bug 1226: added dob to form assure someone wot/5.php, implemented check for dob match...
authorINOPIAE <inopiae@cacert.org>
Sun, 26 Jan 2014 14:25:08 +0000 (15:25 +0100)
committerINOPIAE <inopiae@cacert.org>
Sun, 26 Jan 2014 14:25:08 +0000 (15:25 +0100)
pages/wot/5.php
pages/wot/6.php
www/wot.php

index c1a6438..a9c3dcb 100644 (file)
        include_once("../includes/shutdown.php");
        require_once("../includes/lib/l10n.php");
 ?>
-<? 
-  if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") 
+<?
+  if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "")
   {
     ?><font color="orange" size="+1">
       <? echo _("ERROR").": ".$_SESSION['_config']['error'] ?>
     </font>
     <?unset($_SESSION['_config']['error']);
-  } 
+  }
+
+  if (!isset($_SESSION['assuresomeone']['year'])) {
+      $_SESSION['assuresomeone']['year'] = '';
+  }
+  if (!isset($_SESSION['assuresomeone']['month'])) {
+      $_SESSION['assuresomeone']['month'] = '';
+  }
+  if (!isset($_SESSION['assuresomeone']['day'])) {
+      $_SESSION['assuresomeone']['day'] = '';
+  }
 ?>
 <? if(array_key_exists('noemailfound',$_SESSION['_config']) && $_SESSION['_config']['noemailfound'] == 1) { ?>
 <form method="post" action="wot.php">
     <td class="DataTD"><input type="text" name="email" id="email" value="<?=array_key_exists('email',$_POST)?sanitizeHTML($_POST['email']):""?>"></td>
 <? } ?>
   </tr>
+    <tr>
+    <td class="DataTD">
+        <?=_("Date of Birth")?><br/>
+        (<?=_("yyyy/mm/dd")?>)</td>
+    <td class="DataTD">
+        <input type="text" name="year" value="<?=array_key_exists('year',$_SESSION['assuresomeone']) ? sanitizeHTML($_SESSION['assuresomeone']['year']):""?>" size="4" autocomplete="off"></nobr>
+        <select name="month">
+<?
+for($i = 1; $i <= 12; $i++)
+{
+    echo "<option value='$i'";
+    if(array_key_exists('month',$_SESSION['assuresomeone']) && $_SESSION['assuresomeone']['month'] == $i)
+        echo " selected=\"selected\"";
+    echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))." ($i)</option>\n";
+}
+?>
+        </select>
+        <select name="day">
+<?
+for($i = 1; $i <= 31; $i++)
+{
+    echo "<option";
+    if(array_key_exists('day',$_SESSION['assuresomeone']) && $_SESSION['assuresomeone']['day'] == $i)
+        echo " selected=\"selected\"";
+    echo ">$i</option>";
+}
+?>
+        </select>
+    </td>
+  </tr>
+
   <tr>
     <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
   </tr>
index a565aa7..6934d0f 100644 (file)
@@ -24,6 +24,9 @@
        }
 
        $row = $_SESSION['_config']['notarise'];
+       $_SESSION['assuresomeone']['year'] = '';
+       $_SESSION['assuresomeone']['month'] = '';
+       $_SESSION['assuresomeone']['day'] = '';
 
        if($_SESSION['profile']['ttpadmin'] == 1)
 //             $methods = array("Face to Face Meeting", "Trusted 3rd Parties", "TopUP");
index 7200517..0ce23b4 100644 (file)
@@ -198,6 +198,17 @@ function send_reminder()
                                show_page("EnterEmail","",_("User is not yet verified. Please try again in 24 hours!"));
                                exit;
                        }
+                       if ($_SESSION['profile']['ttpadmin'] != 1) {
+                               $_SESSION['assuresomeone']['year'] = mysql_real_escape_string(stripslashes($_POST['year']));
+                               $_SESSION['assuresomeone']['month'] = mysql_real_escape_string(stripslashes($_POST['month']));
+                               $_SESSION['assuresomeone']['day'] = mysql_real_escape_string(stripslashes($_POST['day']));
+                               $dob = $_SESSION['assuresomeone']['year'] . '-' . sprintf('%02d',$_SESSION['assuresomeone']['month']) . '-' . sprintf('%02d', $_SESSION['assuresomeone']['day']);
+
+                               if (    $_SESSION['_config']['notarise']['dob'] != $dob) {
+                                       show_page("EnterEmail","",_("The data entered is not matching with an account."));
+                                       exit;
+                               }
+                       }
                }
                $query = "select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' and `locked`=1";
                $res = mysql_query($query);
@@ -236,7 +247,7 @@ function send_reminder()
 
        if($oldid == 6)
        {
-$iecho= "c";
+               $iecho= "c";
                //date checks
                if(trim($_REQUEST['date']) == '')
                {