=_("Is Assurer")?>:</td>
 -              <td class="DataTD"><a href="account.php?id=43&amp;assurer=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admsetassuret')?>"><?=$row['assurer']?></a></td>
 -      </tr>
 -      <tr>
 -              <td class="DataTD"><?=_("Blocked Assurer")?>:</td>
 -              <td class="DataTD"><a href="account.php?id=43&amp;assurer_blocked=<?=intval($row['id'])?>"><?=$row['assurer_blocked']?></a></td>
 -      </tr>
 -      <tr>
 -              <td class="DataTD"><?=_("Account Locking")?>:</td>
 -              <td class="DataTD"><a href="account.php?id=43&amp;locked=<?=$row['id']?>&amp;csrf=<?=make_csrf('admactlock')?>"><?=$row['locked']?></a></td>
 -      </tr>
 -      <tr>
 -              <td class="DataTD"><?=_("Code Signing")?>:</td>
 -              <td class="DataTD"><a href="account.php?id=43&amp;codesign=<?=$row['id']?>&amp;csrf=<?=make_csrf('admcodesign')?>"><?=$row['codesign']?></a></td>
 -      </tr>
 -      <tr>
 -              <td class="DataTD"><?=_("Org Assurer")?>:</td>
 -              <td class="DataTD"><a href="account.php?id=43&amp;orgadmin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admorgadmin')?>"><?=$row['orgadmin']?></a></td>
 -      </tr>
 -      <tr>
 -              <td class="DataTD"><?=_("TTP Admin")?>:</td>
 -              <td class="DataTD"><a href="account.php?id=43&amp;ttpadmin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admttpadmin')?>"><?=$row['ttpadmin']?></a></td>
 -      </tr>
 -      <tr>
 -              <td class="DataTD"><?=_("Location Admin")?>:</td>
 -              <td class="DataTD"><a href="account.php?id=43&amp;locadmin=<?=$row['id']?>"><?=$row['locadmin']?></a></td>
 -      </tr>
 -      <tr>
 -              <td class="DataTD"><?=_("Admin")?>:</td>
 -              <td class="DataTD"><a href="account.php?id=43&amp;admin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admsetadmin')?>"><?=$row['admin']?></a></td>
 -      </tr>
 -      <tr>
 -              <td class="DataTD"><?=_("Ad Admin")?>:</td>
 -              <td class="DataTD"><a href="account.php?id=43&amp;adadmin=<?=$row['id']?>"><?=$row['adadmin']?></a> (0 = none, 1 = submit, 2 = approve)</td>
 -      </tr>
 +    </select>
 +    <input type="text" name="year" value="<?=$year?>" size="4">
 +    <input type="submit" value="Go"></form></nobr></td>
 +<? // list of flags ?>
 +  </tr>
 +  <tr>
 +    <td class="DataTD"><?=_("CCA accepted")?>:</td>
 +    <td class="DataTD"><a href="account.php?id=57&amp;userid=<?=intval($row['id'])?>"><?=intval(get_user_agreement_status($row['id'])) ? _("Yes") : _("No") ?></a></td>
 +  </tr>
 +  <tr>
 +    <td class="DataTD"><?=_("Trainings")?>:</td>
 +    <td class="DataTD"><a href="account.php?id=55&amp;userid=<?=intval($row['id'])?>">show</a></td>
 +  </tr>
 +  <tr>
 +    <td class="DataTD"><?=_("Is Assurer")?>:</td>
 +    <td class="DataTD"><a href="account.php?id=43&amp;assurer=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admsetassuret')?>"><?=$row['assurer']?></a></td>
 +  </tr>
 +  <tr>
 +    <td class="DataTD"><?=_("Blocked Assurer")?>:</td>
 +    <td class="DataTD"><a href="account.php?id=43&amp;assurer_blocked=<?=intval($row['id'])?>"><?=$row['assurer_blocked']?></a></td>
 +  </tr>
 +  <tr>
 +    <td class="DataTD"><?=_("Account Locking")?>:</td>
 +    <td class="DataTD"><a href="account.php?id=43&amp;locked=<?=$row['id']?>&amp;csrf=<?=make_csrf('admactlock')?>"><?=$row['locked']?></a></td>
 +  </tr>
 +  <tr>
 +    <td class="DataTD"><?=_("Code Signing")?>:</td>
 +    <td class="DataTD"><a href="account.php?id=43&amp;codesign=<?=$row['id']?>&amp;csrf=<?=make_csrf('admcodesign')?>"><?=$row['codesign']?></a></td>
 +  </tr>
 +  <tr>
 +    <td class="DataTD"><?=_("Org Assurer")?>:</td>
 +    <td class="DataTD"><a href="account.php?id=43&amp;orgadmin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admorgadmin')?>"><?=$row['orgadmin']?></a></td>
 +  </tr>
 +  <tr>
 +    <td class="DataTD"><?=_("TTP Admin")?>:</td>
 +    <td class="DataTD"><a href="account.php?id=43&amp;ttpadmin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admttpadmin')?>"><?=$row['ttpadmin']?></a></td>
 +  </tr>
 +  <tr>
 +    <td class="DataTD"><?=_("Location Admin")?>:</td>
 +    <td class="DataTD"><a href="account.php?id=43&amp;locadmin=<?=$row['id']?>"><?=$row['locadmin']?></a></td>
 +  </tr>
 +  <tr>
 +    <td class="DataTD"><?=_("Admin")?>:</td>
 +    <td class="DataTD"><a href="account.php?id=43&amp;admin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admsetadmin')?>"><?=$row['admin']?></a></td>
 +  </tr>
 +  <tr>
 +    <td class="DataTD"><?=_("Ad Admin")?>:</td>
 +    <td class="DataTD"><a href="account.php?id=43&amp;adadmin=<?=$row['id']?>"><?=$row['adadmin']?></a> (0 = none, 1 = submit, 2 = approve)</td>
 +  </tr>
+       <!---presently not needed
 -      <tr>
 -              <td class="DataTD"><?=_("Tverify Account")?>:</td>
 -              <td class="DataTD"><a href="account.php?id=43&amp;tverify=<?=$row['id']?>"><?=$row['tverify']?></a></td>
 +  <tr>
 +    <td class="DataTD"><?=_("Tverify Account")?>:</td>
 +    <td class="DataTD"><a href="account.php?id=43&amp;tverify=<?=$row['id']?>"><?=$row['tverify']?></a></td>
-   </tr>
+       </tr> -->
 -      <tr>
 -              <td class="DataTD"><?=_("General Announcements")?>:</td>
 -              <td class="DataTD"><a href="account.php?id=43&amp;general=<?=$row['id']?>"><?=$alerts['general']?></a></td>
 -      </tr>
 -      <tr>
 -              <td class="DataTD"><?=_("Country Announcements")?>:</td>
 -              <td class="DataTD"><a href="account.php?id=43&amp;country=<?=$row['id']?>"><?=$alerts['country']?></a></td>
 -      </tr>
 -      <tr>
 -              <td class="DataTD"><?=_("Regional Announcements")?>:</td>
 -              <td class="DataTD"><a href="account.php?id=43&amp;regional=<?=$row['id']?>"><?=$alerts['regional']?></a></td>
 -      </tr>
 -      <tr>
 -              <td class="DataTD"><?=_("Within 200km Announcements")?>:</td>
 -              <td class="DataTD"><a href="account.php?id=43&amp;radius=<?=$row['id']?>"><?=$alerts['radius']?></a></td>
 -      </tr>
 -      <tr>
 -              <td class="DataTD"><?=_("Change Password")?>:</td>
 -              <td class="DataTD"><a href="account.php?id=44&amp;userid=<?=$row['id']?>"><?=_("Change Password")?></a></td>
 -      </tr>
 -      <tr>
 -              <td class="DataTD"><?=_("Delete Account")?>:</td>
 -              <td class="DataTD"><a href="account.php?id=50&amp;userid=<?=$row['id']?>&amp;csrf=<?=make_csrf('admdelaccount')?>"><?=_("Delete Account")?></a></td>
 -      </tr>
 +  <tr>
 +    <td class="DataTD"><?=_("General Announcements")?>:</td>
 +    <td class="DataTD"><a href="account.php?id=43&amp;general=<?=$row['id']?>"><?=$alerts['general']?></a></td>
 +  </tr>
 +  <tr>
 +    <td class="DataTD"><?=_("Country Announcements")?>:</td>
 +    <td class="DataTD"><a href="account.php?id=43&amp;country=<?=$row['id']?>"><?=$alerts['country']?></a></td>
 +  </tr>
 +  <tr>
 +    <td class="DataTD"><?=_("Regional Announcements")?>:</td>
 +    <td class="DataTD"><a href="account.php?id=43&amp;regional=<?=$row['id']?>"><?=$alerts['regional']?></a></td>
 +  </tr>
 +  <tr>
 +    <td class="DataTD"><?=_("Within 200km Announcements")?>:</td>
 +    <td class="DataTD"><a href="account.php?id=43&amp;radius=<?=$row['id']?>"><?=$alerts['radius']?></a></td>
 +  </tr>
 +<? //change password, view secret questions and delete account section ?>
 +  <tr>
 +    <td class="DataTD"><?=_("Change Password")?>:</td>
 +    <td class="DataTD"><a href="account.php?id=44&amp;userid=<?=$row['id']?>"><?=_("Change Password")?></a></td>
 +  </tr>
 +  <tr>
 +    <td class="DataTD"><?=_("Delete Account")?>:</td>
 +    <td class="DataTD"><a href="account.php?id=50&amp;userid=<?=$row['id']?>&amp;csrf=<?=make_csrf('admdelaccount')?>"><?=_("Delete Account")?></a></td>
 +  </tr>
- <?
      <?
 -      // This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!!
 +  // This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!!
-   if(array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes") {
- ?>
+       if(array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==true) {
+               write_se_log($uid, $adminid, 'AD view lost password information', $ticketno);
+               ?>
 -              <tr>
 -                      <td class="DataTD"><?=_("Lost Password")?> - Q1:</td>
 -                      <td class="DataTD"><?=sanitizeHTML($row['Q1'])?></td>
 -              </tr>
 -              <tr>
 -                      <td class="DataTD"><?=_("Lost Password")?> - A1:</td>
 -                      <td class="DataTD"><?=sanitizeHTML($row['A1'])?></td>
 -              </tr>
 -              <tr>
 -                      <td class="DataTD"><?=_("Lost Password")?> - Q2:</td>
 -                      <td class="DataTD"><?=sanitizeHTML($row['Q2'])?></td>
 -              </tr>
 -              <tr>
 -                      <td class="DataTD"><?=_("Lost Password")?> - A2:</td>
 -                      <td class="DataTD"><?=sanitizeHTML($row['A2'])?></td>
 -              </tr>
 -              <tr>
 -                      <td class="DataTD"><?=_("Lost Password")?> - Q3:</td>
 -                      <td class="DataTD"><?=sanitizeHTML($row['Q3'])?></td>
 -              </tr>
 -              <tr>
 -                      <td class="DataTD"><?=_("Lost Password")?> - A3:</td>
 -                      <td class="DataTD"><?=sanitizeHTML($row['A3'])?></td>
 -              </tr>
 -              <tr>
 -                      <td class="DataTD"><?=_("Lost Password")?> - Q4:</td>
 -                      <td class="DataTD"><?=sanitizeHTML($row['Q4'])?></td>
 -              </tr>
 -              <tr>
 -                      <td class="DataTD"><?=_("Lost Password")?> - A4:</td>
 -                      <td class="DataTD"><?=sanitizeHTML($row['A4'])?></td>
 -              </tr>
 -              <tr>
 -                      <td class="DataTD"><?=_("Lost Password")?> - Q5:</td>
 -                      <td class="DataTD"><?=sanitizeHTML($row['Q5'])?></td>
 -              </tr>
 -              <tr>
 -                      <td class="DataTD"><?=_("Lost Password")?> - A5:</td>
 -                      <td class="DataTD"><?=sanitizeHTML($row['A5'])?></td>
 -              </tr>
 +  <tr>
 +    <td class="DataTD"><?=_("Lost Password")?> - Q1:</td>
 +    <td class="DataTD"><?=sanitizeHTML($row['Q1'])?></td>
 +  </tr>
 +  <tr>
 +    <td class="DataTD"><?=_("Lost Password")?> - A1:</td>
 +    <td class="DataTD"><?=sanitizeHTML($row['A1'])?></td>
 +  </tr>
 +  <tr>
 +    <td class="DataTD"><?=_("Lost Password")?> - Q2:</td>
 +    <td class="DataTD"><?=sanitizeHTML($row['Q2'])?></td>
 +  </tr>
 +  <tr>
 +    <td class="DataTD"><?=_("Lost Password")?> - A2:</td>
 +    <td class="DataTD"><?=sanitizeHTML($row['A2'])?></td>
 +  </tr>
 +  <tr>
 +    <td class="DataTD"><?=_("Lost Password")?> - Q3:</td>
 +    <td class="DataTD"><?=sanitizeHTML($row['Q3'])?></td>
 +  </tr>
 +  <tr>
 +    <td class="DataTD"><?=_("Lost Password")?> - A3:</td>
 +    <td class="DataTD"><?=sanitizeHTML($row['A3'])?></td>
 +  </tr>
 +  <tr>
 +    <td class="DataTD"><?=_("Lost Password")?> - Q4:</td>
 +    <td class="DataTD"><?=sanitizeHTML($row['Q4'])?></td>
 +  </tr>
 +  <tr>
 +    <td class="DataTD"><?=_("Lost Password")?> - A4:</td>
 +    <td class="DataTD"><?=sanitizeHTML($row['A4'])?></td>
 +  </tr>
 +  <tr>
 +    <td class="DataTD"><?=_("Lost Password")?> - Q5:</td>
 +    <td class="DataTD"><?=sanitizeHTML($row['Q5'])?></td>
 +  </tr>
 +  <tr>
 +    <td class="DataTD"><?=_("Lost Password")?> - A5:</td>
 +    <td class="DataTD"><?=sanitizeHTML($row['A5'])?></td>
 +  </tr>
- <? } else { ?>
+       <? } elseif (array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==false) {
+               ?>
 -              <tr>
 +  <tr>
+                       <td class="DataTD" colspan="2"><?=_('No access granted. Ticket number is missing')?></td>
+               </tr>
+               <tr>
 -                      <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;showlostpw=yes"><?=_("Show Lost Password Details")?></a></td>
 -              </tr>
 -      <?}else { ?>
 -              <tr>
 +    <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;showlostpw=yes"><?=_("Show Lost Password Details")?></a></td>
 +  </tr>
 +<? }
 +// list assurance points
 +?>
 +  <tr>
+                       <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;showlostpw=yes"><?=_("Show Lost Password Details")?></a></td>
+               </tr>
+       <? } ?>
+       <tr>
 -              <td class="DataTD"><?=_("Assurance Points")?>:</td>
 -              <td class="DataTD"><?=intval($drow['points'])?></td>
 -      </tr>
 +    <td class="DataTD"><?=_("Assurance Points")?>:</td>
 +    <td class="DataTD"><?=intval($drow['points'])?></td>
 +  </tr>
 +<? // show account history ?>
 +  <tr>
 +    <td class="DataTD" colspan="2"><a href="account.php?id=59&amp;userid=<?=intval($row['id'])?>"><?=_('Show account history')?></a></td>
 +  </tr>
  </table>
 -<br><?
 -      $query = "select * from `email` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`=''
 -              and `email`!='".mysql_escape_string($row['email'])."'";
 -              $dres = mysql_query($query);
 -      if(mysql_num_rows($dres) > 0) { ?>
 +<br/><?
 +//ticket number to track SE log ?>
 +<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
 +  <tr>
 +    <td td colspan="5" class="title"><?=_("Ticket/Arbitration No, needs to be entered to apply any changes")?></td>
 +  </tr>
 +  <tr>
 +    <td class="DataTD"><?=_('Ticket/Arbitration No')?></td>
 +    <td class="DataTD"><input name="ticketno" /></td>
 +  </tr>
 +</table>
 +<br/>
 +<?
 +//list secondary email addresses
 +// comment to be deleted before release
 +//  $query = "select * from `email` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`=''
 +//      and `email`!='".mysql_escape_string($row['email'])."'";
 +//  $dres = mysql_query($query);
 +  $dres = get_email_address(intval($row['id']),mysql_real_escape_string($row['email']));
 +  if(mysql_num_rows($dres) > 0) { ?>
- <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
              <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
 -                      <tr>
 -                              <td colspan="5" class="title"><?=_("Alternate Verified Email Addresses")?></td>
 -                      </tr><?
 -                      $rc = mysql_num_rows($dres);
 -                      while($drow = mysql_fetch_assoc($dres))
 -                      { ?>
 -                              <tr>
 -                                      <td class="DataTD"><?=_("Secondary Emails")?>:</td>
 -                                      <td class="DataTD"><?=sanitizeHTML($drow['email'])?></td>
 -                              </tr>
 +  <tr>
 +    <td colspan="5" class="title"><?=_("Alternate Verified Email Addresses")?></td>
 +  </tr><?
 +  $rc = mysql_num_rows($dres);
 +  while($drow = mysql_fetch_assoc($dres))
 +  { ?>
 +  <tr>
 +    <td class="DataTD"><?=_("Secondary Emails")?>:</td>
 +    <td class="DataTD"><?=sanitizeHTML($drow['email'])?></td>
 +  </tr>
- <? } ?>
- </table>
- <br><? } ?>
- <?
+                       <? } ?>
+               </table>
+       <br>
+       <? } ?>
+       <?
 -      $query = "select * from `domains` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`=''";
 -      $dres = mysql_query($query);
 -      if(mysql_num_rows($dres) > 0) { ?>
 +// comment to be deleted before release
 +//    $query = "select * from `domains` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`=''";
 +//  $dres = mysql_query($query);
 +  $dres=get_domains(intval($row['id']));
 +  if(mysql_num_rows($dres) > 0) { ?>
- <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
              <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
 -                      <tr>
 -                              <td colspan="5" class="title"><?=_("Verified Domains")?></td>
 -                      </tr><?
 -                      $rc = mysql_num_rows($dres);
 -                      while($drow = mysql_fetch_assoc($dres))
 -                      { ?>
 -                              <tr>
 -                                      <td class="DataTD"><?=_("Domain")?>:</td>
 -                                      <td class="DataTD"><?=sanitizeHTML($drow['domain'])?></td>
 -                              </tr>
 +  <tr>
 +<? // list of domains ?>
 +    <td colspan="5" class="title"><?=_("Verified Domains")?></td>
 +  </tr><?
 +  $rc = mysql_num_rows($dres);
 +  while($drow = mysql_fetch_assoc($dres))
 +  { ?>
 +  <tr>
 +    <td class="DataTD"><?=_("Domain")?>:</td>
 +    <td class="DataTD"><?=sanitizeHTML($drow['domain'])?></td>
 +  </tr>
- <? } ?>
- </table>
- <br>
- <? } ?>
                      <? } ?>
              </table>
      <br>
      <? } ?>
  <? //  Begin - Debug infos ?>
- <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
      <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
 -              <tr>
 -                      <td colspan="2" class="title"><?=_("Account State")?></td>
 -              </tr>
 +  <tr>
 +    <td colspan="2" class="title"><?=_("Account State")?></td>
 +  </tr>
  
  <?
    // ---  bug-975 begin ---
  
     */
  
 -              $inconsistency = 0;
 -              $inconsistencydisp = "";
 -              $inccause = "";
 -              // current userid  intval($row['id'])
 -              $query = "select `email` as `uemail`, `deleted` as `udeleted`, `verified`, `locked`
 -                      from `users` where `id`='".intval($row['id'])."' ";
 -              $dres = mysql_query($query);
 -              $drow = mysql_fetch_assoc($dres);
 -              $uemail    = $drow['uemail'];
 -              $udeleted  = $drow['udeleted'];
 -              $uverified = $drow['verified'];
 -              $ulocked   = $drow['locked'];
 -
 -              $query = "select `hash`, `email` as `eemail` from `email`
 -                      where `memid`='".intval($row['id'])."' and
 -                      `email` ='".$uemail."' and
 -                      `deleted` = 0";
 -              $dres = mysql_query($query);
 -              if ($drow = mysql_fetch_assoc($dres)) {
 -                      $drow['edeleted'] = 0;
 -              } else {
 -              // try if there are deleted entries
 -                      $query = "select `hash`, `deleted` as `edeleted`, `email` as `eemail` from `email`
 -                              where `memid`='".intval($row['id'])."' and
 -                              `email` ='".$uemail."'";
 -                      $dres = mysql_query($query);
 -                      $drow = mysql_fetch_assoc($dres);
 -              }
 -
 -              if ($drow) {
 -                      $eemail    = $drow['eemail'];
 -                      $edeleted  = $drow['edeleted'];
 -                      $ehash     = $drow['hash'];
 -                      if ($udeleted!=0) {
 -                              $inconsistency += 1;
 -                              $inccause .= (empty($inccause)?"":"<br>")._("Users record set to deleted");
 -                      }
 -                      if ($uverified!=1) {
 -                              $inconsistency += 2;
 -                              $inccause .= (empty($inccause)?"":"<br>")._("Users record verified not set");
 -                      }
 -                      if ($ulocked!=0) {
 -                              $inconsistency += 4;
 -                              $inccause .= (empty($inccause)?"":"<br>")._("Users record locked set");
 -                      }
 -                      if ($edeleted!=0) {
 -                              $inconsistency += 8;
 -                              $inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted");
 -                      }
 -                      if ($ehash!='') {
 -                              $inconsistency += 16;
 -                              $inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset");
 -                      }
 -              } else {
 -                      $inconsistency = 32;
 -                      $inccause = _("Prim. email, Email record doesn't exist");
 -              }
 -              if ($inconsistency>0) {
 -              // $inconsistencydisp = _("Yes");
 +  $inconsistency = 0;
 +  $inconsistencydisp = "";
 +  $inccause = "";
 +   // current userid  intval($row['id'])
 +  $query = "select `email` as `uemail`, `deleted` as `udeleted`, `verified`, `locked`
 +      from `users` where `id`='".intval($row['id'])."' ";
 +  $dres = mysql_query($query);
 +  $drow = mysql_fetch_assoc($dres);
 +  $uemail    = $drow['uemail'];
 +  $udeleted  = $drow['udeleted'];
 +  $uverified = $drow['verified'];
 +  $ulocked   = $drow['locked'];
 +
 +  $query = "select `hash`, `email` as `eemail` from `email`
 +      where `memid`='".intval($row['id'])."' and
 +      `email` ='".$uemail."' and
 +      `deleted` = 0";
 +  $dres = mysql_query($query);
 +  if ($drow = mysql_fetch_assoc($dres)) {
 +    $drow['edeleted'] = 0;
 +  } else {
 +      // try if there are deleted entries
 +    $query = "select `hash`, `deleted` as `edeleted`, `email` as `eemail` from `email`
 +        where `memid`='".intval($row['id'])."' and
 +        `email` ='".$uemail."'";
 +    $dres = mysql_query($query);
 +    $drow = mysql_fetch_assoc($dres);
 +  }
 +
 +  if ($drow) {
 +    $eemail    = $drow['eemail'];
 +    $edeleted  = $drow['edeleted'];
 +    $ehash     = $drow['hash'];
 +    if ($udeleted!=0) {
 +      $inconsistency += 1;
 +      $inccause .= (empty($inccause)?"":"<br>")._("Users record set to deleted");
 +    }
 +    if ($uverified!=1) {
 +      $inconsistency += 2;
 +      $inccause .= (empty($inccause)?"":"<br>")._("Users record verified not set");
 +    }
 +    if ($ulocked!=0) {
 +      $inconsistency += 4;
 +      $inccause .= (empty($inccause)?"":"<br>")._("Users record locked set");
 +    }
 +    if ($edeleted!=0) {
 +      $inconsistency += 8;
 +      $inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted");
 +    }
 +    if ($ehash!='') {
 +      $inconsistency += 16;
 +      $inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset");
 +    }
 +  } else {
 +    $inconsistency = 32;
 +    $inccause = _("Prim. email, Email record doesn't exist");
 +  }
 +  if ($inconsistency>0) {
 +     // $inconsistencydisp = _("Yes");
- ?>
              ?>
 -              <tr>
 -                      <td class="DataTD"><?=_("Account inconsistency")?>:</td>
 -                      <td class="DataTD"><?=$inccause?><br>code: <?=$inconsistency?></td>
 -              </tr>
 -              <tr>
 -                      <td colspan="2" class="DataTD" style="max-width: 75ex">
 +  <tr>
 +    <td class="DataTD"><?=_("Account inconsistency")?>:</td>
 +    <td class="DataTD"><?=$inccause?><br>code: <?=$inconsistency?></td>
 +  </tr>
 +  <tr>
 +    <td colspan="2" class="DataTD" style="max-width: 75ex">
      <?=_("Account inconsistency can cause problems in daily account ".
+ <?=_("Account inconsistency can cause problems in daily account ".
        "operations and needs to be fixed manually through arbitration/critical ".
        "team.")?>
 -                      </td>
 -              </tr>
 -      <? }
 +     </td>
 +  </tr>
 +<? }
  
    // ---  bug-975 end ---
- ?>
      ?>
  </table>
  <br>
  <?