diff --git a/includes/account.php b/includes/account.php index 18630fc..5d6c8b0 100644 --- a/includes/account.php +++ b/includes/account.php @@ -1731,7 +1731,7 @@ exit; } - if(($id == 42 || $id == 43 || $oldid == 42 || $oldid == 43) && $_SESSION['profile']['admin'] != 1) + if(($id == 42 || $id == 43 || $id == 44 || $oldid == 42 || $oldid == 43 || $oldid == 44) && $_SESSION['profile']['admin'] != 1) { showheader(_("My CAcert.org Account!")); echo _("You don't have access to this area."); @@ -1751,6 +1751,32 @@ unset($oldid); } + if($id == 44) + { + if($_GET['userid'] != "") + $_POST['userid'] = intval($_GET['userid']); + $row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_POST['userid']."'")); + if($row['email'] == "") + $id = 42; + else + $_POST['email'] = $row['email']; + } + + if($oldid == 44) + { + showheader(_("My CAcert.org Account!")); + if(intval($_POST['userid']) <= 0) + { + echo _("No such user found."); + } else { + mysql_query("update `users` set `password`=password('".mysql_escape_string(stripslashes($_POST['newpass']))."') where `id`='".intval($_POST['userid'])."'"); + $row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_POST['userid']."'")); + printf(_("The password for %s has been updated sucessfully in the system."), $row['email']); + } + showfooter(); + exit; + } + if(intval($cert) > 0) $_SESSION['_config']['cert'] = intval($cert); if(intval($orgid) > 0) diff --git a/includes/account_stuff.php b/includes/account_stuff.php index 8c27a99..e108356 100644 --- a/includes/account_stuff.php +++ b/includes/account_stuff.php @@ -73,7 +73,8 @@ case 34: case 35: $expand = " explode('orgadmin');"; break; case 42: - case 43: $expand = " explode('sysadmin');"; break; + case 43: + case 44: $expand = " explode('sysadmin');"; break; case 500: case 501: case 502: @@ -161,7 +162,7 @@ function hideall() {
=_("Email")?>: | =$row['email']?> | + } if(mysql_num_rows($res) >= 100) { ?> +
=_("Only the first 100 rows are displayed.")?> | +|
printf(_("%s rows displayed."), mysql_num_rows($res)); ?> | +
=_("The point is, as the current situation holds, you should be weary of anyone making decisions for you (i.e. pre-installed certificates in your browser), and you should be weary of anyone else's certificates that you install. But at the end of the day, it all boils down to trust. If an independent Certificate Authority seems to be reputable to you, and you can find evidence to support this claim, there's no reason why you shouldn't trust it any less than you implicitly trust the people who have already made mistakes.")?>
=_("Ten Risks of PKI: What You're not Being Told about Public Key Infrastructure")?> - http://www.counterpane.com/pki-risks.pdf
+=_("Ten Risks of PKI: What You're not Being Told about Public Key Infrastructure")?> - http://www.counterpane.com/pki-risks.pdf
=_("WebTrust for Certification Authorities")?> - http://www.webtrust.org/certauth.htm
=_("Erroneous Verisign Issued Digital Certificates Pose Spoofing Hazard")?> - http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-017.asp
=_("Microsoft Root Certificate Program")?> - http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/rootcert.asp
diff --git a/pages/wot/1.php b/pages/wot/1.php index b8b73c1..0e8a519 100644 --- a/pages/wot/1.php +++ b/pages/wot/1.php @@ -123,7 +123,7 @@