diff --git a/www/wot.php b/www/wot.php index 5f36c90..e682358 100644 --- a/www/wot.php +++ b/www/wot.php @@ -26,6 +26,8 @@ if(array_key_exists('location',$_POST) && $_POST['location'] != "") $_SESSION['_config']['location'] = $_POST['location']; + $oldid=array_key_exists('oldid',$_REQUEST)?intval($_REQUEST['oldid']):0; + if($oldid == 12) { $id = $oldid; @@ -41,11 +43,11 @@ if($oldid == 6 && intval($_SESSION['_config']['notarise']['id']) <= 0) { - unset($oldid); + $oldid=0; $id = 5; } - if($oldid == 5 && $_POST['reminder'] != "") + if($oldid == 5 && array_key_exists('reminder',$_POST) && $_POST['reminder'] != "") { $body = ""; if($_POST['reminder-lang'] != "" && $_POST['reminder-lang'] != "en_AU") @@ -80,7 +82,7 @@ $_SESSION['_config']['error'] = _("A reminder notice has been sent."); $id = $oldid; - unset($oldid); + $oldid=0; } if($oldid == 5) @@ -91,7 +93,7 @@ if(mysql_num_rows($res) != 1) { $id = $oldid; - unset($oldid); + $oldid=0; $_SESSION['_config']['error'] = _("I'm sorry, there was no email matching what you entered in the system. Please double check your information."); $_SESSION['_config']['noemailfound'] = 1; } else { @@ -101,7 +103,7 @@ if($oldid == 5 || $oldid == 6) { - if($_REQUEST['cancel'] != "") + if(array_key_exists('cancel',$_REQUEST) && $_REQUEST['cancel'] != "") { header("location: wot.php"); exit; @@ -110,7 +112,7 @@ if($_SESSION['_config']['notarise']['id'] == $_SESSION['profile']['id']) { $id = 5; - unset($oldid); + $oldid=0; $_SESSION['_config']['error'] = _("You are never allowed to Assure yourself!"); } } @@ -124,7 +126,7 @@ if(mysql_num_rows($res) > 0 && $_SESSION['profile']['points'] < 200) { $id = 5; - unset($oldid); + $oldid=0; $_SESSION['_config']['error'] = _("You are only allowed to Assure someone once!"); } elseif($oldid == 5) { $id = 6; @@ -153,17 +155,17 @@ if($oldid == 6) { - if($_POST['assertion'] != 1 || $_POST['rules'] != 1) + if(!array_key_exists('assertion',$_POST) || $_POST['assertion'] != 1 || !array_key_exists('rules',$_POST) || $_POST['rules'] != 1) { $id = $oldid; - unset($oldid); + $oldid=0; $_SESSION['_config']['error'] = _("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"); } if($_POST['certify'] != 1 && $_SESSION['profile']['ttpadmin'] != 1) { $id = $oldid; - unset($oldid); + $oldid=0; $_SESSION['_config']['error'] = _("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"); } } @@ -173,7 +175,7 @@ if($_POST['location'] == "") { $id = $oldid; - unset($oldid); + $oldid=0; $_SESSION['_config']['error'] = _("You failed to enter a location of your meeting."); } } @@ -187,7 +189,7 @@ if($_SESSION['_config']['wothash'] != md5($name."-".$row['dob']) || $_SESSION['_config']['wothash'] != $_REQUEST['pagehash']) { $id = $oldid; - unset($oldid); + $oldid=0; $_SESSION['_config']['error'] = _("Race condition discovered, user altered details during assurance procedure. PLEASE MAKE SURE THE NEW DETAILS BELOW MATCH THE ID DOCUMENTS."); } } @@ -195,7 +197,7 @@ if($oldid == 6 && $_REQUEST['points'] == "") { $id = $oldid; - unset($oldid); + $oldid=0; $_SESSION['_config']['error'] = _("You must enter the number of points you wish to allocate to this person."); } @@ -269,7 +271,7 @@ if(mysql_num_rows($res) > 0) { $id = $oldid; - unset($oldid); + $oldid=0; $_SESSION['_config']['error'] = _("Identical Assurance attempted, will not continue."); } } @@ -426,7 +428,7 @@ { if($_SESSION['_config']['pagehash'] != $_REQUEST['pageid']) { - unset($oldid); + $oldid=0; $id = 9; $error = _("It looks like you were trying to contact multiple people, this isn't allowed due to data security reasons."); } else { @@ -453,7 +455,7 @@ } } } elseif($oldid == 9) { - unset($oldid); + $oldid=0; $error = _("There was an error and I couldn't proceed"); $id = 9; }