bug 1173: added check for disputes on locked accounts
authorINOPIAE <inopiae@cacert.org>
Sun, 5 May 2013 10:37:18 +0000 (12:37 +0200)
committerINOPIAE <inopiae@cacert.org>
Sun, 5 May 2013 10:37:18 +0000 (12:37 +0200)
www/disputes.php

index 5b78c1e..96f117e 100644 (file)
                        exit;
                }
 
+               //check if email belongs to locked account
+               $res = mysql_query("select 1 from `email`, `users` where `email`.`email`='$email' and `email`.`memid`=`users`.`id` and (`users`.`assurer_blocked`=1 or `users`.`locked`=1)");
+               if(mysql_num_rows($res) > 0)
+               {
+                       showheader(_("Email Dispute"));
+                       printf(_("Sorry, the email address '%s' cannot be disputed for administrative reasons. To solve this problem please get in contact with %s."), sanitizeHTML($email),"<a href='mailto:support@cacert.org'>support@cacert.org</a>");
+
+                       $body = "Someone has just attempted to dispute this email '".$email."', which belongs to a locked account:\n".
+                               "Username(ID): ".$_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']."(".$_SESSION['profile']['id'].")\n".
+                               "email: ".$_SESSION['profile']['email']."\n".
+                               "IP/Hostname: ".$_SERVER['REMOTE_ADDR'].(array_key_exists('REMOTE_HOST',$_SERVER)?"/".$_SERVER['REMOTE_HOST']:"")."\n".
+                       sendmail("support@cacert.org", "[CAcert.org] failed dispute on locked account", $body, $_SESSION['profile']['email'], "", "", $_SESSION['profile']['fname']);
+
+                       showfooter();
+                       exit;
+               }
+
                $res = mysql_query("select * from `disputeemail` where `email`='$email' and hash!=''");
                if(mysql_num_rows($res) > 0)
                {
                        echo _("You aren't allowed to dispute your own email addresses. Can't continue.");
                        showfooter();
                        exit;
-               }       
+               }
 
                $res = mysql_query("select * from `users` where `id`='$oldmemid'");
                $user = mysql_fetch_assoc($res);
                        exit;
                }
 
+               //check if domain belongs to locked account
+               $res = mysql_query("select 1 from `domains`, `users` where `domains`.`domain`='$domain' and `domains`.`memid`=`users`.`id` and (`users`.`assurer_blocked`=1 or `users`.`locked`=1)");
+               if(mysql_num_rows($res) > 0)
+               {
+                       showheader(_("Domain Dispute"));
+                       printf(_("Sorry, the domain '%s' cannot be disputed for administrative reasons. To solve this problem please get in contact with %s."), sanitizeHTML($domain),"<a href='mailto:support@cacert.org'>support@cacert.org</a>");
+
+                       $body = "Someone has just attempted to dispute this domain '".$domain."', which belongs to a locked account:\n".
+                               "Username(ID): ".$_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']."(".$_SESSION['profile']['id'].")\n".
+                               "email: ".$_SESSION['profile']['email']."\n".
+                               "IP/Hostname: ".$_SERVER['REMOTE_ADDR'].(array_key_exists('REMOTE_HOST',$_SERVER)?"/".$_SERVER['REMOTE_HOST']:"")."\n".
+                       sendmail("support@cacert.org", "[CAcert.org] failed dispute on locked account", $body, $_SESSION['profile']['email'], "", "", $_SESSION['profile']['fname']);
+
+                       showfooter();
+                       exit;
+               }
+
                $query = "select * from `disputedomain` where `domain`='$domain' and hash!=''";
                $res = mysql_query($query);
                if(mysql_num_rows($res) > 0)
                        echo _("You aren't allowed to dispute your own domains. Can't continue.");
                        showfooter();
                        exit;
-               }       
+               }
 
                $domainid = $row['id'];
                $_SESSION['_config']['domainid'] = $domainid;