Source code taken from cacert-20111021.tar.bz2
[cacert.git] / pages / account / 43.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */ ?>
18 <?
19 include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
20
21
22 if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0)
23 {
24 $assurance = mysql_escape_string(intval($_REQUEST['assurance']));
25 $row = 0;
26 $res = mysql_query("select `to` from `notary` where `id`='$assurance'");
27 if ($res) {
28 $row = mysql_fetch_assoc($res);
29 }
30 mysql_query("delete from `notary` where `id`='$assurance'");
31 if ($row) {
32 fix_assurer_flag($row['to']);
33 }
34 }
35
36 if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
37 {
38 $emailsearch = $email = mysql_escape_string(stripslashes($_REQUEST['email']));
39
40 //Disabled to speed up the queries
41 //if(!strstr($email, "%"))
42 // $emailsearch = "%$email%";
43
44 // bug-975 ted+uli changes --- begin
45 if(preg_match("/^[0-9]+$/", $email)) {
46 // $email consists of digits only ==> search for IDs
47 // Be defensive here (outer join) if primary mail is not listed in email table
48 $query = "select `users`.`id` as `id`, `email`.`email` as `email`
49 from `users` left outer join `email` on (`users`.`id`=`email`.`memid`)
50 where (`email`.`id`='$email' or `users`.`id`='$email')
51 and `users`.`deleted`=0
52 group by `users`.`id` limit 100";
53 } else {
54 // $email contains non-digits ==> search for mail addresses
55 // Be defensive here (outer join) if primary mail is not listed in email table
56 $query = "select `users`.`id` as `id`, `email`.`email` as `email`
57 from `users` left outer join `email` on (`users`.`id`=`email`.`memid`)
58 where (`email`.`email` like '$emailsearch'
59 or `users`.`email` like '$emailsearch')
60 and `users`.`deleted`=0
61 group by `users`.`id` limit 100";
62 }
63 // bug-975 ted+uli changes --- end
64 $res = mysql_query($query);
65 if(mysql_num_rows($res) > 1) { ?>
66 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
67 <tr>
68 <td colspan="5" class="title"><?=_("Select Specific Account Details")?></td>
69 </tr>
70 <tr>
71 <td class="DataTD"><?=_("User ID")?></td>
72 <td class="DataTD"><?=_("Email")?></td>
73 </tr>
74 <?
75 while($row = mysql_fetch_assoc($res))
76 { ?>
77 <tr>
78 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>"><?=intval($row['id'])?></a></td>
79 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td>
80 </tr>
81 <? } if(mysql_num_rows($res) >= 100) { ?>
82 <tr>
83 <td class="DataTD" colspan="2"><?=_("Only the first 100 rows are displayed.")?></td>
84 </tr>
85 <? } else { ?>
86 <tr>
87 <td class="DataTD" colspan="2"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td>
88 </tr>
89 <? } ?>
90 </table><br><br>
91 <? } elseif(mysql_num_rows($res) == 1) {
92 $row = mysql_fetch_assoc($res);
93 $_REQUEST['userid'] = $row['id'];
94 } else {
95 printf(_("No users found matching %s"), sanitizeHTML($email));
96 }
97 }
98
99 if(intval($_REQUEST['userid']) > 0)
100 {
101 $id = intval($_REQUEST['userid']);
102 $query = "select * from `users` where `id`='$id' and `users`.`deleted`=0";
103 $res = mysql_query($query);
104 if(mysql_num_rows($res) <= 0)
105 {
106 echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
107 } else {
108 $row = mysql_fetch_assoc($res);
109 $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."'";
110 $dres = mysql_query($query);
111 $drow = mysql_fetch_assoc($dres);
112 $alerts = mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($row['id'])."'"));
113 ?>
114 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
115 <tr>
116 <td colspan="5" class="title"><? printf(_("%s's Account Details"), sanitizeHTML($row['email'])); ?></td>
117 </tr>
118 <tr>
119 <td class="DataTD"><?=_("Email")?>:</td>
120 <td class="DataTD"><?=sanitizeHTML($row['email'])?></td>
121 </tr>
122 <tr>
123 <td class="DataTD"><?=_("First Name")?>:</td>
124 <td class="DataTD"><form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to modify this DOB and/or last name?")?>')) return false;">
125 <input type="hidden" name="csrf" value="<?=make_csrf('admchangepers')?>" />
126 <input type="text" name="fname" value="<?=sanitizeHTML($row['fname'])?>"></td>
127 </tr>
128 <tr>
129 <td class="DataTD"><?=_("Middle Name")?>:</td>
130 <td class="DataTD"><input type="text" name="mname" value="<?=sanitizeHTML($row['mname'])?>"></td>
131 </tr>
132 <tr>
133 <td class="DataTD"><?=_("Last Name")?>:</td>
134 <td class="DataTD"> <input type="hidden" name="oldid" value="43">
135 <input type="hidden" name="action" value="updatedob">
136 <input type="hidden" name="userid" value="<?=intval($id)?>">
137 <input type="text" name="lname" value="<?=sanitizeHTML($row['lname'])?>"></td>
138 </tr>
139 <tr>
140 <td class="DataTD"><?=_("Suffix")?>:</td>
141 <td class="DataTD"><input type="text" name="suffix" value="<?=sanitizeHTML($row['suffix'])?>"></td>
142 </tr>
143 <tr>
144 <td class="DataTD"><?=_("Date of Birth")?>:</td>
145 <td class="DataTD">
146 <?
147 $year = intval(substr($row['dob'], 0, 4));
148 $month = intval(substr($row['dob'], 5, 2));
149 $day = intval(substr($row['dob'], 8, 2));
150 ?><nobr><select name="day">
151 <?
152 for($i = 1; $i <= 31; $i++)
153 {
154 echo "<option";
155 if($day == $i)
156 echo " selected='selected'";
157 echo ">$i</option>";
158 }
159 ?>
160 </select>
161 <select name="month">
162 <?
163 for($i = 1; $i <= 12; $i++)
164 {
165 echo "<option value='$i'";
166 if($month == $i)
167 echo " selected='selected'";
168 echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))."</option>";
169 }
170 ?>
171 </select>
172 <input type="text" name="year" value="<?=$year?>" size="4">
173 <input type="submit" value="Go"></form></nobr></td>
174 </tr>
175 <tr>
176 <td class="DataTD"><?=_("Trainings")?>:</td>
177 <td class="DataTD"><a href="account.php?id=55&amp;userid=<?=intval($row['id'])?>">show</a></td>
178 </tr>
179 <tr>
180 <td class="DataTD"><?=_("Is Assurer")?>:</td>
181 <td class="DataTD"><a href="account.php?id=43&amp;assurer=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admsetassuret')?>"><?=$row['assurer']?></a></td>
182 </tr>
183 <tr>
184 <td class="DataTD"><?=_("Blocked Assurer")?>:</td>
185 <td class="DataTD"><a href="account.php?id=43&amp;assurer_blocked=<?=intval($row['id'])?>"><?=$row['assurer_blocked']?></a></td>
186 </tr>
187 <tr>
188 <td class="DataTD"><?=_("Account Locking")?>:</td>
189 <td class="DataTD"><a href="account.php?id=43&amp;locked=<?=$row['id']?>&amp;csrf=<?=make_csrf('admactlock')?>"><?=$row['locked']?></a></td>
190 </tr>
191 <tr>
192 <td class="DataTD"><?=_("Code Signing")?>:</td>
193 <td class="DataTD"><a href="account.php?id=43&amp;codesign=<?=$row['id']?>&amp;csrf=<?=make_csrf('admcodesign')?>"><?=$row['codesign']?></a></td>
194 </tr>
195 <tr>
196 <td class="DataTD"><?=_("Org Assurer")?>:</td>
197 <td class="DataTD"><a href="account.php?id=43&amp;orgadmin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admorgadmin')?>"><?=$row['orgadmin']?></a></td>
198 </tr>
199 <tr>
200 <td class="DataTD"><?=_("TTP Admin")?>:</td>
201 <td class="DataTD"><a href="account.php?id=43&amp;ttpadmin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admttpadmin')?>"><?=$row['ttpadmin']?></a></td>
202 </tr>
203 <tr>
204 <td class="DataTD"><?=_("Location Admin")?>:</td>
205 <td class="DataTD"><a href="account.php?id=43&amp;locadmin=<?=$row['id']?>"><?=$row['locadmin']?></a></td>
206 </tr>
207 <tr>
208 <td class="DataTD"><?=_("Admin")?>:</td>
209 <td class="DataTD"><a href="account.php?id=43&amp;admin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admsetadmin')?>"><?=$row['admin']?></a></td>
210 </tr>
211 <tr>
212 <td class="DataTD"><?=_("Ad Admin")?>:</td>
213 <td class="DataTD"><a href="account.php?id=43&amp;adadmin=<?=$row['id']?>"><?=$row['adadmin']?></a> (0 = none, 1 = submit, 2 = approve)</td>
214 </tr>
215 <tr>
216 <td class="DataTD"><?=_("Tverify Account")?>:</td>
217 <td class="DataTD"><a href="account.php?id=43&amp;tverify=<?=$row['id']?>"><?=$row['tverify']?></a></td>
218 </tr>
219 <tr>
220 <td class="DataTD"><?=_("General Announcements")?>:</td>
221 <td class="DataTD"><a href="account.php?id=43&amp;general=<?=$row['id']?>"><?=$alerts['general']?></a></td>
222 </tr>
223 <tr>
224 <td class="DataTD"><?=_("Country Announcements")?>:</td>
225 <td class="DataTD"><a href="account.php?id=43&amp;country=<?=$row['id']?>"><?=$alerts['country']?></a></td>
226 </tr>
227 <tr>
228 <td class="DataTD"><?=_("Regional Announcements")?>:</td>
229 <td class="DataTD"><a href="account.php?id=43&amp;regional=<?=$row['id']?>"><?=$alerts['regional']?></a></td>
230 </tr>
231 <tr>
232 <td class="DataTD"><?=_("Within 200km Announcements")?>:</td>
233 <td class="DataTD"><a href="account.php?id=43&amp;radius=<?=$row['id']?>"><?=$alerts['radius']?></a></td>
234 </tr>
235 <tr>
236 <td class="DataTD"><?=_("Change Password")?>:</td>
237 <td class="DataTD"><a href="account.php?id=44&amp;userid=<?=$row['id']?>"><?=_("Change Password")?></a></td>
238 </tr>
239 <tr>
240 <td class="DataTD"><?=_("Delete Account")?>:</td>
241 <td class="DataTD"><a href="account.php?id=50&amp;userid=<?=$row['id']?>&amp;csrf=<?=make_csrf('admdelaccount')?>"><?=_("Delete Account")?></a></td>
242 </tr>
243 <?
244 // This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!!
245 if(array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes") {
246 ?>
247 <tr>
248 <td class="DataTD"><?=_("Lost Password")?> - Q1:</td>
249 <td class="DataTD"><?=sanitizeHTML($row['Q1'])?></td>
250 </tr>
251 <tr>
252 <td class="DataTD"><?=_("Lost Password")?> - A1:</td>
253 <td class="DataTD"><?=sanitizeHTML($row['A1'])?></td>
254 </tr>
255 <tr>
256 <td class="DataTD"><?=_("Lost Password")?> - Q2:</td>
257 <td class="DataTD"><?=sanitizeHTML($row['Q2'])?></td>
258 </tr>
259 <tr>
260 <td class="DataTD"><?=_("Lost Password")?> - A2:</td>
261 <td class="DataTD"><?=sanitizeHTML($row['A2'])?></td>
262 </tr>
263 <tr>
264 <td class="DataTD"><?=_("Lost Password")?> - Q3:</td>
265 <td class="DataTD"><?=sanitizeHTML($row['Q3'])?></td>
266 </tr>
267 <tr>
268 <td class="DataTD"><?=_("Lost Password")?> - A3:</td>
269 <td class="DataTD"><?=sanitizeHTML($row['A3'])?></td>
270 </tr>
271 <tr>
272 <td class="DataTD"><?=_("Lost Password")?> - Q4:</td>
273 <td class="DataTD"><?=sanitizeHTML($row['Q4'])?></td>
274 </tr>
275 <tr>
276 <td class="DataTD"><?=_("Lost Password")?> - A4:</td>
277 <td class="DataTD"><?=sanitizeHTML($row['A4'])?></td>
278 </tr>
279 <tr>
280 <td class="DataTD"><?=_("Lost Password")?> - Q5:</td>
281 <td class="DataTD"><?=sanitizeHTML($row['Q5'])?></td>
282 </tr>
283 <tr>
284 <td class="DataTD"><?=_("Lost Password")?> - A5:</td>
285 <td class="DataTD"><?=sanitizeHTML($row['A5'])?></td>
286 </tr>
287 <? } else { ?>
288 <tr>
289 <td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;showlostpw=yes"><?=_("Show Lost Password Details")?></a></td>
290 </tr>
291 <? } ?>
292 <tr>
293 <td class="DataTD"><?=_("Assurance Points")?>:</td>
294 <td class="DataTD"><?=intval($drow['points'])?></td>
295 </tr>
296 </table>
297 <br><?
298 $query = "select * from `email` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`=''
299 and `email`!='".mysql_escape_string($row['email'])."'";
300 $dres = mysql_query($query);
301 if(mysql_num_rows($dres) > 0) { ?>
302 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
303 <tr>
304 <td colspan="5" class="title"><?=_("Alternate Verified Email Addresses")?></td>
305 </tr><?
306 $rc = mysql_num_rows($dres);
307 while($drow = mysql_fetch_assoc($dres))
308 { ?>
309 <tr>
310 <td class="DataTD"><?=_("Secondary Emails")?>:</td>
311 <td class="DataTD"><?=sanitizeHTML($drow['email'])?></td>
312 </tr>
313 <? } ?>
314 </table>
315 <br><? } ?>
316 <?
317 $query = "select * from `domains` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`=''";
318 $dres = mysql_query($query);
319 if(mysql_num_rows($dres) > 0) { ?>
320 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
321 <tr>
322 <td colspan="5" class="title"><?=_("Verified Domains")?></td>
323 </tr><?
324 $rc = mysql_num_rows($dres);
325 while($drow = mysql_fetch_assoc($dres))
326 { ?>
327 <tr>
328 <td class="DataTD"><?=_("Domain")?>:</td>
329 <td class="DataTD"><?=sanitizeHTML($drow['domain'])?></td>
330 </tr>
331 <? } ?>
332 </table>
333 <br>
334 <? } ?>
335 <? // Begin - Debug infos ?>
336 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
337 <tr>
338 <td colspan="2" class="title"><?=_("Account State")?></td>
339 </tr>
340
341 <?
342 // --- bug-975 begin ---
343 // potential db inconsistency like in a20110804.1
344 // Admin console -> don't list user account
345 // User login -> impossible
346 // Assurer, assure someone -> user displayed
347 /* regular user account search with regular settings
348
349 --- Admin Console find user query
350 $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email`
351 where `users`.`id`=`email`.`memid` and
352 (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and
353 `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0
354 group by `users`.`id` limit 100";
355 => requirements
356 1. email.hash = ''
357 2. email.deleted = 0
358 3. users.deleted = 0
359 4. email.email = primary-email (???) or'd
360 not covered by admin console find user routine, but may block users login
361 5. users.verified = 0|1
362 further "special settings"
363 6. users.locked (setting displayed in display form)
364 7. users.assurer_blocked (setting displayed in display form)
365
366 --- User login user query
367 select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
368 `password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0
369 => requirements
370 1. users.verified = 1
371 2. users.deleted = 0
372 3. users.locked = 0
373 4. users.email = primary-email
374
375 --- Assurer, assure someone find user query
376 select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."'
377 and `deleted`=0
378 => requirements
379 1. users.deleted = 0
380 2. users.email = primary-email
381 Admin User Assurer
382 bit Console Login assure someone
383
384 1. email.hash = '' Yes No No
385 2. email.deleted = 0 Yes No No
386 3. users.deleted = 0 Yes Yes Yes
387 4. users.verified = 1 No Yes No
388 5. users.locked = 0 No Yes No
389 6. users.email = prim-email No Yes Yes
390 7. email.email = prim-email Yes No No
391
392 full usable account needs all 7 requirements fulfilled
393 so if one setting isn't set/cleared there is an inconsistency either way
394 if eg email.email is not avail, admin console cannot open user info
395 but user can login and assurer can display user info
396 if user verified is not set to 1, admin console displays user record
397 but user cannot login, but assurer can search for the user and the data displays
398
399 consistency check:
400 1. search primary-email in users.email
401 2. search primary-email in email.email
402 3. userid = email.memid
403 4. check settings from table 1. - 5.
404
405 */
406
407 $inconsistency = 0;
408 $inconsistencydisp = "";
409 $inccause = "";
410 // current userid intval($row['id'])
411 $query = "select `email` as `uemail`, `deleted` as `udeleted`, `verified`, `locked`
412 from `users` where `id`='".intval($row['id'])."' ";
413 $dres = mysql_query($query);
414 $drow = mysql_fetch_assoc($dres);
415 $uemail = $drow['uemail'];
416 $udeleted = $drow['udeleted'];
417 $uverified = $drow['verified'];
418 $ulocked = $drow['locked'];
419
420 $query = "select `hash`, `email` as `eemail` from `email`
421 where `memid`='".intval($row['id'])."' and
422 `email` ='".$uemail."' and
423 `deleted` = 0";
424 $dres = mysql_query($query);
425 if ($drow = mysql_fetch_assoc($dres)) {
426 $drow['edeleted'] = 0;
427 } else {
428 // try if there are deleted entries
429 $query = "select `hash`, `deleted` as `edeleted`, `email` as `eemail` from `email`
430 where `memid`='".intval($row['id'])."' and
431 `email` ='".$uemail."'";
432 $dres = mysql_query($query);
433 $drow = mysql_fetch_assoc($dres);
434 }
435
436 if ($drow) {
437 $eemail = $drow['eemail'];
438 $edeleted = $drow['edeleted'];
439 $ehash = $drow['hash'];
440 if ($udeleted!=0) {
441 $inconsistency += 1;
442 $inccause .= (empty($inccause)?"":"<br>")._("Users record set to deleted");
443 }
444 if ($uverified!=1) {
445 $inconsistency += 2;
446 $inccause .= (empty($inccause)?"":"<br>")._("Users record verified not set");
447 }
448 if ($ulocked!=0) {
449 $inconsistency += 4;
450 $inccause .= (empty($inccause)?"":"<br>")._("Users record locked set");
451 }
452 if ($edeleted!=0) {
453 $inconsistency += 8;
454 $inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted");
455 }
456 if ($ehash!='') {
457 $inconsistency += 16;
458 $inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset");
459 }
460 } else {
461 $inconsistency = 32;
462 $inccause = _("Prim. email, Email record doesn't exist");
463 }
464 if ($inconsistency>0) {
465 // $inconsistencydisp = _("Yes");
466 ?>
467 <tr>
468 <td class="DataTD"><?=_("Account inconsistency")?>:</td>
469 <td class="DataTD"><?=$inccause?><br>code: <?=$inconsistency?></td>
470 </tr>
471 <tr>
472 <td colspan="2" class="DataTD" style="max-width: 75ex">
473 <?=_("Account inconsistency can cause problems in daily account ".
474 "operations and needs to be fixed manually through arbitration/critical ".
475 "team.")?>
476 </td>
477 </tr>
478 <? }
479
480 // --- bug-975 end ---
481 ?>
482 </table>
483 <br>
484 <?
485 // End - Debug infos
486 ?>
487
488 <a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredto"><?=_("Show Assurances the user got")?></a>
489 (<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredto15"><?=_("New calculation")?></a>)
490 <br />
491 <a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredby"><?=_("Show Assurances the user gave")?></a>
492 (<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredby15"><?=_("New calculation")?></a>)
493 <br />
494
495 <?
496 // if(array_key_exists('assuredto',$_GET) && $_GET['assuredto'] == "yes") {
497
498 function showassuredto()
499 {
500 ?>
501 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
502 <tr>
503 <td colspan="8" class="title"><?=_("Assurance Points")?></td>
504 </tr>
505 <tr>
506 <td class="DataTD"><b><?=_("ID")?></b></td>
507 <td class="DataTD"><b><?=_("Date")?></b></td>
508 <td class="DataTD"><b><?=_("Who")?></b></td>
509 <td class="DataTD"><b><?=_("Email")?></b></td>
510 <td class="DataTD"><b><?=_("Points")?></b></td>
511 <td class="DataTD"><b><?=_("Location")?></b></td>
512 <td class="DataTD"><b><?=_("Method")?></b></td>
513 <td class="DataTD"><b><?=_("Revoke")?></b></td>
514 </tr>
515 <?
516 $query = "select * from `notary` where `to`='".intval($_GET['userid'])."'";
517 $dres = mysql_query($query);
518 $points = 0;
519 while($drow = mysql_fetch_assoc($dres))
520 {
521 $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['from'])."'"));
522 $points += $drow['points'];
523 ?>
524 <tr>
525 <td class="DataTD"><?=$drow['id']?></td>
526 <td class="DataTD"><?=sanitizeHTML($drow['date'])?></td>
527 <td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['fname'])." ".sanitizeHTML($fromuser['lname'])?></td>
528 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td>
529 <td class="DataTD"><?=intval($drow['points'])?></td>
530 <td class="DataTD"><?=sanitizeHTML($drow['location'])?></td>
531 <td class="DataTD"><?=sanitizeHTML($drow['method'])?></td>
532 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>&amp;assurance=<?=intval($drow['id'])?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a></td>
533 </tr>
534 <? } ?>
535 <tr>
536 <td class="DataTD" colspan="2"><b><?=_("Total Points")?>:</b></td>
537 <td class="DataTD"><?=$points?></td>
538 <td class="DataTD" colspan="3">&nbsp;</td>
539 </tr>
540 </table>
541 <? } ?>
542
543 <?
544 function showassuredby()
545 {
546 ?>
547 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
548 <tr>
549 <td colspan="8" class="title"><?=_("Assurance Points The User Issued")?></td>
550 </tr>
551 <tr>
552 <td class="DataTD"><b><?=_("ID")?></b></td>
553 <td class="DataTD"><b><?=_("Date")?></b></td>
554 <td class="DataTD"><b><?=_("Who")?></b></td>
555 <td class="DataTD"><b><?=_("Email")?></b></td>
556 <td class="DataTD"><b><?=_("Points")?></b></td>
557 <td class="DataTD"><b><?=_("Location")?></b></td>
558 <td class="DataTD"><b><?=_("Method")?></b></td>
559 <td class="DataTD"><b><?=_("Revoke")?></b></td>
560 </tr>
561 <?
562 $query = "select * from `notary` where `from`='".intval($_GET['userid'])."'";
563 $dres = mysql_query($query);
564 $points = 0;
565 while($drow = mysql_fetch_assoc($dres))
566 {
567 $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$drow['to']."'"));
568 $points += $drow['points'];
569 ?>
570 <tr>
571 <td class="DataTD"><?=$drow['id']?></td>
572 <td class="DataTD"><?=$drow['date']?></td>
573 <td class="DataTD"><a href="wot.php?id=9&userid=<?=$drow['to']?>"><?=$fromuser['fname']." ".$fromuser['lname']?></td>
574 <td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td>
575 <td class="DataTD"><?=$drow['points']?></td>
576 <td class="DataTD"><?=$drow['location']?></td>
577 <td class="DataTD"><?=$drow['method']?></td>
578 <td class="DataTD"><a href="account.php?id=43&userid=<?=$drow['from']?>&assurance=<?=$drow['id']?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a></td>
579 </tr>
580 <? } ?>
581 <tr>
582 <td class="DataTD" colspan="2"><b><?=_("Total Points")?>:</b></td>
583 <td class="DataTD"><?=$points?></td>
584 <td class="DataTD" colspan="3">&nbsp;</td>
585 </tr>
586 </table>
587 <? } ?>
588 <br><br>
589 <? } }
590
591 switch ($_GET['shownotary'])
592 {
593 case 'assuredto': showassuredto();
594 break;
595 case 'assuredby': showassuredby();
596 break;
597 case 'assuredto15': output_received_assurances(intval($_GET['userid']),1);
598 break;
599 case 'assuredby15': output_given_assurances(intval($_GET['userid']),1);
600 break;
601 }
602
603
604 ?>