cacert-webdb/pages/account/54.php

<? /*
    LibreSSL - CAcert web application
    Copyright (C) 2004-2008  CAcert Inc.

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; version 2 of the License.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
*/ ?>
<? 
	$ccid = array_key_exists('ccid',$_REQUEST)?intval($_REQUEST['ccid']):0;
	$regid = array_key_exists('regid',$_REQUEST)?intval($_REQUEST['regid']):0;
	$locid = array_key_exists('locid',$_REQUEST)?intval($_REQUEST['locid']):0;
	$name = array_key_exists('name',$_REQUEST)?mysql_escape_string($_REQUEST['name']):"";

	if($ccid > 0 && $_REQUEST['action'] == "add") { ?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
  <tr>
    <td colspan="2" class="title"><?=_("Add Region")?></td>
  </tr>
  <tr>
    <td class="DataTD"><?=_("Region")?>:</td>
    <td class="DataTD"><input type="text" name="name" value="<?=sanitizeHTML($name)?>"></td>
  </tr>
  <tr>
    <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Add")?>"></td>
  </tr>
</table>
<input type="hidden" name="action" value="add">
<input type="hidden" name="ccid" value="<?=$ccid?>">
<input type="hidden" name="oldid" value="54">
</form>
<? } if($regid > 0 && $_REQUEST['action'] == "edit") {
	$query = "select * from `regions` where `id`='$regid' order by `name`";
	$row = mysql_fetch_assoc(mysql_query($query));
	$name = $row['name'];
?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
  <tr>
    <td colspan="2" class="title"><?=_("Edit Region")?></td>
  </tr>
  <tr>
    <td class="DataTD"><?=_("Region")?>:</td>
    <td class="DataTD"><input type="text" name="name" value="<?=sanitizeHTML($name)?>"></td>
  </tr>
  <tr>
    <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td>
  </tr>
</table>
<input type="hidden" name="action" value="edit">
<input type="hidden" name="regid" value="<?=$regid?>">
<input type="hidden" name="oldid" value="54">
</form>
<? } if($regid > 0 && $_REQUEST['action'] == "add") { ?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
  <tr>
    <td colspan="2" class="title"><?=_("Add Location")?></td>
  </tr>
  <tr>
    <td class="DataTD"><?=_("Location")?>:</td>
    <td class="DataTD"><input type="text" name="name" value="<?=sanitizeHTML($name)?>"></td>
  </tr>
  <tr>
    <td class="DataTD"><?=_("Longitude")?>:</td>
    <td class="DataTD"><input type="text" name="longitude" value="<?=array_key_exists('longitude',$_REQUEST)?sanitizeHTML($_REQUEST['longitude']):""?>"></td>
  </tr>
  <tr>
    <td class="DataTD"><?=_("Latitude")?>:</td>
    <td class="DataTD"><input type="text" name="latitude" value="<?=array_key_exists('latitude',$_REQUEST)?sanitizeHTML($_REQUEST['latitude']):""?>"></td>
  </tr>
  <tr>
    <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Add")?>"></td>
  </tr>
</table>
<input type="hidden" name="action" value="add">
<input type="hidden" name="regid" value="<?=$regid?>">
<input type="hidden" name="oldid" value="54">
</form>
<? } if($locid > 0 && $_REQUEST['action'] == "edit") {
	$query = "select * from `locations` where `id`='$locid'";
	$row = mysql_fetch_assoc(mysql_query($query));

	if($name == "")
		$name = $row['name'];
	if(!array_key_exists('longitude',$_REQUEST) || $_REQUEST['longitude'] == "")
		$_REQUEST['longitude'] = $row['long'];
	if(!array_key_exists('latitude',$_REQUEST) || $_REQUEST['latitude'] == "")
		$_REQUEST['latitude'] = $row['lat'];
?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
  <tr>
    <td colspan="2" class="title"><?=_("Edit Location")?></td>
  </tr>
  <tr>
    <td class="DataTD"><?=_("Location")?>:</td>
    <td class="DataTD"><input type="text" name="name" value="<?=sanitizeHTML($name)?>"></td>
  </tr>
  <tr>
    <td class="DataTD"><?=_("Longitude")?>:</td>
    <td class="DataTD"><input type="text" name="longitude" value="<?=sanitizeHTML($_REQUEST['longitude'])?>"></td>
  </tr>
  <tr>
    <td class="DataTD"><?=_("Latitude")?>:</td>
    <td class="DataTD"><input type="text" name="latitude" value="<?=sanitizeHTML($_REQUEST['latitude'])?>"></td>
  </tr>
  <tr>
    <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td>
  </tr>
</table>
<input type="hidden" name="action" value="edit">
<input type="hidden" name="locid" value="<?=$locid?>">
<input type="hidden" name="oldid" value="54">
</form>
<? } if($locid > 0 && $_REQUEST['action'] == "aliases") {
	$query = "select * from `localias` where `locid`='".intval($locid)."'";
	$res = mysql_query($query);
	$rc = mysql_num_rows($res);
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
  <tr>
    <td colspan="2" class="title"><?=_("Location Aliases")?> - <a href="javascript:Show_Stuff()"><?=_("Add")?></a></td>
  </tr>
  <tr ID="display1">
    <td colspan="2" class="DataTD">
	<form method="post" action="account.php" ACCEPTCHARSET="utf-8">
	<?=_("Location Alias")?>: <input type="text" name="name"> <input type="submit" value="Add">
	<input type="hidden" name="action" value="alias">
	<input type="hidden" name="locid" value="<?=intval($locid)?>">
	<input type="hidden" name="oldid" value="54">
	</form>
    </td>
  </tr>
<?
	while($row = mysql_fetch_assoc($res))
	{
?>
  <tr>
    <td class="DataTD"><?=$row['name']?></td>
    <td class="DataTD"><a href="account.php?id=54&amp;locid=<?=$locid?>&amp;name=<?=($row['name'])?>&amp;action=delalias" onclick="return confirm('Are you sure you want to delete this location alias?');"><?=_("Delete")?></td>
  </tr>
<? } ?>
</table>
<script language="JavaScript" type="text/javascript">
<!--
function Show_Stuff()
{
	if (document.getElementById("display1").style.display == "none")
	{
		document.getElementById("display1").style.display = "";
	} else {
		document.getElementById("display1").style.display = "none";
	}
}

document.getElementById("display1").style.display = "none";
-->
</script>
<? } if($locid > 0 && $_REQUEST['action'] == "move") {
	$query = "select * from `locations` where `id`='$locid'";
	$row = mysql_fetch_assoc(mysql_query($query));
	$newreg = $_REQUEST['newreg'] = $row['regid'];
?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
  <tr>
    <td colspan="2" class="title"><?=_("Move Location")?></td>
  </tr>
  <tr>
    <td class="DataTD"><?=_("Location")?>:</td>
    <td class="DataTD"><?=$row['name']?></td>
  </tr>
  <tr>
    <td class="DataTD"><?=_("Set Region")?>:</td>
    <td class="DataTD"><select name="newreg">
<?
	$query = "select * from `regions` where `ccid`='".intval($row['ccid'])."' order by `name`";
	$res = mysql_query($query);
	while($row = mysql_fetch_assoc($res))
	{
		echo "<option value='".intval($row['id'])."'";
		if($_REQUEST['newreg'] == $row['id'])
			echo " selected='selected'";
		echo ">$row[name]</option>\n";
	}
?>
    </select></td>
  </tr>
  <tr>
    <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td>
  </tr>
</table>
<input type="hidden" name="action" value="move">
<input type="hidden" name="locid" value="<?=$locid?>">
<input type="hidden" name="oldid" value="54">
</form>
<? } ?>
updates 2005-12-04 21:04:05 +00:00			`<? /*`
Changed license to GPLv2 2008-04-06 19:45:09 +00:00			`LibreSSL - CAcert web application`
			`Copyright (C) 2004-2008 CAcert Inc.`
updates 2005-12-04 21:04:05 +00:00
Changed license to GPLv2 2008-04-06 19:45:09 +00:00			`This program is free software; you can redistribute it and/or modify`
			`it under the terms of the GNU General Public License as published by`
			`the Free Software Foundation; version 2 of the License.`
updates 2005-12-04 21:04:05 +00:00
Changed license to GPLv2 2008-04-06 19:45:09 +00:00			`This program is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU General Public License for more details.`
updates 2005-12-04 21:04:05 +00:00
Changed license to GPLv2 2008-04-06 19:45:09 +00:00			`You should have received a copy of the GNU General Public License`
			`along with this program; if not, write to the Free Software`
			`Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA`
updates 2005-12-04 21:04:05 +00:00			`*/ ?>`
fixes 2006-04-17 12:02:09 +00:00			`<?`
Improved register_globals 2008-09-21 16:12:04 +00:00			`$ccid = array_key_exists('ccid',$_REQUEST)?intval($_REQUEST['ccid']):0;`
			`$regid = array_key_exists('regid',$_REQUEST)?intval($_REQUEST['regid']):0;`
			`$locid = array_key_exists('locid',$_REQUEST)?intval($_REQUEST['locid']):0;`
			`$name = array_key_exists('name',$_REQUEST)?mysql_escape_string($_REQUEST['name']):"";`
fixes 2006-04-17 12:02:09 +00:00
			`if($ccid > 0 && $_REQUEST['action'] == "add") { ?>`
updates 2005-12-04 21:04:05 +00:00			`<form method="post" action="account.php">`
			`<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">`
			`<tr>`
			`<td colspan="2" class="title"><?=_("Add Region")?></td>`
			`</tr>`
			`<tr>`
			`<td class="DataTD"><?=_("Region")?>:</td>`
Added XSS protections 2008-11-23 05:01:21 +00:00			`<td class="DataTD"><input type="text" name="name" value="<?=sanitizeHTML($name)?>"></td>`
updates 2005-12-04 21:04:05 +00:00			`</tr>`
			`<tr>`
			`<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Add")?>"></td>`
			`</tr>`
			`</table>`
			`<input type="hidden" name="action" value="add">`
fixes 2006-04-17 12:02:09 +00:00			`<input type="hidden" name="ccid" value="<?=$ccid?>">`
updates 2005-12-04 21:04:05 +00:00			`<input type="hidden" name="oldid" value="54">`
			`</form>`
fixes 2006-04-17 12:02:09 +00:00			`<? } if($regid > 0 && $_REQUEST['action'] == "edit") {`
			$query = "select * from `regions` where `id`='$regid' order by `name`";
updates 2005-12-04 21:04:05 +00:00			`$row = mysql_fetch_assoc(mysql_query($query));`
fixes 2006-04-17 12:02:09 +00:00			`$name = $row['name'];`
updates 2005-12-04 21:04:05 +00:00			`?>`
			`<form method="post" action="account.php">`
			`<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">`
			`<tr>`
			`<td colspan="2" class="title"><?=_("Edit Region")?></td>`
			`</tr>`
			`<tr>`
			`<td class="DataTD"><?=_("Region")?>:</td>`
Added XSS protections 2008-11-23 05:01:21 +00:00			`<td class="DataTD"><input type="text" name="name" value="<?=sanitizeHTML($name)?>"></td>`
updates 2005-12-04 21:04:05 +00:00			`</tr>`
			`<tr>`
			`<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td>`
			`</tr>`
			`</table>`
			`<input type="hidden" name="action" value="edit">`
fixes 2006-04-17 12:02:09 +00:00			`<input type="hidden" name="regid" value="<?=$regid?>">`
updates 2005-12-04 21:04:05 +00:00			`<input type="hidden" name="oldid" value="54">`
			`</form>`
fixes 2006-04-17 12:02:09 +00:00			`<? } if($regid > 0 && $_REQUEST['action'] == "add") { ?>`
updates 2005-12-04 21:04:05 +00:00			`<form method="post" action="account.php">`
			`<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">`
			`<tr>`
			`<td colspan="2" class="title"><?=_("Add Location")?></td>`
			`</tr>`
			`<tr>`
			`<td class="DataTD"><?=_("Location")?>:</td>`
Added XSS protections 2008-11-23 05:01:21 +00:00			`<td class="DataTD"><input type="text" name="name" value="<?=sanitizeHTML($name)?>"></td>`
updates 2005-12-04 21:04:05 +00:00			`</tr>`
			`<tr>`
			`<td class="DataTD"><?=_("Longitude")?>:</td>`
Improved register_globals 2008-09-21 16:12:04 +00:00			`<td class="DataTD"><input type="text" name="longitude" value="<?=array_key_exists('longitude',$_REQUEST)?sanitizeHTML($_REQUEST['longitude']):""?>"></td>`
updates 2005-12-04 21:04:05 +00:00			`</tr>`
			`<tr>`
			`<td class="DataTD"><?=_("Latitude")?>:</td>`
Improved register_globals 2008-09-21 16:12:04 +00:00			`<td class="DataTD"><input type="text" name="latitude" value="<?=array_key_exists('latitude',$_REQUEST)?sanitizeHTML($_REQUEST['latitude']):""?>"></td>`
updates 2005-12-04 21:04:05 +00:00			`</tr>`
			`<tr>`
			`<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Add")?>"></td>`
			`</tr>`
			`</table>`
			`<input type="hidden" name="action" value="add">`
fixes 2006-04-17 12:02:09 +00:00			`<input type="hidden" name="regid" value="<?=$regid?>">`
updates 2005-12-04 21:04:05 +00:00			`<input type="hidden" name="oldid" value="54">`
			`</form>`
fixes 2006-04-17 12:02:09 +00:00			`<? } if($locid > 0 && $_REQUEST['action'] == "edit") {`
updates 2005-12-04 21:04:05 +00:00			$query = "select * from `locations` where `id`='$locid'";
			`$row = mysql_fetch_assoc(mysql_query($query));`

fixes 2006-04-17 12:02:09 +00:00			`if($name == "")`
			`$name = $row['name'];`
Improved register_globals 2008-09-21 16:12:04 +00:00			`if(!array_key_exists('longitude',$_REQUEST) \|\| $_REQUEST['longitude'] == "")`
updates 2005-12-04 21:04:05 +00:00			`$_REQUEST['longitude'] = $row['long'];`
Improved register_globals 2008-09-21 16:12:04 +00:00			`if(!array_key_exists('latitude',$_REQUEST) \|\| $_REQUEST['latitude'] == "")`
updates 2005-12-04 21:04:05 +00:00			`$_REQUEST['latitude'] = $row['lat'];`
			`?>`
			`<form method="post" action="account.php">`
			`<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">`
			`<tr>`
			`<td colspan="2" class="title"><?=_("Edit Location")?></td>`
			`</tr>`
			`<tr>`
			`<td class="DataTD"><?=_("Location")?>:</td>`
Added XSS protections 2008-11-23 05:01:21 +00:00			`<td class="DataTD"><input type="text" name="name" value="<?=sanitizeHTML($name)?>"></td>`
updates 2005-12-04 21:04:05 +00:00			`</tr>`
			`<tr>`
			`<td class="DataTD"><?=_("Longitude")?>:</td>`
Fixed XSS 2007-07-03 19:53:34 +00:00			`<td class="DataTD"><input type="text" name="longitude" value="<?=sanitizeHTML($_REQUEST['longitude'])?>"></td>`
updates 2005-12-04 21:04:05 +00:00			`</tr>`
			`<tr>`
			`<td class="DataTD"><?=_("Latitude")?>:</td>`
Fixed XSS 2007-07-03 19:53:34 +00:00			`<td class="DataTD"><input type="text" name="latitude" value="<?=sanitizeHTML($_REQUEST['latitude'])?>"></td>`
updates 2005-12-04 21:04:05 +00:00			`</tr>`
			`<tr>`
			`<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td>`
			`</tr>`
			`</table>`
			`<input type="hidden" name="action" value="edit">`
fixes 2006-04-17 12:02:09 +00:00			`<input type="hidden" name="locid" value="<?=$locid?>">`
updates 2005-12-04 21:04:05 +00:00			`<input type="hidden" name="oldid" value="54">`
			`</form>`
fixes 2006-04-17 12:02:09 +00:00			`<? } if($locid > 0 && $_REQUEST['action'] == "aliases") {`
Added XSS protections 2008-11-23 05:01:21 +00:00			$query = "select * from `localias` where `locid`='".intval($locid)."'";
update 2006-02-03 18:45:23 +00:00			`$res = mysql_query($query);`
			`$rc = mysql_num_rows($res);`
			`?>`
			`<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">`
			`<tr>`
			`<td colspan="2" class="title"><?=_("Location Aliases")?> - <a href="javascript:Show_Stuff()"><?=_("Add")?></a></td>`
			`</tr>`
			`<tr ID="display1">`
			`<td colspan="2" class="DataTD">`
			`<form method="post" action="account.php" ACCEPTCHARSET="utf-8">`
			`<?=_("Location Alias")?>: <input type="text" name="name"> <input type="submit" value="Add">`
			`<input type="hidden" name="action" value="alias">`
Added XSS protections 2008-11-23 05:01:21 +00:00			`<input type="hidden" name="locid" value="<?=intval($locid)?>">`
update 2006-02-03 18:45:23 +00:00			`<input type="hidden" name="oldid" value="54">`
			`</form>`
			`</td>`
			`</tr>`
			`<?`
			`while($row = mysql_fetch_assoc($res))`
			`{`
			`?>`
			`<tr>`
			`<td class="DataTD"><?=$row['name']?></td>`
Removed too many sanitizing 2008-09-03 18:36:16 +00:00			`<td class="DataTD"><a href="account.php?id=54&locid=<?=$locid?>&name=<?=($row['name'])?>&action=delalias" onclick="return confirm('Are you sure you want to delete this location alias?');"><?=_("Delete")?></td>`
update 2006-02-03 18:45:23 +00:00			`</tr>`
			`<? } ?>`
			`</table>`
			`<script language="JavaScript" type="text/javascript">`
			`<!--`
			`function Show_Stuff()`
			`{`
			`if (document.getElementById("display1").style.display == "none")`
			`{`
			`document.getElementById("display1").style.display = "";`
			`} else {`
			`document.getElementById("display1").style.display = "none";`
			`}`
			`}`

			`document.getElementById("display1").style.display = "none";`
			`-->`
			`</script>`
fixes 2006-04-17 12:02:09 +00:00			`<? } if($locid > 0 && $_REQUEST['action'] == "move") {`
updates 2005-12-04 21:04:05 +00:00			$query = "select * from `locations` where `id`='$locid'";
			`$row = mysql_fetch_assoc(mysql_query($query));`
bug fix 2006-08-07 21:29:09 +00:00			`$newreg = $_REQUEST['newreg'] = $row['regid'];`
updates 2005-12-04 21:04:05 +00:00			`?>`
			`<form method="post" action="account.php">`
			`<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">`
			`<tr>`
			`<td colspan="2" class="title"><?=_("Move Location")?></td>`
			`</tr>`
			`<tr>`
			`<td class="DataTD"><?=_("Location")?>:</td>`
			`<td class="DataTD"><?=$row['name']?></td>`
			`</tr>`
			`<tr>`
			`<td class="DataTD"><?=_("Set Region")?>:</td>`
			`<td class="DataTD"><select name="newreg">`
			`<?`
Improved register_globals 2008-09-03 17:43:31 +00:00			$query = "select * from `regions` where `ccid`='".intval($row['ccid'])."' order by `name`";
updates 2005-12-04 21:04:05 +00:00			`$res = mysql_query($query);`
			`while($row = mysql_fetch_assoc($res))`
			`{`
Improved register_globals 2008-09-03 17:43:31 +00:00			`echo "<option value='".intval($row['id'])."'";`
updates 2005-12-04 21:04:05 +00:00			`if($_REQUEST['newreg'] == $row['id'])`
Improved register_globals 2008-09-03 17:43:31 +00:00			`echo " selected='selected'";`
updates 2005-12-04 21:04:05 +00:00			`echo ">$row[name]</option>\n";`
			`}`
			`?>`
			`</select></td>`
			`</tr>`
			`<tr>`
			`<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td>`
			`</tr>`
			`</table>`
			`<input type="hidden" name="action" value="move">`
fixes 2006-04-17 12:02:09 +00:00			`<input type="hidden" name="locid" value="<?=$locid?>">`
updates 2005-12-04 21:04:05 +00:00			`<input type="hidden" name="oldid" value="54">`
			`</form>`
			`<? } ?>`