bug 663: changed that secret q&a only be visible if requested
authorINOPIAE <inopiae@cacert.org>
Tue, 9 Jul 2013 20:27:21 +0000 (22:27 +0200)
committerINOPIAE <inopiae@cacert.org>
Tue, 9 Jul 2013 20:27:21 +0000 (22:27 +0200)
pages/account/13.php

index c2b7cc5..6ba1ff9 100644 (file)
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */ ?>
 <?
-        $query = "select * from `users` where `id`='".intval($_SESSION['profile']['id'])."' and `users`.`deleted`=0";
-        $res = mysql_query($query);
-        $user = mysql_fetch_assoc($res);
+  $query = "select * from `users` where `id`='".intval($_SESSION['profile']['id'])."' and `users`.`deleted`=0";
+  $res = mysql_query($query);
+  $user = mysql_fetch_assoc($res);
 
-       $year = intval(substr($user['dob'], 0, 4));
-       $month = intval(substr($user['dob'], 5, 2));
-       $day = intval(substr($user['dob'], 8, 2));
+  $year = intval(substr($user['dob'], 0, 4));
+  $month = intval(substr($user['dob'], 5, 2));
+  $day = intval(substr($user['dob'], 8, 2));
+  $showdetails=0; if(array_key_exists('showdetails',$_REQUEST)) $showdetails=intval($_REQUEST['showdetails']);
+  if($showdetails == 1){
+    $body  = sprintf(_("Hi %s,"),$user['fname'])."\n\n";
+    $body .= _("You receive this automatic mail since you yourself or someone ".
+      "else looked up your secret questions and answers for a forgotten ".
+      "password.\n\n".
+      "If it was you who looked up or changed that data, or clicked ".
+      "through the menu in your account, everything is in best order ".
+      "and you can ignore this mail.\n\n".
+      "But if you received this mail without a recognisable reason, ".
+      "there is a danger that an unauthorised person accessed your ".
+      "account, and you should promptly change your password and your ".
+      "secret questions and answers.")."\n\n";
 
-       $body  = sprintf(_("Hi %s,"),$user['fname'])."\n\n";
-       $body .= _("You receive this automatic mail since you yourself or someone ".
-                       "else looked up your secret questions and answers for a forgotten ".
-                       "password.\n\n".
-                       "If it was you who looked up or changed that data, or clicked ".
-                       "through the menu in your account, everything is in best order ".
-                       "and you can ignore this mail.\n\n".
-                       "But if you received this mail without a recognisable reason, ".
-                       "there is a danger that an unauthorised person accessed your ".
-                       "account, and you should promptly change your password and your ".
-                       "secret questions and answers.")."\n\n";
+    $body .= _("Best regards")."\n"._("CAcert Support");
 
-       $body .= _("Best regards")."\n"._("CAcert Support");
-
-       sendmail($user['email'], "[CAcert.org] "._("Email Notification"), $body, "support@cacert.org", "", "", "CAcert Support");
+    sendmail($user['email'], "[CAcert.org] "._("Email Notification"), $body, "support@cacert.org", "", "", "CAcert Support");
+  }
 ?>
+
 <form method="post" action="account.php">
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400">
   <tr>
            (<?=_("dd/mm/yyyy")?>)</td>
     <td class="DataTD"><nobr><select name="day">
 <?
-       for($i = 1; $i <= 31; $i++)
-       {
-               echo "<option";
-               if($day == $i)
-                       echo " selected='selected'";
-               echo ">$i</option>";
-       }
+  for($i = 1; $i <= 31; $i++)
+  {
+    echo "<option";
+    if($day == $i)
+      echo " selected='selected'";
+    echo ">$i</option>";
+  }
 ?>
     </select>
     <select name="month">
 <?
-       for($i = 1; $i <= 12; $i++)
-       {
-               echo "<option value='$i'";
-               if($month == $i)
-                       echo " selected='selected'";
-               echo ">".ucwords(recode("utf-8..html", strftime("%B", mktime(0,0,0,$i,1,date("Y")))))."</option>";
-       }
+  for($i = 1; $i <= 12; $i++)
+  {
+    echo "<option value='$i'";
+    if($month == $i)
+      echo " selected='selected'";
+      echo ">".ucwords(recode("utf-8..html", strftime("%B", mktime(0,0,0,$i,1,date("Y")))))."</option>";
+  }
 ?>
     </select>
     <input type="text" name="year" value="<?=$year?>" size="4"></nobr>
   </tr>
 <? } ?>
   <tr>
+    <td colspan="2" class="title"><a href="account.php?id=13&amp;showdetails=<?=!$showdetails?>"><?=_("View secret question and answers and OTP phrases")?></a></td>
+  </tr>
+  <? if($showdetails == 1){ ?>
+  <tr>
    <td class="DataTD"><?=_("OTP Hash")?><br>
-           (<?=_("Not displayed")?>)</td>
+    (<?=_("Not displayed")?>)</td>
    <td class="DataTD"><input type="text" name="otphash"></td>
   </tr>
   <tr>
    <td class="DataTD"><?=_("OTP PIN")?><br>
-           (<?=_("Not displayed")?>)</td>
+    (<?=_("Not displayed")?>)</td>
    <td class="DataTD"><input type="text" name="otppin"></td>
   </tr>
   <tr>
     <td class="DataTD"><input type="text" name="A5" value="<?=sanitizeHTML($user['A5'])?>"></td>
   </tr>
   <tr>
+  < ?} ?>
     <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td>
   </tr>
 </table>