Merge remote-tracking branch 'origin/bug-975' into release
authorMichael Tänzer <neo@nhng.de>
Tue, 11 Oct 2011 21:31:35 +0000 (23:31 +0200)
committerMichael Tänzer <neo@nhng.de>
Tue, 11 Oct 2011 21:31:35 +0000 (23:31 +0200)
1  2 
pages/account/43.php

index 3212667,5bd86bf..f058770
mode 100644,100755..100755
@@@ -320,26 -329,168 +332,178 @@@ include_once($_SESSION['_config']['file
  </table>
  <br>
  <? } ?>
+ <? //  Begin - Debug infos ?>
+ <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
+   <tr>
+     <td colspan="2" class="title"><?=_("Account State")?></td>
+   </tr>
+ <?  
+   // ---  bug-975 begin ---
+   //  potential db inconsistency like in a20110804.1
+   //    Admin console -> don't list user account
+   //    User login -> impossible
+   //    Assurer, assure someone -> user displayed
+   /*  regular user account search with regular settings
+     --- Admin Console find user query
+     $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email`
+         where `users`.`id`=`email`.`memid` and
+         (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and
+         `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0
+         group by `users`.`id` limit 100";
+      => requirements
+        1.  email.hash = ''
+        2.  email.deleted = 0
+        3.  users.deleted = 0
+        4.  email.email = primary-email       (???) or'd
+       not covered by admin console find user routine, but may block users login
+        5.  users.verified = 0|1
+       further "special settings"   
+        6.  users.locked  (setting displayed in display form)
+        7.  users.assurer_blocked   (setting displayed in display form)
+     --- User login user query
+     select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
+                                               `password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0
+               => requirements
+        1. users.verified = 1
+        2. users.deleted = 0
+        3. users.locked = 0
+        4. users.email = primary-email                                 
+     --- Assurer, assure someone find user query
+     select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."'
+            and `deleted`=0
+               => requirements
+        1. users.deleted = 0
+        2. users.email = primary-email
+                                      Admin      User        Assurer
+       bit                            Console    Login       assure someone
+        1.  email.hash = ''            Yes        No           No
+        2.  email.deleted = 0          Yes        No           No
+        3.  users.deleted = 0          Yes        Yes          Yes
+        4.  users.verified = 1         No         Yes          No       
+        5.  users.locked = 0           No         Yes          No
+        6.  users.email = prim-email   No         Yes          Yes
+        7.  email.email = prim-email   Yes        No           No
+                  
+     full usable account needs all 7 requirements fulfilled
+     so if one setting isn't set/cleared there is an inconsistency either way
+     if eg email.email is not avail, admin console cannot open user info
+     but user can login and assurer can display user info
+     if user verified is not set to 1, admin console displays user record
+     but user cannot login, but assurer can search for the user and the data displays
+     consistency check:
+     1. search primary-email in users.email
+     2. search primary-email in email.email
+     3. userid = email.memid
+     4. check settings from table 1. - 5.
+    */
+   $inconsistency = 0;
+   $inconsistencydisp = "";
+   $inccause = "";
+    // current userid  intval($row['id'])
+   $query = "select `email` as `uemail`, `deleted` as `udeleted`, `verified`, `locked`
+       from `users` where `id`='".intval($row['id'])."' ";
+   $dres = mysql_query($query);
+   $drow = mysql_fetch_assoc($dres);
+   $uemail    = $drow['uemail'];
+   $udeleted  = $drow['udeleted'];
+   $uverified = $drow['verified'];
+   $ulocked   = $drow['locked'];
+   $query = "select `hash`, `email` as `eemail` from `email`
+       where `memid`='".intval($row['id'])."' and
+       `email` ='".$uemail."' and
+       `deleted` = 0";
+   $dres = mysql_query($query);
+   if ($drow = mysql_fetch_assoc($dres)) {
+     $drow['edeleted'] = 0;
+   } else {
+       // try if there are deleted entries
+     $query = "select `hash`, `deleted` as `edeleted`, `email` as `eemail` from `email`
+         where `memid`='".intval($row['id'])."' and
+         `email` ='".$uemail."'";
+     $dres = mysql_query($query);
+     $drow = mysql_fetch_assoc($dres);
+   }
+   
+   if ($drow) {
+     $eemail    = $drow['eemail'];
+     $edeleted  = $drow['edeleted'];
+     $ehash     = $drow['hash'];
+     if ($udeleted!=0) {
+       $inconsistency += 1;
+       $inccause .= (empty($inccause)?"":"<br>")._("Users record set to deleted");
+     }
+     if ($uverified!=1) {
+       $inconsistency += 2;
+       $inccause .= (empty($inccause)?"":"<br>")._("Users record verified not set");
+     }
+     if ($ulocked!=0) {
+       $inconsistency += 4;
+       $inccause .= (empty($inccause)?"":"<br>")._("Users record locked set");
+     }
+     if ($edeleted!=0) {
+       $inconsistency += 8;
+       $inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted");    
+     }
+     if ($ehash!='') {
+       $inconsistency += 16;
+       $inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset");        
+     }
+   } else {
+     $inconsistency = 32;
+     $inccause = _("Prim. email, Email record doesn't exist");
+   }
+   if ($inconsistency>0) {
+      // $inconsistencydisp = _("Yes");
+ ?>
+   <tr>
+     <td class="DataTD"><?=_("Account inconsistency")?>:</td>
+     <td class="DataTD"><?=$inccause?><br>code: <?=$inconsistency?></td>
+   </tr>
+   <tr>
+     <td colspan="2" class="DataTD" style="max-width: 75ex">
+       <?=_("Account inconsistency can cause problems in daily account ".
+       "operations and needs to be fixed manually through arbitration/critical ".
+       "team.")?>
+      </td>
+   </tr>  
+ <? }
+   // ---  bug-975 end ---
+ ?>
+ </table>
+ <br>
+ <?    
+  //  End - Debug infos
+ ?>
  
 +<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredto"><?=_("Show Assurances the user got")?></a>
 + (<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredto15"><?=_("New calculation")?></a>)
 +<br />
 +<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredby"><?=_("Show Assurances the user gave")?></a>
 + (<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredby15"><?=_("New calculation")?></a>)
 +<br />
 +
  <?
 -  if(array_key_exists('assuredto',$_GET) && $_GET['assuredto'] == "yes") {
 -?>
 +//  if(array_key_exists('assuredto',$_GET) && $_GET['assuredto'] == "yes") {
  
 +function showassuredto()
 +{
 +?>
  <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
    <tr>
 -    <td colspan="7" class="title"><?=_("Assurance Points")?></td>
 +    <td colspan="8" class="title"><?=_("Assurance Points")?></td>
    </tr>
    <tr>
 +    <td class="DataTD"><b><?=_("ID")?></b></td>
      <td class="DataTD"><b><?=_("Date")?></b></td>
      <td class="DataTD"><b><?=_("Who")?></b></td>
      <td class="DataTD"><b><?=_("Email")?></b></td>