From 2209ae9205032b393e351f9ef9744916d7b79d4f Mon Sep 17 00:00:00 2001 From: root Date: Tue, 7 Dec 2004 13:21:06 +0000 Subject: [PATCH] added admin account delete --- includes/account.php | 50 +++++++++++++++++++++++++++++++++++--- includes/account_stuff.php | 6 ++--- includes/general_stuff.php | 5 ++-- pages/account/43.php | 8 +++++- pages/account/49.php | 3 ++- pages/account/50.php | 34 ++++++++++++++++++++++++++ www/index.php | 2 +- 7 files changed, 96 insertions(+), 12 deletions(-) create mode 100644 pages/account/50.php diff --git a/includes/account.php b/includes/account.php index c6d936e..53cb3ad 100644 --- a/includes/account.php +++ b/includes/account.php @@ -45,7 +45,7 @@ $emailid = mysql_insert_id(); $body = _("Below is the link you need to open to verify your email address. Once your address is verified you will be able to start issuing certificates till your hearts' content!")."\n\n"; - $body .= "http://$hostname/verify.php?type=email&emailid=$emailid&hash=$hash\n\n"; + $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n"; $body .= _("Best regards")."\n"._("CAcert.org Support!"); mail($email, "[CAcert.org] "._("Email Probe"), $body, "From: CAcacert-Support "); @@ -366,7 +366,7 @@ $domainid = mysql_insert_id(); $body = _("Below is the link you need to open to verify your email address. Once your address is verified you will be able to start issuing certificates till your hearts' content!")."\n\n"; - $body .= "http://$hostname/verify.php?type=domain&domainid=$domainid&hash=$hash\n\n"; + $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=domain&domainid=$domainid&hash=$hash\n\n"; $body .= _("Best regards")."\n"._("CAcert.org Support!"); mail($authaddy, "[CAcert.org] "._("Email Probe"), $body, "From: CAcert-Support "); @@ -1653,7 +1653,9 @@ exit; } - if(($id == 42 || $id == 43 || $id == 44 || $oldid == 42 || $oldid == 43 || $oldid == 44) && $_SESSION['profile']['admin'] != 1) + if(($id == 42 || $id == 43 || $id == 44 || $id == 48 || $id == 49 || $id == 50 || + $oldid == 42 || $oldid == 43 || $oldid == 44 || $oldid == 48 || $oldid == 49 || $oldid == 50) && + $_SESSION['profile']['admin'] != 1) { showheader(_("My CAcert.org Account!")); echo _("You don't have access to this area."); @@ -1781,6 +1783,48 @@ } } + if($id == 50) + { + if($_GET['userid'] != "") + $_POST['userid'] = intval($_GET['userid']); + else + $_POST['userid'] = intval($_POST['userid']); + + $row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_POST['userid']."'")); + if($row['email'] == "") + $id = 42; + else + $_POST['email'] = $row['email']; + } + + if($oldid == 50) + { + $id = 43; + $_GET['userid'] = intval($_POST['userid']); + } + + if($oldid == 50 && $_POST['process'] != "") + { + $_POST['userid'] = intval($_POST['userid']); + $res = mysql_query("select * from `users` where `id`='".$_POST['userid']."'"); + if(mysql_num_rows($res) > 0) + { + $query = "update `domaincerts`,`domains` SET `domaincerts`.`revoked`=NOW() + WHERE `domaincerts`.`domid` = `domains`.`id` AND `domains`.`memid`='".$_POST['userid']."'"; + mysql_query($query); + $query = "update `domains` SET `deleted`=NOW() WHERE `domains`.`memid`='".$_POST['userid']."'"; + mysql_query($query); + $query = "update `emailcerts` SET `revoked`=NOW() WHERE `memid`='".$_POST['userid']."'"; + mysql_query($query); + $query = "update `email` SET `deleted`=NOW() WHERE `memid`='".$_POST['userid']."'"; + mysql_query($query); + $query = "delete from `org` WHERE `memid`='".$_POST['userid']."'"; + mysql_query($query); + $query = "update `users` SET `deleted`=NOW() WHERE `id`='".$_POST['userid']."'"; + mysql_query($query); + } + } + if(intval($cert) > 0) $_SESSION['_config']['cert'] = intval($cert); if(intval($orgid) > 0) diff --git a/includes/account_stuff.php b/includes/account_stuff.php index 4ecba58..760c4fc 100644 --- a/includes/account_stuff.php +++ b/includes/account_stuff.php @@ -15,7 +15,7 @@ function showheader($title = "CAcert.org", $title2 = "") { - global $hostname, $id, $PHP_SELF; + global $id, $PHP_SELF; $locrest = ""; if($_SESSION['profile']['ccid'] > 0) @@ -81,7 +81,8 @@ case 46: case 47: case 48: - case 49: $expand = " explode('sysadmin');"; break; + case 49: + case 50: $expand = " explode('sysadmin');"; break; case 500: case 501: case 502: @@ -202,7 +203,6 @@ function hideall() { function showfooter() { - global $hostname; ?> diff --git a/includes/general_stuff.php b/includes/general_stuff.php index 9109b22..79ccf39 100644 --- a/includes/general_stuff.php +++ b/includes/general_stuff.php @@ -17,7 +17,7 @@ if(!function_exists("showheader")) { function showheader($title = "CAcert.org", $title2 = "") { - global $hostname, $id; + global $id; ?> @@ -49,7 +49,7 @@ google_color_border = "FFFFFF"; diff --git a/pages/account/43.php b/pages/account/43.php index 3eae335..866e62f 100644 --- a/pages/account/43.php +++ b/pages/account/43.php @@ -18,6 +18,8 @@ $email = mysql_escape_string(stripslashes($_POST['email'])); $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email` where `users`.`id`=`email`.`memid` and `email`.`email` like '%$email%' + `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0 and + `users`.`verified`=1 group by `users`.`id` limit 100"; $res = mysql_query($query); if(mysql_num_rows($res) > 1) { ?> @@ -53,7 +55,7 @@ if(intval($_GET['userid']) > 0) { $id = intval($_GET['userid']); - $query = "select * from `users` where `id`='$id'"; + $query = "select * from `users` where `id`='$id' and `users`.`deleted`=0 and `users`.`verified`=1"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { @@ -96,6 +98,10 @@ : + + : + + - Q1: diff --git a/pages/account/49.php b/pages/account/49.php index 0d6de07..4ea25e5 100644 --- a/pages/account/49.php +++ b/pages/account/49.php @@ -18,7 +18,8 @@ $domain = mysql_escape_string(stripslashes($_POST['domain'])); $query = "select `users`.`id` as `id`, `domains`.`domain` as `domain` from `users`,`domains` where `users`.`id`=`domains`.`memid` and `domains`.`domain` like '%$domain%' and - `domains`.`hash`='' and `domains`.`deleted`=0 + `domains`.`hash`='' and `domains`.`deleted`=0 and `users`.`deleted`=0 and + `users`.`verified`=1 group by `users`.`id` limit 100"; $res = mysql_query($query); if(mysql_num_rows($res) > 1) { ?> diff --git a/pages/account/50.php b/pages/account/50.php new file mode 100644 index 0000000..22714f8 --- /dev/null +++ b/pages/account/50.php @@ -0,0 +1,34 @@ + + + This file is part of CAcert. + + CAcert has been released under the CAcert Source License + which can be found included with these source files or can + be downloaded from the internet from the following address: + http://www.cacert.org/src-lic.php + + CAcert is distributed WITHOUT ANY WARRANTY; without even + the implied warranty of MERCHANTABILITY or FITNESS FOR A + PARTICULAR PURPOSE. See the License for more details. +*/ ?> +
ERROR:
+
+ + + + + + + + + + + + + + +
:
Are you sure you want to delete this user, while not actually deleting the account it will completely disable it and revoke any/all certificates currently issued.
"> ">
+ + +
diff --git a/www/index.php b/www/index.php index 39a381d..4b1be12 100644 --- a/www/index.php +++ b/www/index.php @@ -303,7 +303,7 @@ $emailid = mysql_insert_id(); $body = _("Thanks for signing up with CAcert.org, below is the link you need to open to verify your account. Once your account is verified you will be able to start issuing certificates till your hearts' content!")."\n\n"; - $body .= "http://$hostname/verify.php?type=email&emailid=$emailid&hash=$hash\n\n"; + $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n"; $body .= _("Best regards")."\n"._("CAcert.org Support!"); mail($_SESSION['signup']['email'], "[CAcert.org] "._("Mail Probe"), $body, "From: CAcert-Support ");