cacert
/
cacert-webdb
8
0
Fork 0
Code Issues Pull Requests 7 Projects Releases 2 Wiki Activity

added admin account delete

Browse Source
pull/1/head
root 20 years ago
parent 7688bb33f1
commit 2209ae9205
7 changed files with 96 additions and 12 deletions
Show Stats Download Patch File Download Diff File

50
includes/account.php
Unescape Escape View File

@ -45,7 +45,7 @@
$emailid = mysql_insert_id(); $emailid = mysql_insert_id();
$body = _("Below is the link you need to open to verify your email address. Once your address is verified you will be able to start issuing certificates till your hearts' content!")."\n\n"; $body = _("Below is the link you need to open to verify your email address. Once your address is verified you will be able to start issuing certificates till your hearts' content!")."\n\n";
$body .= "http://$hostname/verify.php?type=email&emailid=$emailid&hash=$hash\n\n"; $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!"); $body .= _("Best regards")."\n"._("CAcert.org Support!");
mail($email, "[CAcert.org] "._("Email Probe"), $body, "From: CAcacert-Support <support@cacert.org>"); mail($email, "[CAcert.org] "._("Email Probe"), $body, "From: CAcacert-Support <support@cacert.org>");
@ -366,7 +366,7 @@
$domainid = mysql_insert_id(); $domainid = mysql_insert_id();
$body = _("Below is the link you need to open to verify your email address. Once your address is verified you will be able to start issuing certificates till your hearts' content!")."\n\n"; $body = _("Below is the link you need to open to verify your email address. Once your address is verified you will be able to start issuing certificates till your hearts' content!")."\n\n";
$body .= "http://$hostname/verify.php?type=domain&domainid=$domainid&hash=$hash\n\n"; $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=domain&domainid=$domainid&hash=$hash\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!"); $body .= _("Best regards")."\n"._("CAcert.org Support!");
mail($authaddy, "[CAcert.org] "._("Email Probe"), $body, "From: CAcert-Support <support@cacert.org>"); mail($authaddy, "[CAcert.org] "._("Email Probe"), $body, "From: CAcert-Support <support@cacert.org>");
@ -1653,7 +1653,9 @@
exit; exit;
} }
if(($id == 42 || $id == 43 || $id == 44 || $oldid == 42 || $oldid == 43 || $oldid == 44) && $_SESSION['profile']['admin'] != 1) if(($id == 42 || $id == 43 || $id == 44 || $id == 48 || $id == 49 || $id == 50 ||
$oldid == 42 || $oldid == 43 || $oldid == 44 || $oldid == 48 || $oldid == 49 || $oldid == 50) &&
$_SESSION['profile']['admin'] != 1)
{ {
showheader(_("My CAcert.org Account!")); showheader(_("My CAcert.org Account!"));
echo _("You don't have access to this area."); echo _("You don't have access to this area.");
@ -1781,6 +1783,48 @@
} }
} }
if($id == 50)
{
if($_GET['userid'] != "")
$_POST['userid'] = intval($_GET['userid']);
else
$_POST['userid'] = intval($_POST['userid']);
$row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_POST['userid']."'"));
if($row['email'] == "")
$id = 42;
else
$_POST['email'] = $row['email'];
}
if($oldid == 50)
{
$id = 43;
$_GET['userid'] = intval($_POST['userid']);
}
if($oldid == 50 && $_POST['process'] != "")
{
$_POST['userid'] = intval($_POST['userid']);
$res = mysql_query("select * from `users` where `id`='".$_POST['userid']."'");
if(mysql_num_rows($res) > 0)
{
$query = "update `domaincerts`,`domains` SET `domaincerts`.`revoked`=NOW()
WHERE `domaincerts`.`domid` = `domains`.`id` AND `domains`.`memid`='".$_POST['userid']."'";
mysql_query($query);
$query = "update `domains` SET `deleted`=NOW() WHERE `domains`.`memid`='".$_POST['userid']."'";
mysql_query($query);
$query = "update `emailcerts` SET `revoked`=NOW() WHERE `memid`='".$_POST['userid']."'";
mysql_query($query);
$query = "update `email` SET `deleted`=NOW() WHERE `memid`='".$_POST['userid']."'";
mysql_query($query);
$query = "delete from `org` WHERE `memid`='".$_POST['userid']."'";
mysql_query($query);
$query = "update `users` SET `deleted`=NOW() WHERE `id`='".$_POST['userid']."'";
mysql_query($query);
}
}
if(intval($cert) > 0) if(intval($cert) > 0)
$_SESSION['_config']['cert'] = intval($cert); $_SESSION['_config']['cert'] = intval($cert);
if(intval($orgid) > 0) if(intval($orgid) > 0)

6
includes/account_stuff.php
Unescape Escape View File

@ -15,7 +15,7 @@
function showheader($title = "CAcert.org", $title2 = "") function showheader($title = "CAcert.org", $title2 = "")
{ {
global $hostname, $id, $PHP_SELF; global $id, $PHP_SELF;
$locrest = ""; $locrest = "";
if($_SESSION['profile']['ccid'] > 0) if($_SESSION['profile']['ccid'] > 0)
@ -81,7 +81,8 @@
case 46: case 46:
case 47: case 47:
case 48: case 48:
case 49: $expand = " explode('sysadmin');"; break; case 49:
case 50: $expand = " explode('sysadmin');"; break;
case 500: case 500:
case 501: case 501:
case 502: case 502:
@ -202,7 +203,6 @@ function hideall() {
function showfooter() function showfooter()
{ {
global $hostname;
?> ?>
</div> </div>
</div> </div>

5
includes/general_stuff.php
Unescape Escape View File

@ -17,7 +17,7 @@ if(!function_exists("showheader"))
{ {
function showheader($title = "CAcert.org", $title2 = "") function showheader($title = "CAcert.org", $title2 = "")
{ {
global $hostname, $id; global $id;
?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> ?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html> <html>
@ -49,7 +49,7 @@ google_color_border = "FFFFFF";
<div id="pageNav"> <div id="pageNav">
<div class="relatedLinks"> <div class="relatedLinks">
<h3><?=_("Join CAcert.org")?></h3> <h3><?=_("Join CAcert.org")?></h3>
<a href="https://<?=$hostname?>/index.php?id=1"><?=_("Join")?></a> <a href="https://<?=$_SESSION['_config']['normalhostname']?>/index.php?id=1"><?=_("Join")?></a>
</div> </div>
<div class="relatedLinks"> <div class="relatedLinks">
<h3><?=_("My Account")?></h3> <h3><?=_("My Account")?></h3>
@ -92,7 +92,6 @@ if(!function_exists("showfooter"))
{ {
function showfooter() function showfooter()
{ {
global $hostname;
?> ?>
</div> </div>
</div> </div>

8
pages/account/43.php
Unescape Escape View File

@ -18,6 +18,8 @@
$email = mysql_escape_string(stripslashes($_POST['email'])); $email = mysql_escape_string(stripslashes($_POST['email']));
$query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email` $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email`
where `users`.`id`=`email`.`memid` and `email`.`email` like '%$email%' where `users`.`id`=`email`.`memid` and `email`.`email` like '%$email%'
`email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0 and
`users`.`verified`=1
group by `users`.`id` limit 100"; group by `users`.`id` limit 100";
$res = mysql_query($query); $res = mysql_query($query);
if(mysql_num_rows($res) > 1) { ?> if(mysql_num_rows($res) > 1) { ?>
@ -53,7 +55,7 @@
if(intval($_GET['userid']) > 0) if(intval($_GET['userid']) > 0)
{ {
$id = intval($_GET['userid']); $id = intval($_GET['userid']);
$query = "select * from `users` where `id`='$id'"; $query = "select * from `users` where `id`='$id' and `users`.`deleted`=0 and `users`.`verified`=1";
$res = mysql_query($query); $res = mysql_query($query);
if(mysql_num_rows($res) <= 0) if(mysql_num_rows($res) <= 0)
{ {
@ -96,6 +98,10 @@
<td class="DataTD"><?=_("Change Password")?>:</td> <td class="DataTD"><?=_("Change Password")?>:</td>
<td class="DataTD"><a href="account.php?id=44&userid=<?=$row['id']?>"><?=_("Change Password")?></a></td> <td class="DataTD"><a href="account.php?id=44&userid=<?=$row['id']?>"><?=_("Change Password")?></a></td>
</tr> </tr>
<tr>
<td class="DataTD"><?=_("Delete Account")?>:</td>
<td class="DataTD"><a href="account.php?id=50&userid=<?=$row['id']?>"><?=_("Delete Account")?></a></td>
</tr>
<tr> <tr>
<td class="DataTD"><?=_("Lost Password")?> - Q1:</td> <td class="DataTD"><?=_("Lost Password")?> - Q1:</td>
<td class="DataTD"><?=$row['Q1']?></td> <td class="DataTD"><?=$row['Q1']?></td>

3
pages/account/49.php
Unescape Escape View File

@ -18,7 +18,8 @@
$domain = mysql_escape_string(stripslashes($_POST['domain'])); $domain = mysql_escape_string(stripslashes($_POST['domain']));
$query = "select `users`.`id` as `id`, `domains`.`domain` as `domain` from `users`,`domains` $query = "select `users`.`id` as `id`, `domains`.`domain` as `domain` from `users`,`domains`
where `users`.`id`=`domains`.`memid` and `domains`.`domain` like '%$domain%' and where `users`.`id`=`domains`.`memid` and `domains`.`domain` like '%$domain%' and
`domains`.`hash`='' and `domains`.`deleted`=0 `domains`.`hash`='' and `domains`.`deleted`=0 and `users`.`deleted`=0 and
`users`.`verified`=1
group by `users`.`id` limit 100"; group by `users`.`id` limit 100";
$res = mysql_query($query); $res = mysql_query($query);
if(mysql_num_rows($res) > 1) { ?> if(mysql_num_rows($res) > 1) { ?>

34
pages/account/50.php
Unescape Escape View File

@ -0,0 +1,34 @@
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<? if($_SESSION['_config']['error'] != "") { ?><div color="orange">ERROR: <?=$_SESSION['_config']['error']?></div><? unset($_SESSION['_config']['error']); } ?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("Change Password")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Email")?>:</td>
<td class="DataTD"><b><?=$_POST['email']?></b></td>
</tr>
<tr>
<td class="DataTD" colspan="2">Are you sure you want to delete this user, while not actually deleting the account it will completely disable it and revoke any/all certificates currently issued.</td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="cancel" value="<?=_("No")?>"> <input type="submit" name="process" value="<?=_("Yes")?>"></td>
</tr>
</table>
<input type="hidden" name="userid" value="<?=$_POST['userid']?>">
<input type="hidden" name="oldid" value="<?=$id?>">
</form>

2
www/index.php
Unescape Escape View File

@ -303,7 +303,7 @@
$emailid = mysql_insert_id(); $emailid = mysql_insert_id();
$body = _("Thanks for signing up with CAcert.org, below is the link you need to open to verify your account. Once your account is verified you will be able to start issuing certificates till your hearts' content!")."\n\n"; $body = _("Thanks for signing up with CAcert.org, below is the link you need to open to verify your account. Once your account is verified you will be able to start issuing certificates till your hearts' content!")."\n\n";
$body .= "http://$hostname/verify.php?type=email&emailid=$emailid&hash=$hash\n\n"; $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!"); $body .= _("Best regards")."\n"._("CAcert.org Support!");
mail($_SESSION['signup']['email'], "[CAcert.org] "._("Mail Probe"), $body, "From: CAcert-Support <support@cacert.org>"); mail($_SESSION['signup']['email'], "[CAcert.org] "._("Mail Probe"), $body, "From: CAcert-Support <support@cacert.org>");

Write Preview
Loading…
Cancel
Save