+
+ // This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!!
+ if(array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==true) {
+ if (!write_se_log($userid, $_SESSION['profile']['id'], 'SE view lost password information', $ticketno)) {
+ ?>
+
+
=_("Writing to the admin log failed. Can't continue.")?>
+
+
+ // --- bug-975 begin ---
+ // potential db inconsistency like in a20110804.1
+ // Admin console -> don't list user account
+ // User login -> impossible
+ // Assurer, assure someone -> user displayed
+ /* regular user account search with regular settings
+
+ --- Admin Console find user query
+ $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email`
+ where `users`.`id`=`email`.`memid` and
+ (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and
+ `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0
+ group by `users`.`id` limit 100";
+ => requirements
+ 1. email.hash = ''
+ 2. email.deleted = 0
+ 3. users.deleted = 0
+ 4. email.email = primary-email (???) or'd
+ not covered by admin console find user routine, but may block users login
+ 5. users.verified = 0|1
+ further "special settings"
+ 6. users.locked (setting displayed in display form)
+ 7. users.assurer_blocked (setting displayed in display form)
+
+ --- User login user query
+ select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
+ `password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0
+ => requirements
+ 1. users.verified = 1
+ 2. users.deleted = 0
+ 3. users.locked = 0
+ 4. users.email = primary-email
+
+ --- Assurer, assure someone find user query
+ select * from `users` where `email`='".mysql_real_escape_string(stripslashes($_POST['email']))."'
+ and `deleted`=0
+ => requirements
+ 1. users.deleted = 0
+ 2. users.email = primary-email
+
+ Admin User Assurer
+ bit Console Login assure someone
+
+ 1. email.hash = '' Yes No No
+ 2. email.deleted = 0 Yes No No
+ 3. users.deleted = 0 Yes Yes Yes
+ 4. users.verified = 1 No Yes No
+ 5. users.locked = 0 No Yes No
+ 6. users.email = prim-email No Yes Yes
+ 7. email.email = prim-email Yes No No
+
+ full usable account needs all 7 requirements fulfilled
+ so if one setting isn't set/cleared there is an inconsistency either way
+ if eg email.email is not avail, admin console cannot open user info
+ but user can login and assurer can display user info
+ if user verified is not set to 1, admin console displays user record
+ but user cannot login, but assurer can search for the user and the data displays
+
+ consistency check:
+ 1. search primary-email in users.email
+ 2. search primary-email in email.email
+ 3. userid = email.memid
+ 4. check settings from table 1. - 5.
+
+ */
+
+ $inconsistency = 0;
+ $inconsistencydisp = "";
+ $inccause = "";
+
+ // current userid intval($row['id'])
+ $query = "select `email` as `uemail`, `deleted` as `udeleted`, `verified`, `locked`
+ from `users` where `id`='".intval($row['id'])."' ";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ $uemail = $drow['uemail'];
+ $udeleted = $drow['udeleted'];
+ $uverified = $drow['verified'];
+ $ulocked = $drow['locked'];
+
+ $query = "select `hash`, `email` as `eemail` from `email`
+ where `memid`='".intval($row['id'])."' and
+ `email` ='".$uemail."' and
+ `deleted` = 0";
+ $dres = mysql_query($query);
+ if ($drow = mysql_fetch_assoc($dres)) {
+ $drow['edeleted'] = 0;
+ } else {
+ // try if there are deleted entries
+ $query = "select `hash`, `deleted` as `edeleted`, `email` as `eemail` from `email`
+ where `memid`='".intval($row['id'])."' and
+ `email` ='".$uemail."'";
+ $dres = mysql_query($query);
+ $drow = mysql_fetch_assoc($dres);
+ }
+
+ if ($drow) {
+ $eemail = $drow['eemail'];
+ $edeleted = $drow['edeleted'];
+ $ehash = $drow['hash'];
+ if ($udeleted!=0) {
+ $inconsistency += 1;
+ $inccause .= (empty($inccause)?"":" ")._("Users record set to deleted");
+ }
+ if ($uverified!=1) {
+ $inconsistency += 2;
+ $inccause .= (empty($inccause)?"":" ")._("Users record verified not set");
+ }
+ if ($ulocked!=0) {
+ $inconsistency += 4;
+ $inccause .= (empty($inccause)?"":" ")._("Users record locked set");
+ }
+ if ($edeleted!=0) {
+ $inconsistency += 8;
+ $inccause .= (empty($inccause)?"":" ")._("Email record set deleted");
+ }
+ if ($ehash!='') {
+ $inconsistency += 16;
+ $inccause .= (empty($inccause)?"":" ")._("Email record hash not unset");
+ }
+ } else {
+ $inconsistency = 32;
+ $inccause = _("Prim. email, Email record doesn't exist");
+ }
+ if ($inconsistency>0) {
+ // $inconsistencydisp = _("Yes");
+ ?>
+
+
=_("Account inconsistency")?>:
+
=$inccause?> code: =intval($inconsistency)?>
+
+
+
+ =_("Account inconsistency can cause problems in daily account operations and needs to be fixed manually through arbitration/critical team.")?>
+
- } }
+} }
if(isset($_GET['shownotary'])) {
switch($_GET['shownotary']) {
case 'assuredto':
- showassuredto();
+ showassuredto($ticketno);
break;
case 'assuredby':
- showassuredby();
+ showassuredby($ticketno);
break;
case 'assuredto15':
- output_received_assurances(intval($_GET['userid']),1);
+ output_received_assurances(intval($_GET['userid']),1,$ticketno);
break;
case 'assuredby15':
- output_given_assurances(intval($_GET['userid']),1);
+ output_given_assurances(intval($_GET['userid']),1, $ticketno);
break;
}
}
diff --git a/pages/account/44.php b/pages/account/44.php
index fd34612..718f0e0 100644
--- a/pages/account/44.php
+++ b/pages/account/44.php
@@ -14,8 +14,28 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
- if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") { ?>
@@ -34,7 +34,7 @@
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
- echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
+ echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!");
} else {
$row = mysql_fetch_assoc($res);
}
@@ -58,11 +58,11 @@
$query = "SELECT `CP`.`pass_date`, `CT`.`type_text`, `CV`.`test_text` ".
" FROM `cats_passed` AS CP, `cats_variant` AS CV, `cats_type` AS CT ".
- " WHERE `CP`.`variant_id`=`CV`.`id` AND `CV`.`type_id`=`CT`.`id` AND `CP`.`user_id` ='".(int)$user_id."'".
+ " WHERE `CP`.`variant_id`=`CV`.`id` AND `CV`.`type_id`=`CT`.`id` AND `CP`.`user_id` ='".intval($user_id)."'".
" ORDER BY `CP`.`pass_date`";
-
+
$res = mysql_query($query);
-
+
$HaveTest=0;
while($row = mysql_fetch_array($res, MYSQL_NUM))
{
@@ -71,23 +71,24 @@
}
?>
+
+ } else {
$query = 'SELECT `u`.id, `u`.`assurer`, SUM(`points`) FROM `users` AS `u`, `notary` AS `n` '.
- ' WHERE `u`.`id` = \''.(int)intval($_SESSION['profile']['id']).'\' AND `n`.`to` = `u`.`id` AND `expire` < now() '.
+ ' WHERE `u`.`id` = \''.(int)intval($_SESSION['profile']['id']).'\' AND `n`.`to` = `u`.`id` AND `expire` < now() and and `n`.`deleted` = 0'.
' GROUP BY `u`.id, `u`.`assurer`';
$res = mysql_query($query);
if (!$res) {
diff --git a/pages/account/57.php b/pages/account/57.php
index 0356eeb..9db7ccf 100644
--- a/pages/account/57.php
+++ b/pages/account/57.php
@@ -28,7 +28,7 @@
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
- echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
+ echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!");
} else {
$row = mysql_fetch_assoc($res);
?>
@@ -48,12 +48,12 @@
diff --git a/pages/account/58.php b/pages/account/58.php
index 1f6b1a0..af26b70 100644
--- a/pages/account/58.php
+++ b/pages/account/58.php
@@ -23,7 +23,7 @@ if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST)
$query = "select `users`.`fname`, `users`.`mname`, `users`.`lname` from `users` where `id`='$user_id' and `users`.`deleted`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) != 1){
- echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
+ echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!");
} else {
if ($row = mysql_fetch_assoc($res)){
$username=sanitizeHTML($row['fname']).' '.sanitizeHTML($row['mname']).' '.sanitizeHTML($row['lname']);
@@ -54,7 +54,7 @@ if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST)
}
?>
}else{
- echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
+ echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!");
}
}
}
diff --git a/pages/account/6.php b/pages/account/6.php
index 8455499..305fccb 100644
--- a/pages/account/6.php
+++ b/pages/account/6.php
@@ -25,7 +25,7 @@ if(array_key_exists('cert',$_REQUEST)) {
$query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`,
UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`,
- `emailcerts`.`expire` as `expires`,
+ `emailcerts`.`expire`,
`emailcerts`.`revoked` as `revoke`,
UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`,
`emailcerts`.`id`,
@@ -137,11 +137,11 @@ if (array_key_exists('format', $_REQUEST)) {
-
+
diff --git a/pages/wot/1.php b/pages/wot/1.php
index a45b5df..9047f27 100644
--- a/pages/wot/1.php
+++ b/pages/wot/1.php
@@ -14,9 +14,9 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-
- $res=mysql_fetch_assoc(mysql_query("select sum(acount) as summe from countries"));
+*/
+
+ $res=mysql_fetch_assoc(mysql_query("select sum(acount) as summe from countries"));
$total1 =$res['summe'];
$locid=array_key_exists('locid',$_REQUEST)?intval($_REQUEST['locid']):0;
@@ -91,7 +91,7 @@
{
$query = "select *, `users`.`id` as `id` from `users`,`notary` where `listme`='1' and
`ccid`='".$ccid."' and `regid`='".$regid."' and
- `locid`='".$locid."' and `users`.`id`=`notary`.`to`
+ `locid`='".$locid."' and `users`.`id`=`notary`.`to` and `notary`.`deleted`=0
group by `notary`.`to` HAVING SUM(`points`) >= 100 order by `points` desc";
$list = mysql_query($query);
if(mysql_num_rows($list) > 0)
@@ -104,19 +104,19 @@
-
+// the rank calculation is not adjusted to the new deletion method
$query = "SELECT `users`. *, count(*) AS `list` FROM `users`, `notary`
WHERE `users`.`id` = `notary`.`from` AND `notary`.`from` != `notary`.`to`
AND `from`='".intval($_SESSION['profile']['id'])."' GROUP BY `notary`.`from`";
@@ -36,8 +36,8 @@
WHERE `users`.`id` = `notary`.`from` AND `notary`.`from` != `notary`.`to`
GROUP BY `notary`.`from` HAVING count(*) > '$rc' ORDER BY `notary`.`when` DESC";
*/
- $query = "SELECT count(*) AS `list` FROM `users`
- inner join `notary` on `users`.`id` = `notary`.`from`
+ $query = "SELECT count(*) AS `list` FROM `users`
+ inner join `notary` on `users`.`id` = `notary`.`from`
GROUP BY `notary`.`from` HAVING count(*) > '$rc'";
$rank = mysql_num_rows(mysql_query($query)) + 1;
@@ -64,18 +64,18 @@
=_("Method")?>
- $query = "select * from `notary` where `to`='".intval($_SESSION['profile']['id'])."'";
+ $query = "select `id`, `date`, `from`, `points`, `location`, `method` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted`=0";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
- $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($row['from'])."'"));
+ $fromuser = mysql_fetch_assoc(mysql_query("select `fname`, `lname` from `users` where `id`='".intval($row['from'])."'"));
?>
diff --git a/pages/wot/15.php b/pages/wot/15.php
index cca2702..c1f3e0f 100644
--- a/pages/wot/15.php
+++ b/pages/wot/15.php
@@ -14,7 +14,7 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/
+*/
require_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
diff --git a/pages/wot/9.php b/pages/wot/9.php
index bfa7a98..a8b9413 100644
--- a/pages/wot/9.php
+++ b/pages/wot/9.php
@@ -15,9 +15,9 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
-
+
require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php');
-
+
$res = mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."' and `listme`='1'");
if(mysql_num_rows($res) <= 0)
@@ -28,9 +28,8 @@
$user = mysql_fetch_array($res);
$userlang = $user['language'];
$points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
- where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0"));
- if($points <= 0)
- {
+ where `to`='".intval($user['id'])."' and `deleted`=0 group by `to` HAVING SUM(`points`) > 0"));
+ if($points <= 0) {
echo _("Sorry, I was unable to locate that user.");
} else {
@@ -38,31 +37,31 @@
?>
if($_SESSION['_config']['error'] != "") { ?>ERROR: =$_SESSION['_config']['error']?> unset($_SESSION['_config']['error']); } ?>