c889ce343756631d089999ce9a76900c92d80ecb
[cacert.git] / pages / account / 43.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */
18
19 include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
20
21 $ticketno='';
22 $ticketvalidation=FALSE;
23
24 if (isset($_SESSION['ticketno'])) {
25 $ticketno = $_SESSION['ticketno'];
26 $ticketvalidation = valid_ticket_number($ticketno);
27 }
28 if (isset($_SESSION['ticketmsg'])) {
29 $ticketmsg = $_SESSION['ticketmsg'];
30 } else {
31 $ticketmsg = '';
32 }
33
34
35 // search for an account by email search, if more than one is found display list to choose
36 if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
37 {
38 $_REQUEST['userid'] = 0;
39
40 $emailsearch = $email = mysql_real_escape_string(stripslashes($_REQUEST['email']));
41
42 //Disabled to speed up the queries
43 //if(!strstr($email, "%"))
44 // $emailsearch = "%$email%";
45
46 // bug-975 ted+uli changes --- begin
47 if(preg_match("/^[0-9]+$/", $email)) {
48 // $email consists of digits only ==> search for IDs
49 // Be defensive here (outer join) if primary mail is not listed in email table
50 $query = "select `users`.`id` as `id`, `email`.`email` as `email`
51 from `users` left outer join `email` on (`users`.`id`=`email`.`memid`)
52 where (`email`.`id`='$email' or `users`.`id`='$email')
53 and `users`.`deleted`=0
54 group by `users`.`id` limit 100";
55 } else {
56 // $email contains non-digits ==> search for mail addresses
57 // Be defensive here (outer join) if primary mail is not listed in email table
58 $query = "select `users`.`id` as `id`, `email`.`email` as `email`
59 from `users` left outer join `email` on (`users`.`id`=`email`.`memid`)
60 where (`email`.`email` like '$emailsearch'
61 or `users`.`email` like '$emailsearch')
62 and `users`.`deleted`=0
63 group by `users`.`id` limit 100";
64 }
65 // bug-975 ted+uli changes --- end
66 $res = mysql_query($query);
67 if(mysql_num_rows($res) > 1) {
68 ?>
69 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
70 <tr>
71 <td colspan="5" class="title"><?=_("Select Specific Account Details")?></td>
72 </tr>
73 <tr>
74 <td class="DataTD"><?=_("User ID")?></td>
75 <td class="DataTD"><?=_("Email")?></td>
76 </tr>
77 <?
78 while($row = mysql_fetch_assoc($res))
79 {
80 ?>
81 <tr>
82 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>"><?=intval($row['id'])?></a></td>
83 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td>
84 </tr>
85 <?
86 }
87
88 if(mysql_num_rows($res) >= 100) {
89 ?>
90 <tr>
91 <td class="DataTD" colspan="2"><?=_("Only the first 100 rows are displayed.")?></td>
92 </tr>
93 <?
94 } else {
95 ?>
96 <tr>
97 <td class="DataTD" colspan="2"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td>
98 </tr>
99 <?
100 }
101 ?>
102 </table><br><br>
103 <?
104 } elseif(mysql_num_rows($res) == 1) {
105 $row = mysql_fetch_assoc($res);
106 $_REQUEST['userid'] = $row['id'];
107 } else {
108 printf(_("No users found matching %s"), sanitizeHTML($email));
109 }
110 }
111
112 // display user information for given user id
113 if(intval($_REQUEST['userid']) > 0) {
114 $userid = intval($_REQUEST['userid']);
115 $res =get_user_data($userid);
116 if(mysql_num_rows($res) <= 0) {
117 echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!");
118 } else {
119 $row = mysql_fetch_assoc($res);
120 $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."' and `deleted` = 0";
121 $dres = mysql_query($query);
122 $drow = mysql_fetch_assoc($dres);
123 $alerts =get_alerts(intval($row['id']));
124
125 //display account data
126
127 //deletes an assurance
128 if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0 && $ticketvalidation == true)
129 {
130 if (!write_se_log($userid, $_SESSION['profile']['id'], 'SE assurance revoke', $ticketno)) {
131 $ticketmsg=_("Writing to the admin log failed. Can't continue.");
132 } else {
133 $assurance = intval($_REQUEST['assurance']);
134 $trow = 0;
135 $res = mysql_query("select `to` from `notary` where `id`='".intval($assurance)."' and `deleted` = 0");
136 if ($res) {
137 $trow = mysql_fetch_assoc($res);
138 if ($trow) {
139 mysql_query("update `notary` set `deleted`=NOW() where `id`='".intval($assurance)."'");
140 fix_assurer_flag($trow['to']);
141 }
142 }
143 }
144 } elseif(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0 && $ticketvalidation == FALSE) {
145 $ticketmsg=_('No assurance revoked. Ticket number is missing!');
146 }
147
148 //Ticket number
149 ?>
150
151 <form method="post" action="account.php?id=43&userid=<?=intval($_REQUEST['userid'])?>">
152 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
153 <tr>
154 <td colspan="2" class="title"><?=_('Ticket handling') ?></td>
155 </tr>
156 <tr>
157 <td class="DataTD"><?=_('Ticket no')?>:</td>
158 <td class="DataTD"><input type="text" name="ticketno" value="<?=sanitizeHTML($ticketno)?>"/></td>
159 </tr>
160 <tr>
161 <td colspan="2" class="DataTDError"><?=$ticketmsg?></td><?php $_SESSION['ticketmsg']='' ?>
162 </tr>
163 <tr>
164 <td colspan="2" ><input type="submit" value="<?=_('Set ticket number') ?>"></td>
165 </tr>
166 </table>
167 </form>
168 <br/>
169
170
171 <!-- display data table -->
172 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
173 <tr>
174 <td colspan="5" class="title"><? printf(_("%s's Account Details"), sanitizeHTML($row['email'])); ?></td>
175 </tr>
176 <tr>
177 <td class="DataTD"><?=_("Email")?>:</td>
178 <td class="DataTD"><?=sanitizeHTML($row['email'])?></td>
179 </tr>
180 <tr>
181 <td class="DataTD"><?=_("First Name")?>:</td>
182 <td class="DataTD"><form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to modify this DOB and/or last name?")?>')) return false;">
183 <input type="hidden" name="csrf" value="<?=make_csrf('admchangepers')?>" />
184 <input type="text" name="fname" value="<?=sanitizeHTML($row['fname'])?>">
185 </td>
186 </tr>
187 <tr>
188 <td class="DataTD"><?=_("Middle Name")?>:</td>
189 <td class="DataTD"><input type="text" name="mname" value="<?=sanitizeHTML($row['mname'])?>"></td>
190 </tr>
191 <tr>
192 <td class="DataTD"><?=_("Last Name")?>:</td>
193 <td class="DataTD"> <input type="hidden" name="oldid" value="43">
194 <input type="hidden" name="action" value="updatedob">
195 <input type="hidden" name="userid" value="<?=intval($userid)?>">
196 <input type="text" name="lname" value="<?=sanitizeHTML($row['lname'])?>">
197 </td>
198 </tr>
199 <tr>
200 <td class="DataTD"><?=_("Suffix")?>:</td>
201 <td class="DataTD"><input type="text" name="suffix" value="<?=sanitizeHTML($row['suffix'])?>"></td>
202 </tr>
203 <tr>
204 <td class="DataTD"><?=_("Date of Birth")?>:</td>
205 <td class="DataTD">
206 <?
207 $year = intval(substr($row['dob'], 0, 4));
208 $month = intval(substr($row['dob'], 5, 2));
209 $day = intval(substr($row['dob'], 8, 2));
210 ?>
211 <nobr>
212 <select name="day">
213 <?
214 for($i = 1; $i <= 31; $i++) {
215 echo "<option";
216 if($day == $i) {
217 echo " selected='selected'";
218 }
219 echo ">$i</option>";
220 }
221 ?>
222 </select>
223 <select name="month">
224 <?
225 for($i = 1; $i <= 12; $i++) {
226 echo "<option value='$i'";
227 if($month == $i)
228 echo " selected='selected'";
229 echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))."</option>";
230 }
231 ?>
232 </select>
233 <input type="text" name="year" value="<?=$year?>" size="4">
234 <input type="submit" value="Go">
235 <input type="hidden" name="ticketno" value="<?=sanitizeHTML($ticketno)?>"/>
236 </form>
237 </nobr>
238 </td>
239 </tr>
240
241 <? // list of flags ?>
242 <tr>
243 <td class="DataTD"><?=_("CCA accepted")?>:</td>
244 <td class="DataTD"><a href="account.php?id=57&amp;userid=<?=intval($row['id'])?>"><?=intval(get_user_agreement_status($row['id'], 'CCA')) ? _("Yes") : _("No") ?></a></td>
245 </tr>
246 <tr>
247 <td class="DataTD"><?=_("Trainings")?>:</td>
248 <td class="DataTD"><a href="account.php?id=55&amp;userid=<?=intval($row['id'])?>">show</a></td>
249 </tr>
250 <tr>
251 <td class="DataTD"><?=_("Is Assurer")?>:</td>
252 <td class="DataTD"><a href="account.php?id=43&amp;assurer=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admsetassuret')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['assurer'])?></a></td>
253 </tr>
254 <tr>
255 <td class="DataTD"><?=_("Blocked Assurer")?>:</td>
256 <td class="DataTD"><a href="account.php?id=43&amp;assurer_blocked=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['assurer_blocked'])?></a></td>
257 </tr>
258 <tr>
259 <td class="DataTD"><?=_("Account Locking")?>:</td>
260 <td class="DataTD"><a href="account.php?id=43&amp;locked=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admactlock')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['locked'])?></a></td>
261 </tr>
262 <tr>
263 <td class="DataTD"><?=_("Code Signing")?>:</td>
264 <td class="DataTD"><a href="account.php?id=43&amp;codesign=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admcodesign')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['codesign'])?></a></td>
265 </tr>
266 <tr>
267 <td class="DataTD"><?=_("Org Assurer")?>:</td>
268 <td class="DataTD"><a href="account.php?id=43&amp;orgadmin=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admorgadmin')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['orgadmin'])?></a></td>
269 </tr>
270 <tr>
271 <td class="DataTD"><?=_("TTP Admin")?>:</td>
272 <td class="DataTD"><a href="account.php?id=43&amp;ttpadmin=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admttpadmin')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['ttpadmin'])?></a></td>
273 </tr>
274 <tr>
275 <td class="DataTD"><?=_("Location Admin")?>:</td>
276 <td class="DataTD"><a href="account.php?id=43&amp;locadmin=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=$row['locadmin']?></a></td>
277 </tr>
278 <tr>
279 <td class="DataTD"><?=_("Admin")?>:</td>
280 <td class="DataTD"><a href="account.php?id=43&amp;admin=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admsetadmin')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['admin'])?></a></td>
281 </tr>
282 <tr>
283 <td class="DataTD"><?=_("Ad Admin")?>:</td>
284 <td class="DataTD"><a href="account.php?id=43&amp;adadmin=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['adadmin'])?></a> (0 = none, 1 = submit, 2 = approve)</td>
285 </tr>
286 <!-- presently not needed
287 <tr>
288 <td class="DataTD"><?=_("Tverify Account")?>:</td>
289 <td class="DataTD"><a href="account.php?id=43&amp;tverify=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['tverify'])?></a></td>
290 </tr>
291 -->
292 <tr>
293 <td class="DataTD"><?=_("General Announcements")?>:</td>
294 <td class="DataTD"><a href="account.php?id=43&amp;general=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($alerts['general'])?></a></td>
295 </tr>
296 <tr>
297 <td class="DataTD"><?=_("Country Announcements")?>:</td>
298 <td class="DataTD"><a href="account.php?id=43&amp;country=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($alerts['country'])?></a></td>
299 </tr>
300 <tr>
301 <td class="DataTD"><?=_("Regional Announcements")?>:</td>
302 <td class="DataTD"><a href="account.php?id=43&amp;regional=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($alerts['regional'])?></a></td>
303 </tr>
304 <tr>
305 <td class="DataTD"><?=_("Within 200km Announcements")?>:</td>
306 <td class="DataTD"><a href="account.php?id=43&amp;radius=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($alerts['radius'])?></a></td>
307 </tr>
308 <? //change password, view secret questions and delete account section ?>
309 <tr>
310 <td class="DataTD"><?=_("Change Password")?>:</td>
311 <td class="DataTD"><a href="account.php?id=44&amp;userid=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Change Password")?></a></td>
312 </tr>
313 <tr>
314 <td class="DataTD"><?=_("Delete Account")?>:</td>
315 <td class="DataTD"><a href="account.php?id=50&amp;userid=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admdelaccount')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Delete Account")?></a></td>
316 </tr>
317 <?
318 // This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!!
319 if(array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==true) {
320 if (!write_se_log($userid, $_SESSION['profile']['id'], 'SE view lost password information', $ticketno)) {
321 ?>
322 <tr>
323 <td class="DataTD" colspan="2"><?=_("Writing to the admin log failed. Can't continue.")?></td>
324 </tr>
325 <tr>
326 <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>&amp;showlostpw=yes&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Show Lost Password Details")?></a></td>
327 </tr>
328 <?
329 } else {
330 ?>
331 <tr>
332 <td class="DataTD"><?=_("Lost Password")?> - Q1:</td>
333 <td class="DataTD"><?=sanitizeHTML($row['Q1'])?></td>
334 </tr>
335 <tr>
336 <td class="DataTD"><?=_("Lost Password")?> - A1:</td>
337 <td class="DataTD"><?=sanitizeHTML($row['A1'])?></td>
338 </tr>
339 <tr>
340 <td class="DataTD"><?=_("Lost Password")?> - Q2:</td>
341 <td class="DataTD"><?=sanitizeHTML($row['Q2'])?></td>
342 </tr>
343 <tr>
344 <td class="DataTD"><?=_("Lost Password")?> - A2:</td>
345 <td class="DataTD"><?=sanitizeHTML($row['A2'])?></td>
346 </tr>
347 <tr>
348 <td class="DataTD"><?=_("Lost Password")?> - Q3:</td>
349 <td class="DataTD"><?=sanitizeHTML($row['Q3'])?></td>
350 </tr>
351 <tr>
352 <td class="DataTD"><?=_("Lost Password")?> - A3:</td>
353 <td class="DataTD"><?=sanitizeHTML($row['A3'])?></td>
354 </tr>
355 <tr>
356 <td class="DataTD"><?=_("Lost Password")?> - Q4:</td>
357 <td class="DataTD"><?=sanitizeHTML($row['Q4'])?></td>
358 </tr>
359 <tr>
360 <td class="DataTD"><?=_("Lost Password")?> - A4:</td>
361 <td class="DataTD"><?=sanitizeHTML($row['A4'])?></td>
362 </tr>
363 <tr>
364 <td class="DataTD"><?=_("Lost Password")?> - Q5:</td>
365 <td class="DataTD"><?=sanitizeHTML($row['Q5'])?></td>
366 </tr>
367 <tr>
368 <td class="DataTD"><?=_("Lost Password")?> - A5:</td>
369 <td class="DataTD"><?=sanitizeHTML($row['A5'])?></td>
370 </tr>
371 <?
372 }
373 } elseif (array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==false) {
374 ?>
375 <tr>
376 <td class="DataTD" colspan="2"><?=_('No access granted. Ticket number is missing')?></td>
377 </tr>
378 <tr>
379 <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>&amp;showlostpw=yes&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Show Lost Password Details")?></a></td>
380 </tr>
381 <?
382 } else {
383 ?>
384 <tr>
385 <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>&amp;showlostpw=yes&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Show Lost Password Details")?></a></td>
386 </tr>
387 <? }
388
389 // list assurance points
390 ?>
391 <tr>
392 <td class="DataTD"><?=_("Assurance Points")?>:</td>
393 <td class="DataTD"><?=intval($drow['points'])?></td>
394 </tr>
395 <?
396 // show account history
397 ?>
398 <tr>
399 <td class="DataTD" colspan="2"><a href="account.php?id=59&amp;oldid=43&amp;userid=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_('Show account history')?></a></td>
400 </tr>
401 </table>
402 <br/>
403 <?
404 //list secondary email addresses
405 $dres = get_email_addresses(intval($row['id']),$row['email']);
406 if(mysql_num_rows($dres) > 0) {
407 ?>
408 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
409 <tr>
410 <td colspan="5" class="title"><?=_("Alternate Verified Email Addresses")?></td>
411 </tr>
412 <?
413 while($drow = mysql_fetch_assoc($dres)) {
414 ?>
415 <tr>
416 <td class="DataTD"><?=_("Secondary Emails")?>:</td>
417 <td class="DataTD"><?=sanitizeHTML($drow['email'])?></td>
418 </tr>
419 <?
420 }
421 ?>
422 </table>
423 <br/>
424 <?
425 }
426
427 // list of domains
428 $dres=get_domains(intval($row['id']));
429 if(mysql_num_rows($dres) > 0) {
430 ?>
431 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
432 <tr>
433 <td colspan="5" class="title"><?=_("Verified Domains")?></td>
434 </tr>
435 <?
436 while($drow = mysql_fetch_assoc($dres)) {
437 ?>
438 <tr>
439 <td class="DataTD"><?=_("Domain")?>:</td>
440 <td class="DataTD"><?=sanitizeHTML($drow['domain'])?></td>
441 </tr>
442 <?
443 }
444 ?>
445 </table>
446 <br/>
447 <?
448 }
449 ?>
450 <? // Begin - Debug infos ?>
451 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
452 <tr>
453 <td colspan="2" class="title"><?=_("Account State")?></td>
454 </tr>
455
456 <?
457 // --- bug-975 begin ---
458 // potential db inconsistency like in a20110804.1
459 // Admin console -> don't list user account
460 // User login -> impossible
461 // Assurer, assure someone -> user displayed
462 /* regular user account search with regular settings
463
464 --- Admin Console find user query
465 $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email`
466 where `users`.`id`=`email`.`memid` and
467 (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and
468 `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0
469 group by `users`.`id` limit 100";
470 => requirements
471 1. email.hash = ''
472 2. email.deleted = 0
473 3. users.deleted = 0
474 4. email.email = primary-email (???) or'd
475 not covered by admin console find user routine, but may block users login
476 5. users.verified = 0|1
477 further "special settings"
478 6. users.locked (setting displayed in display form)
479 7. users.assurer_blocked (setting displayed in display form)
480
481 --- User login user query
482 select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
483 `password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0
484 => requirements
485 1. users.verified = 1
486 2. users.deleted = 0
487 3. users.locked = 0
488 4. users.email = primary-email
489
490 --- Assurer, assure someone find user query
491 select * from `users` where `email`='".mysql_real_escape_string(stripslashes($_POST['email']))."'
492 and `deleted`=0
493 => requirements
494 1. users.deleted = 0
495 2. users.email = primary-email
496
497 Admin User Assurer
498 bit Console Login assure someone
499
500 1. email.hash = '' Yes No No
501 2. email.deleted = 0 Yes No No
502 3. users.deleted = 0 Yes Yes Yes
503 4. users.verified = 1 No Yes No
504 5. users.locked = 0 No Yes No
505 6. users.email = prim-email No Yes Yes
506 7. email.email = prim-email Yes No No
507
508 full usable account needs all 7 requirements fulfilled
509 so if one setting isn't set/cleared there is an inconsistency either way
510 if eg email.email is not avail, admin console cannot open user info
511 but user can login and assurer can display user info
512 if user verified is not set to 1, admin console displays user record
513 but user cannot login, but assurer can search for the user and the data displays
514
515 consistency check:
516 1. search primary-email in users.email
517 2. search primary-email in email.email
518 3. userid = email.memid
519 4. check settings from table 1. - 5.
520
521 */
522
523 $inconsistency = 0;
524 $inconsistencydisp = "";
525 $inccause = "";
526
527 // current userid intval($row['id'])
528 $query = "select `email` as `uemail`, `deleted` as `udeleted`, `verified`, `locked`
529 from `users` where `id`='".intval($row['id'])."' ";
530 $dres = mysql_query($query);
531 $drow = mysql_fetch_assoc($dres);
532 $uemail = $drow['uemail'];
533 $udeleted = $drow['udeleted'];
534 $uverified = $drow['verified'];
535 $ulocked = $drow['locked'];
536
537 $query = "select `hash`, `email` as `eemail` from `email`
538 where `memid`='".intval($row['id'])."' and
539 `email` ='".$uemail."' and
540 `deleted` = 0";
541 $dres = mysql_query($query);
542 if ($drow = mysql_fetch_assoc($dres)) {
543 $drow['edeleted'] = 0;
544 } else {
545 // try if there are deleted entries
546 $query = "select `hash`, `deleted` as `edeleted`, `email` as `eemail` from `email`
547 where `memid`='".intval($row['id'])."' and
548 `email` ='".$uemail."'";
549 $dres = mysql_query($query);
550 $drow = mysql_fetch_assoc($dres);
551 }
552
553 if ($drow) {
554 $eemail = $drow['eemail'];
555 $edeleted = $drow['edeleted'];
556 $ehash = $drow['hash'];
557 if ($udeleted!=0) {
558 $inconsistency += 1;
559 $inccause .= (empty($inccause)?"":"<br>")._("Users record set to deleted");
560 }
561 if ($uverified!=1) {
562 $inconsistency += 2;
563 $inccause .= (empty($inccause)?"":"<br>")._("Users record verified not set");
564 }
565 if ($ulocked!=0) {
566 $inconsistency += 4;
567 $inccause .= (empty($inccause)?"":"<br>")._("Users record locked set");
568 }
569 if ($edeleted!=0) {
570 $inconsistency += 8;
571 $inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted");
572 }
573 if ($ehash!='') {
574 $inconsistency += 16;
575 $inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset");
576 }
577 } else {
578 $inconsistency = 32;
579 $inccause = _("Prim. email, Email record doesn't exist");
580 }
581 if ($inconsistency>0) {
582 // $inconsistencydisp = _("Yes");
583 ?>
584 <tr>
585 <td class="DataTD"><?=_("Account inconsistency")?>:</td>
586 <td class="DataTD"><?=$inccause?><br>code: <?=intval($inconsistency)?></td>
587 </tr>
588 <tr>
589 <td colspan="2" class="DataTD" style="max-width: 75ex;">
590 <?=_("Account inconsistency can cause problems in daily account operations and needs to be fixed manually through arbitration/critical team.")?>
591 </td>
592 </tr>
593 <?
594 }
595
596 // --- bug-975 end ---
597 ?>
598 </table>
599 <br />
600 <?
601 // End - Debug infos
602
603 // certificate overview
604 ?>
605
606 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
607 <tr>
608 <td colspan="6" class="title"><?=_("Certificates")?></td>
609 </tr>
610 <tr>
611 <td class="DataTD"><?=_("Cert Type")?>:</td>
612 <td class="DataTD"><?=_("Total")?></td>
613 <td class="DataTD"><?=_("Valid")?></td>
614 <td class="DataTD"><?=_("Expired")?></td>
615 <td class="DataTD"><?=_("Revoked")?></td>
616 <td class="DataTD"><?=_("Latest Expire")?></td>
617 </tr>
618 <!-- server certificates -->
619 <tr>
620 <td class="DataTD"><?=_("Server")?>:</td>
621 <?
622 $query = "
623 select COUNT(*) as `total`,
624 MAX(`domaincerts`.`expire`) as `maxexpire`
625 from `domains` inner join `domaincerts`
626 on `domains`.`id` = `domaincerts`.`domid`
627 where `domains`.`memid` = '".intval($row['id'])."'
628 ";
629 $dres = mysql_query($query);
630 $drow = mysql_fetch_assoc($dres);
631 $total = $drow['total'];
632
633 $maxexpire = "0000-00-00 00:00:00";
634 if ($drow['maxexpire']) {
635 $maxexpire = $drow['maxexpire'];
636 }
637
638 if($total > 0) {
639 $query = "
640 select COUNT(*) as `valid`
641 from `domains` inner join `domaincerts`
642 on `domains`.`id` = `domaincerts`.`domid`
643 where `domains`.`memid` = '".intval($row['id'])."'
644 and `revoked` = '0000-00-00 00:00:00'
645 and `expire` > NOW()
646 ";
647 $dres = mysql_query($query);
648 $drow = mysql_fetch_assoc($dres);
649 $valid = $drow['valid'];
650
651 $query = "
652 select COUNT(*) as `expired`
653 from `domains` inner join `domaincerts`
654 on `domains`.`id` = `domaincerts`.`domid`
655 where `domains`.`memid` = '".intval($row['id'])."'
656 and `expire` <= NOW()
657 ";
658 $dres = mysql_query($query);
659 $drow = mysql_fetch_assoc($dres);
660 $expired = $drow['expired'];
661
662 $query = "
663 select COUNT(*) as `revoked`
664 from `domains` inner join `domaincerts`
665 on `domains`.`id` = `domaincerts`.`domid`
666 where `domains`.`memid` = '".intval($row['id'])."'
667 and `revoked` != '0000-00-00 00:00:00'
668 ";
669 $dres = mysql_query($query);
670 $drow = mysql_fetch_assoc($dres);
671 $revoked = $drow['revoked'];
672 ?>
673 <td class="DataTD"><?=intval($total)?></td>
674 <td class="DataTD"><?=intval($valid)?></td>
675 <td class="DataTD"><?=intval($expired)?></td>
676 <td class="DataTD"><?=intval($revoked)?></td>
677 <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
678 <?
679 } else { // $total > 0
680 ?>
681 <td colspan="5" class="DataTD"><?=_("None")?></td>
682 <?
683 }
684 ?>
685 </tr>
686 <!-- client certificates -->
687 <tr>
688 <td class="DataTD"><?=_("Client")?>:</td>
689 <?
690 $query = "
691 select COUNT(*) as `total`, MAX(`expire`) as `maxexpire`
692 from `emailcerts`
693 where `memid` = '".intval($row['id'])."'
694 ";
695 $dres = mysql_query($query);
696 $drow = mysql_fetch_assoc($dres);
697 $total = $drow['total'];
698
699 $maxexpire = "0000-00-00 00:00:00";
700 if ($drow['maxexpire']) {
701 $maxexpire = $drow['maxexpire'];
702 }
703
704 if($total > 0) {
705 $query = "
706 select COUNT(*) as `valid`
707 from `emailcerts`
708 where `memid` = '".intval($row['id'])."'
709 and `revoked` = '0000-00-00 00:00:00'
710 and `expire` > NOW()
711 ";
712 $dres = mysql_query($query);
713 $drow = mysql_fetch_assoc($dres);
714 $valid = $drow['valid'];
715
716 $query = "
717 select COUNT(*) as `expired`
718 from `emailcerts`
719 where `memid` = '".intval($row['id'])."'
720 and `expire` <= NOW()
721 ";
722 $dres = mysql_query($query);
723 $drow = mysql_fetch_assoc($dres);
724 $expired = $drow['expired'];
725
726 $query = "
727 select COUNT(*) as `revoked`
728 from `emailcerts`
729 where `memid` = '".intval($row['id'])."'
730 and `revoked` != '0000-00-00 00:00:00'
731 ";
732 $dres = mysql_query($query);
733 $drow = mysql_fetch_assoc($dres);
734 $revoked = $drow['revoked'];
735 ?>
736 <td class="DataTD"><?=intval($total)?></td>
737 <td class="DataTD"><?=intval($valid)?></td>
738 <td class="DataTD"><?=intval($expired)?></td>
739 <td class="DataTD"><?=intval($revoked)?></td>
740 <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
741 <?
742 } else { // $total > 0
743 ?>
744 <td colspan="5" class="DataTD"><?=_("None")?></td>
745 <?
746 }
747 ?>
748 </tr>
749 <!-- gpg certificates -->
750 <tr>
751 <td class="DataTD"><?=_("GPG")?>:</td>
752 <?
753 $query = "
754 select COUNT(*) as `total`, MAX(`expire`) as `maxexpire`
755 from `gpg`
756 where `memid` = '".intval($row['id'])."'
757 ";
758 $dres = mysql_query($query);
759 $drow = mysql_fetch_assoc($dres);
760 $total = $drow['total'];
761
762 $maxexpire = "0000-00-00 00:00:00";
763 if ($drow['maxexpire']) {
764 $maxexpire = $drow['maxexpire'];
765 }
766
767 if($total > 0) {
768 $query = "
769 select COUNT(*) as `valid`
770 from `gpg`
771 where `memid` = '".intval($row['id'])."'
772 and `expire` > NOW()
773 ";
774 $dres = mysql_query($query);
775 $drow = mysql_fetch_assoc($dres);
776 $valid = $drow['valid'];
777
778 $query = "
779 select COUNT(*) as `expired`
780 from `gpg`
781 where `memid` = '".intval($row['id'])."'
782 and `expire` <= NOW()
783 ";
784 $dres = mysql_query($query);
785 $drow = mysql_fetch_assoc($dres);
786 $expired = $drow['expired'];
787 ?>
788 <td class="DataTD"><?=intval($total)?></td>
789 <td class="DataTD"><?=intval($valid)?></td>
790 <td class="DataTD"><?=intval($expired)?></td>
791 <td class="DataTD"></td>
792 <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
793 <?
794 } else { // $total > 0
795 ?>
796 <td colspan="5" class="DataTD"><?=_("None")?></td>
797 <?
798 }
799 ?>
800 </tr>
801 <!-- org server certificates -->
802 <tr>
803 <td class="DataTD"><a href="account.php?id=58&amp;userid=<?=intval($row['id'])?>"><?=_("Org Server")?></a>:</td>
804 <?
805 $query = "
806 select COUNT(*) as `total`,
807 MAX(`orgcerts`.`expire`) as `maxexpire`
808 from `orgdomaincerts` as `orgcerts` inner join `org`
809 on `orgcerts`.`orgid` = `org`.`orgid`
810 where `org`.`memid` = '".intval($row['id'])."'
811 ";
812 $dres = mysql_query($query);
813 $drow = mysql_fetch_assoc($dres);
814 $total = $drow['total'];
815
816 $maxexpire = "0000-00-00 00:00:00";
817 if ($drow['maxexpire']) {
818 $maxexpire = $drow['maxexpire'];
819 }
820
821 if($total > 0) {
822 $query = "
823 select COUNT(*) as `valid`
824 from `orgdomaincerts` as `orgcerts` inner join `org`
825 on `orgcerts`.`orgid` = `org`.`orgid`
826 where `org`.`memid` = '".intval($row['id'])."'
827 and `orgcerts`.`revoked` = '0000-00-00 00:00:00'
828 and `orgcerts`.`expire` > NOW()
829 ";
830 $dres = mysql_query($query);
831 $drow = mysql_fetch_assoc($dres);
832 $valid = $drow['valid'];
833
834 $query = "
835 select COUNT(*) as `expired`
836 from `orgdomaincerts` as `orgcerts` inner join `org`
837 on `orgcerts`.`orgid` = `org`.`orgid`
838 where `org`.`memid` = '".intval($row['id'])."'
839 and `orgcerts`.`expire` <= NOW()
840 ";
841 $dres = mysql_query($query);
842 $drow = mysql_fetch_assoc($dres);
843 $expired = $drow['expired'];
844
845 $query = "
846 select COUNT(*) as `revoked`
847 from `orgdomaincerts` as `orgcerts` inner join `org`
848 on `orgcerts`.`orgid` = `org`.`orgid`
849 where `org`.`memid` = '".intval($row['id'])."'
850 and `orgcerts`.`revoked` != '0000-00-00 00:00:00'
851 ";
852 $dres = mysql_query($query);
853 $drow = mysql_fetch_assoc($dres);
854 $revoked = $drow['revoked'];
855 ?>
856 <td class="DataTD"><?=intval($total)?></td>
857 <td class="DataTD"><?=intval($valid)?></td>
858 <td class="DataTD"><?=intval($expired)?></td>
859 <td class="DataTD"><?=intval($revoked)?></td>
860 <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
861 <?
862 } else { // $total > 0
863 ?>
864 <td colspan="5" class="DataTD"><?=_("None")?></td>
865 <?
866 }
867 ?>
868 </tr>
869 <!-- org client certificates -->
870 <tr>
871 <td class="DataTD"><?=_("Org Client")?>:</td>
872 <?
873 $query = "
874 select COUNT(*) as `total`,
875 MAX(`orgcerts`.`expire`) as `maxexpire`
876 from `orgemailcerts` as `orgcerts` inner join `org`
877 on `orgcerts`.`orgid` = `org`.`orgid`
878 where `org`.`memid` = '".intval($row['id'])."'
879 ";
880 $dres = mysql_query($query);
881 $drow = mysql_fetch_assoc($dres);
882 $total = $drow['total'];
883
884 $maxexpire = "0000-00-00 00:00:00";
885 if ($drow['maxexpire']) {
886 $maxexpire = $drow['maxexpire'];
887 }
888
889 if($total > 0) {
890 $query = "
891 select COUNT(*) as `valid`
892 from `orgemailcerts` as `orgcerts` inner join `org`
893 on `orgcerts`.`orgid` = `org`.`orgid`
894 where `org`.`memid` = '".intval($row['id'])."'
895 and `orgcerts`.`revoked` = '0000-00-00 00:00:00'
896 and `orgcerts`.`expire` > NOW()
897 ";
898 $dres = mysql_query($query);
899 $drow = mysql_fetch_assoc($dres);
900 $valid = $drow['valid'];
901
902 $query = "
903 select COUNT(*) as `expired`
904 from `orgemailcerts` as `orgcerts` inner join `org`
905 on `orgcerts`.`orgid` = `org`.`orgid`
906 where `org`.`memid` = '".intval($row['id'])."'
907 and `orgcerts`.`expire` <= NOW()
908 ";
909 $dres = mysql_query($query);
910 $drow = mysql_fetch_assoc($dres);
911 $expired = $drow['expired'];
912
913 $query = "
914 select COUNT(*) as `revoked`
915 from `orgemailcerts` as `orgcerts` inner join `org`
916 on `orgcerts`.`orgid` = `org`.`orgid`
917 where `org`.`memid` = '".intval($row['id'])."'
918 and `orgcerts`.`revoked` != '0000-00-00 00:00:00'
919 ";
920 $dres = mysql_query($query);
921 $drow = mysql_fetch_assoc($dres);
922 $revoked = $drow['revoked'];
923 ?>
924 <td class="DataTD"><?=intval($total)?></td>
925 <td class="DataTD"><?=intval($valid)?></td>
926 <td class="DataTD"><?=intval($expired)?></td>
927 <td class="DataTD"><?=intval($revoked)?></td>
928 <td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
929 <?
930 } else { // $total > 0
931 ?>
932 <td colspan="5" class="DataTD"><?=_("None")?></td>
933 <?
934 }
935 ?>
936 </tr>
937 <tr>
938 <td colspan="6" class="title">
939 <form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to revoke all private certificates?")?>')) return false;">
940 <input type="hidden" name="action" value="revokecert">
941 <input type="hidden" name="oldid" value="43">
942 <input type="hidden" name="userid" value="<?=intval($userid)?>">
943 <input type="submit" value="<?=_('revoke certificates')?>">
944 <input type="hidden" name="ticketno" value="<?=sanitizeHTML($ticketno)?>"/>
945 </form>
946 </td>
947 </tr>
948 </table>
949 <br />
950 <? // list assurances ?>
951 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
952 <tr>
953 <td class="DataTD">
954 <a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>&amp;shownotary=assuredto&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Show Assurances the user got")?></a>
955 (<a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>&amp;shownotary=assuredto15&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("New calculation")?></a>)
956 </td>
957 </tr>
958 <tr>
959 <td class="DataTD">
960 <a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>&amp;shownotary=assuredby&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Show Assurances the user gave")?></a>
961 (<a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>&amp;shownotary=assuredby15&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("New calculation")?></a>)
962 </td>
963 </tr>
964 </table>
965 <?
966 // if(array_key_exists('assuredto',$_GET) && $_GET['assuredto'] == "yes") {
967
968
969 function showassuredto($ticketno)
970 {
971 ?>
972 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
973 <tr>
974 <td colspan="8" class="title"><?=_("Assurance Points")?></td>
975 </tr>
976 <tr>
977 <td class="DataTD"><b><?=_("ID")?></b></td>
978 <td class="DataTD"><b><?=_("Date")?></b></td>
979 <td class="DataTD"><b><?=_("Who")?></b></td>
980 <td class="DataTD"><b><?=_("Email")?></b></td>
981 <td class="DataTD"><b><?=_("Points")?></b></td>
982 <td class="DataTD"><b><?=_("Location")?></b></td>
983 <td class="DataTD"><b><?=_("Method")?></b></td>
984 <td class="DataTD"><b><?=_("Revoke")?></b></td>
985 </tr>
986 <?
987 $query = "select * from `notary` where `to`='".intval($_GET['userid'])."' and `deleted` = 0";
988 $dres = mysql_query($query);
989 $points = 0;
990 while($drow = mysql_fetch_assoc($dres)) {
991 $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['from'])."'"));
992 $points += $drow['points'];
993 ?>
994 <tr>
995 <td class="DataTD"><?=$drow['id']?></td>
996 <td class="DataTD"><?=sanitizeHTML($drow['date'])?></td>
997 <td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['fname'])." ".sanitizeHTML($fromuser['lname'])?></td>
998 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td>
999 <td class="DataTD"><?=intval($drow['points'])?></td>
1000 <td class="DataTD"><?=sanitizeHTML($drow['location'])?></td>
1001 <td class="DataTD"><?=sanitizeHTML($drow['method'])?></td>
1002 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>&amp;assurance=<?=intval($drow['id'])?>&amp;csrf=<?=make_csrf('admdelassurance')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),intval($drow['id']))?>');"><?=_("Revoke")?></a></td>
1003 </tr>
1004 <?
1005 }
1006 ?>
1007 <tr>
1008 <td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td>
1009 <td class="DataTD"><?=intval($points)?></td>
1010 <td class="DataTD" colspan="3">&nbsp;</td>
1011 </tr>
1012 </table>
1013 <?
1014 }
1015
1016 function showassuredby($ticketno)
1017 {
1018 ?>
1019 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
1020 <tr>
1021 <td colspan="8" class="title"><?=_("Assurance Points The User Issued")?></td>
1022 </tr>
1023 <tr>
1024 <td class="DataTD"><b><?=_("ID")?></b></td>
1025 <td class="DataTD"><b><?=_("Date")?></b></td>
1026 <td class="DataTD"><b><?=_("Who")?></b></td>
1027 <td class="DataTD"><b><?=_("Email")?></b></td>
1028 <td class="DataTD"><b><?=_("Points")?></b></td>
1029 <td class="DataTD"><b><?=_("Location")?></b></td>
1030 <td class="DataTD"><b><?=_("Method")?></b></td>
1031 <td class="DataTD"><b><?=_("Revoke")?></b></td>
1032 </tr>
1033 <?
1034 $query = "select * from `notary` where `from`='".intval($_GET['userid'])."' and `deleted` = 0";
1035 $dres = mysql_query($query);
1036 $points = 0;
1037 while($drow = mysql_fetch_assoc($dres)) {
1038 $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['to'])."'"));
1039 $points += intval($drow['points']);
1040 ?>
1041 <tr>
1042 <td class="DataTD"><?=intval($drow['id'])?></td>
1043 <td class="DataTD"><?=$drow['date']?></td>
1044 <td class="DataTD"><a href="wot.php?id=9&userid=<?=intval($drow['to'])?>"><?=sanitizeHTML($fromuser['fname']." ".$fromuser['lname'])?></td>
1045 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td>
1046 <td class="DataTD"><?=intval($drow['points'])?></td>
1047 <td class="DataTD"><?=sanitizeHTML($drow['location'])?></td>
1048 <td class="DataTD"><?=sanitizeHTML($drow['method'])?></td>
1049 <td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['from'])?>&assurance=<?=intval($drow['id'])?>&amp;csrf=<?=make_csrf('admdelassurance')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),intval($drow['id']))?>');"><?=_("Revoke")?></a></td>
1050 </tr>
1051 <?
1052 }
1053 ?>
1054 <tr>
1055 <td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td>
1056 <td class="DataTD"><?=intval($points)?></td>
1057 <td class="DataTD" colspan="3">&nbsp;</td>
1058 </tr>
1059 </table>
1060 <?} ?>
1061 <br/><br/>
1062 <?
1063 } }
1064
1065 if(isset($_GET['shownotary'])) {
1066 switch($_GET['shownotary']) {
1067 case 'assuredto':
1068 showassuredto($ticketno);
1069 break;
1070 case 'assuredby':
1071 showassuredby($ticketno);
1072 break;
1073 case 'assuredto15':
1074 output_received_assurances(intval($_GET['userid']),1,$ticketno);
1075 break;
1076 case 'assuredby15':
1077 output_given_assurances(intval($_GET['userid']),1, $ticketno);
1078 break;
1079 }
1080 }