cacert/cacert-webdb
9
0
Fork 0
Code Issues Pull requests 3 Projects Releases 4 Wiki Activity

Combined fixes for

Browse source 
- https://bugs.cacert.org/view.php?id=413
  "Add a web page indicating the certificate request is still pending"
- https://bugs.cacert.org/view.php?id=1138
  "Implement to log the SE activity"
- https://bugs.cacert.org/view.php?id=1221
  "Inconsistency in Assurance Management"
This commit is contained in:
Wytze van der Raay 2014-06-07 09:15:39 +00:00
parent 81932bfd0a
commit 843bbeb8c0
19 changed files with 1245 additions and 1051 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
pages/account/12.php
View file

@ -19,7 +19,7 @@
<form method="post" action="account.php"> <form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr> <tr>
<td colspan="8" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=12&amp;viewall=<?=!$viewall?>"><?=$viewall?_("Hide old certificates"):_("View all certificates")?></a></td> <td colspan="8" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=12&amp;viewall=<?=intval(!$viewall)?>"><?=$viewall?_("Hide old certificates"):_("View all certificates")?></a></td>
</tr> </tr>
<tr> <tr>
<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
@ -34,17 +34,20 @@
$query = "select UNIX_TIMESTAMP(`domaincerts`.`created`) as `created`, $query = "select UNIX_TIMESTAMP(`domaincerts`.`created`) as `created`,
UNIX_TIMESTAMP(`domaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`, UNIX_TIMESTAMP(`domaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired`, UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired`,
`domaincerts`.`expire` as `expires`, `revoked` as `revoke`, `domaincerts`.`expire`,
UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`serial`, `domaincerts`.`id` as `id`, `domaincerts`.`revoked` as `revoke`,
UNIX_TIMESTAMP(`revoked`) as `revoked`,
if (`domaincerts`.`expire`=0,CURRENT_TIMESTAMP(),`domaincerts`.`modified`) as `modified`,
`CN`, `domaincerts`.`serial`, `domaincerts`.`id` as `id`,
`domaincerts`.`description` `domaincerts`.`description`
from `domaincerts`,`domains` from `domaincerts`,`domains`
where `memid`='".intval($_SESSION['profile']['id'])."' and `domaincerts`.`domid`=`domains`.`id` "; where `memid`='".intval($_SESSION['profile']['id'])."' and `domaincerts`.`domid`=`domains`.`id` ";
if($viewall != 1) if($viewall != 1)
{ {
$query .= "AND `revoked`=0 AND `renewed`=0 "; $query .= "AND `revoked`=0 AND `renewed`=0 ";
$query .= "HAVING `timeleft` > 0 "; $query .= "HAVING `timeleft` > 0 or `expire` = 0 ";
} }
$query .= "ORDER BY `domaincerts`.`modified` desc"; $query .= "ORDER BY `modified` desc";
//echo $query."<br>\n"; //echo $query."<br>\n";
$res = mysql_query($query); $res = mysql_query($query);
if(mysql_num_rows($res) <= 0) if(mysql_num_rows($res) <= 0)
@ -69,24 +72,24 @@
?> ?>
<tr> <tr>
<? if($verified != _("Pending") && $verified != _("Revoked")) { ?> <? if($verified != _("Pending") && $verified != _("Revoked")) { ?>
<td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"/></td> <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=intval($row['id'])?>"/></td>
<? } else if($verified != _("Revoked")) { ?> <? } else if($verified != _("Revoked")) { ?>
<td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"/></td> <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=intval($row['id'])?>"/></td>
<? } else { ?> <? } else { ?>
<td class="DataTD">&nbsp;</td> <td class="DataTD">&nbsp;</td>
<? } ?> <? } ?>
<td class="DataTD"><?=$verified?></td> <td class="DataTD"><?=$verified?></td>
<td class="DataTD"><a href="account.php?id=15&amp;cert=<?=$row['id']?>"><?=$row['CN']?></a></td> <td class="DataTD"><a href="account.php?id=15&amp;cert=<?=intval($row['id'])?>"><?=htmlspecialchars($row['CN'])?></a></td>
<td class="DataTD"><?=$row['serial']?></td> <td class="DataTD"><?=$row['serial']?></td>
<td class="DataTD"><?=$row['revoke']?></td> <td class="DataTD"><?=$row['revoke']?></td>
<td class="DataTD"><?=$row['expires']?></td> <td class="DataTD"><?=$row['expire']?></td>
<td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td> <td class="DataTD"><input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
<td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td> <td class="DataTD"><input type="checkbox" name="check_comment_<?=intval($row['id'])?>" /></td>
</tr> </tr>
<? } ?> <? } ?>
<tr> <tr>
<td class="DataTD" colspan="8"> <td class="DataTD" colspan="8">
<a href="account.php?id=12&amp;viewall=<?=!$viewall?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a> <a href="account.php?id=12&amp;viewall=<?=intval(!$viewall)?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a>
</td> </td>
</tr> </tr>
<tr> <tr>
@ -104,6 +107,6 @@
<td class="DataTD" colspan="8"><?=_("From here you can delete pending requests, or revoke valid certificates.")?></td> <td class="DataTD" colspan="8"><?=_("From here you can delete pending requests, or revoke valid certificates.")?></td>
</tr> </tr>
</table> </table>
<input type="hidden" name="oldid" value="<?=$id?>"/> <input type="hidden" name="oldid" value="<?=intval($id)?>"/>
<input type="hidden" name="csrf" value="<?=make_csrf('srvcerchange')?>"/> <input type="hidden" name="csrf" value="<?=make_csrf('srvcerchange')?>"/>
</form> </form>

23
pages/account/13.php
View file

@ -52,22 +52,22 @@
<? if($_SESSION['profile']['points'] == 0) { ?> <? if($_SESSION['profile']['points'] == 0) { ?>
<tr> <tr>
<td class="DataTD" width="125"><?=_("First Name")?>: </td> <td class="DataTD" width="125"><?=_("First Name")?>: </td>
<td class="DataTD" width="125"><input type="text" name="fname" value="<?=$user['fname']?>"></td> <td class="DataTD" width="125"><input type="text" name="fname" value="<?=sanitizeHTML($user['fname'])?>"></td>
</tr> </tr>
<tr> <tr>
<td class="DataTD" valign="top"><?=_("Middle Name(s)")?><br> <td class="DataTD" valign="top"><?=_("Middle Name(s)")?><br>
(<?=_("optional")?>) (<?=_("optional")?>)
</td> </td>
<td class="DataTD"><input type="text" name="mname" value="<?=$user['mname']?>"></td> <td class="DataTD"><input type="text" name="mname" value="<?=sanitizeHTML($user['mname'])?>"></td>
</tr> </tr>
<tr> <tr>
<td class="DataTD"><?=_("Last Name")?>: </td> <td class="DataTD"><?=_("Last Name")?>: </td>
<td class="DataTD"><input type="text" name="lname" value="<?=$user['lname']?>"></td> <td class="DataTD"><input type="text" name="lname" value="<?=sanitizeHTML($user['lname'])?>"></td>
</tr> </tr>
<tr> <tr>
<td class="DataTD"><?=_("Suffix")?><br> <td class="DataTD"><?=_("Suffix")?><br>
(<?=_("optional")?>)</td> (<?=_("optional")?>)</td>
<td class="DataTD"><input type="text" name="suffix" value="<?=$user['suffix']?>"></td> <td class="DataTD"><input type="text" name="suffix" value="<?=sanitizeHTML($user['suffix'])?>"></td>
</tr> </tr>
<tr> <tr>
<td class="DataTD"><?=_("Date of Birth")?><br> <td class="DataTD"><?=_("Date of Birth")?><br>
@ -100,22 +100,22 @@
<? } else { ?> <? } else { ?>
<tr> <tr>
<td class="DataTD" width="125"><?=_("First Name")?>: </td> <td class="DataTD" width="125"><?=_("First Name")?>: </td>
<td class="DataTD" width="125"><?=$user['fname']?></td> <td class="DataTD" width="125"><?=sanitizeHTML($user['fname'])?></td>
</tr> </tr>
<tr> <tr>
<td class="DataTD" valign="top"><?=_("Middle Name(s)")?><br> <td class="DataTD" valign="top"><?=_("Middle Name(s)")?><br>
(<?=_("optional")?>) (<?=_("optional")?>)
</td> </td>
<td class="DataTD"><?=$user['mname']?></td> <td class="DataTD"><?=sanitizeHTML($user['mname'])?></td>
</tr> </tr>
<tr> <tr>
<td class="DataTD"><?=_("Last Name")?>: </td> <td class="DataTD"><?=_("Last Name")?>: </td>
<td class="DataTD"><?=$user['lname']?></td> <td class="DataTD"><?=sanitizeHTML($user['lname'])?></td>
</tr> </tr>
<tr> <tr>
<td class="DataTD"><?=_("Suffix")?><br> <td class="DataTD"><?=_("Suffix")?><br>
(<?=_("optional")?>)</td> (<?=_("optional")?>)</td>
<td class="DataTD"><?=$user['suffix']?></td> <td class="DataTD"><?=sanitizeHTML($user['suffix'])?></td>
</tr> </tr>
<tr> <tr>
<td class="DataTD"><?=_("Date of Birth")?><br> <td class="DataTD"><?=_("Date of Birth")?><br>
@ -124,7 +124,10 @@
</tr> </tr>
<? } ?> <? } ?>
<tr> <tr>
<td colspan="2" class="title"><a href="account.php?id=13&amp;showdetails=<?=!$showdetails?>"><?=_("View secret question & answers and OTP phrases")?></a></td> <td colspan="2" class="title"><a href="account.php?id=59&amp;oldid=13&amp;userid=<?=intval($_SESSION['profile']['id'])?>"><?=_('Show account history')?></a></td>
</tr>
<tr>
<td colspan="2" class="title"><a href="account.php?id=13&amp;showdetails=<?=intval(!$showdetails)?>"><?=_("View secret question & answers and OTP phrases")?></a></td>
</tr> </tr>
<? if($showdetails){ ?> <? if($showdetails){ ?>
<tr> <tr>
@ -167,5 +170,5 @@
</tr> </tr>
</table> </table>
<input type="hidden" name="csrf" value="<?=make_csrf('perschange')?>" /> <input type="hidden" name="csrf" value="<?=make_csrf('perschange')?>" />
<input type="hidden" name="oldid" value="<?=$id?>"> <input type="hidden" name="oldid" value="<?=intval($id)?>">
</form> </form>

2
pages/account/16.php
View file

@ -42,7 +42,7 @@
</tr> </tr>
<tr> <tr>
<td class="DataTD"><?=_("Department")?>:</td> <td class="DataTD"><?=_("Department")?>:</td>
<td class="DataTD"><input type="text" name="OU" value="<?=array_key_exists('OU',$_SESSION['_config'])?($_SESSION['_config']['OU']):''?>"/></td> <td class="DataTD"><input type="text" name="OU" value="<?=array_key_exists('OU',$_SESSION['_config'])?(sanitizeHTML($_SESSION['_config']['OU'])):''?>"/></td>
</tr> </tr>
<tr> <tr>
<td class="DataTD" colspan="2" align="left"> <td class="DataTD" colspan="2" align="left">

9
pages/account/18.php
View file

@ -79,6 +79,7 @@ $status = array_key_exists('status',$_SESSION['_config']) ? intval($_SESSION['_c
UNIX_TIMESTAMP(`oemail`.`expire`) as `expired`, UNIX_TIMESTAMP(`oemail`.`expire`) as `expired`,
`oemail`.`expire` as `expires`, `oemail`.`revoked` as `revoke`, `oemail`.`expire` as `expires`, `oemail`.`revoked` as `revoke`,
UNIX_TIMESTAMP(`oemail`.`revoked`) as `revoked`, UNIX_TIMESTAMP(`oemail`.`revoked`) as `revoked`,
if (`oemail`.`expire`=0,CURRENT_TIMESTAMP(),`oemail`.`modified`) as `modified`,
`oemail`.`CN`, `oemail`.`serial`, `oemail`.`id`, `oemail`.`CN`, `oemail`.`serial`, `oemail`.`id`,
`oemail`.`description`, `oemail`.`ou`, `orginfo`.`O` `oemail`.`description`, `oemail`.`ou`, `orginfo`.`O`
from `orgemailcerts` as `oemail`, `org`, `orginfo` from `orgemailcerts` as `oemail`, `org`, `orginfo`
@ -92,17 +93,17 @@ $status = array_key_exists('status',$_SESSION['_config']) ? intval($_SESSION['_c
if(0==$status) if(0==$status)
{ {
$query .= "AND `oemail`.`revoked`=0 AND `oemail`.`renewed`=0 "; $query .= "AND `oemail`.`revoked`=0 AND `oemail`.`renewed`=0 ";
$query .= "HAVING `timeleft` > 0 AND `revoked`=0 "; $query .= "HAVING `timeleft` > 0 AND `revoked`=0 or `expires` = 0 ";
} }
switch ($sorting){ switch ($sorting){
case 0: case 0:
$query .= "ORDER BY `orginfo`.`O`, `oemail`.`expire` desc"; $query .= "ORDER BY `orginfo`.`O`, `modified` desc";
break; break;
case 1: case 1:
$query .= "ORDER BY `orginfo`.`O`, `oemail`.`ou`, `oemail`.`expire` desc"; $query .= "ORDER BY `orginfo`.`O`, `oemail`.`ou`, `modified` desc";
break; break;
case 2: case 2:
$query .= "ORDER BY `orginfo`.`O`, `oemail`.`CN`, `oemail`.`expire` desc"; $query .= "ORDER BY `orginfo`.`O`, `oemail`.`CN`, `modified` desc";
break; break;
} }
$res = mysql_query($query); $res = mysql_query($query);

4
pages/account/21.php
View file

@ -41,7 +41,7 @@ if (is_array($_SESSION['_config']['altrows'])) {
} }
echo _("Organisation"), ": {$org['O']}<br>\n"; echo _("Organisation"), ": {$org['O']}<br>\n";
echo _("Org. Unit"), ": {$_SESSION['_config']['OU']}<br>\n"; echo _("Org. Unit"), ": ", sanitizeHTML($_SESSION['_config']['OU']), "<br>\n";
echo _("Location"), ": {$org['L']}<br>\n"; echo _("Location"), ": {$org['L']}<br>\n";
echo _("State/Province"), ": {$org['ST']}<br>\n"; echo _("State/Province"), ": {$org['ST']}<br>\n";
echo _("Country"), ": {$org['C']}<br>\n"; echo _("Country"), ": {$org['C']}<br>\n";
@ -52,7 +52,7 @@ echo _("Country"), ": {$org['C']}<br>\n";
<input type="submit" name="process" value="<?=_("Submit")?>"> <input type="submit" name="process" value="<?=_("Submit")?>">
<input type="hidden" name="oldid" value="<?=$id?>"> <input type="hidden" name="oldid" value="<?=$id?>">
</p> </p>
<? <?
if ($_SESSION['profile']['admin'] == 1) { if ($_SESSION['profile']['admin'] == 1) {
?> ?>

10
pages/account/22.php
View file

@ -78,7 +78,9 @@ $status = array_key_exists('dstatus',$_SESSION['_config']) ? intval($_SESSION['_
UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`, UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) as `expired`, UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) as `expired`,
`orgdomaincerts`.`expire` as `expires`, `revoked` as `revoke`, `orgdomaincerts`.`expire` as `expires`, `revoked` as `revoke`,
UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, UNIX_TIMESTAMP(`orgdomaincerts`.`revoked`) as `revoked`,
if (`orgdomaincerts`.`expire`=0,CURRENT_TIMESTAMP(),`orgdomaincerts`.`modified`) as `modified`,
`CN`,
`orgdomaincerts`.`serial`, `orgdomaincerts`.`serial`,
`orgdomaincerts`.`id` as `id`, `orgdomaincerts`.`id` as `id`,
`orgdomaincerts`.`description`, `orginfo`.`O` `orgdomaincerts`.`description`, `orginfo`.`O`
@ -94,14 +96,14 @@ $status = array_key_exists('dstatus',$_SESSION['_config']) ? intval($_SESSION['_
if(0==$status) if(0==$status)
{ {
$query .= "AND `revoked`=0 AND `renewed`=0 "; $query .= "AND `revoked`=0 AND `renewed`=0 ";
$query .= "HAVING `timeleft` > 0 "; $query .= "HAVING `timeleft` > 0 or `expires` = 0 ";
} }
switch ($sorting){ switch ($sorting){
case 0: case 0:
$query .= "ORDER BY `orginfo`.`O`, `orgdomaincerts`.`expire` desc"; $query .= "ORDER BY `orginfo`.`O`, `modified` desc";
break; break;
case 1: case 1:
$query .= "ORDER BY `orginfo`.`O`, `orgdomaincerts`.`CN`, `orgdomaincerts`.`expire` desc"; $query .= "ORDER BY `orginfo`.`O`, `orgdomaincerts`.`CN`, `modified` desc";
break; break;
} }

1885
pages/account/43.php
View file

File diff suppressed because it is too large Load diff

27
pages/account/44.php
View file

@ -14,8 +14,28 @@
You should have received a copy of the GNU General Public License You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?> */
<? if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") { ?><div color="orange">ERROR: <?=$_SESSION['_config']['error']?></div><? unset($_SESSION['_config']['error']); } ?>
if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") {
?>
<div style="color: orange;">ERROR: <?=$_SESSION['_config']['error']?></div>
<?
unset($_SESSION['_config']['error']);
}
$ticketno = "";
if (array_key_exists('ticketno', $_SESSION)) {
$ticketno = $_SESSION['ticketno'];
}
if (!valid_ticket_number($ticketno)) {
printf(_("I'm sorry, you did not enter a ticket number! %s You cannot reset the password."), '<br/>');
echo '<br/><a href="account.php?id=43&amp;userid='.intval($_REQUEST['userid']).'">'._('Back to previous page.').'</a>';
showfooter();
exit;
}
?>
<form method="post" action="account.php"> <form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr> <tr>
@ -34,5 +54,6 @@
</tr> </tr>
</table> </table>
<input type="hidden" name="userid" value="<?=intval($_REQUEST['userid'])?>"> <input type="hidden" name="userid" value="<?=intval($_REQUEST['userid'])?>">
<input type="hidden" name="oldid" value="<?=$id?>"> <input type="hidden" name="oldid" value="<?=intval($id)?>">
<input type="hidden" name="ticketno" value="<?=sanitizeHTML($ticketno)?>"/>
</form> </form>

39
pages/account/5.php
View file

@ -19,7 +19,7 @@
<form method="post" action="account.php"> <form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr> <tr>
<td colspan="10" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&amp;viewall=<?=!$viewall?>"><?=$viewall?_("Hide old certificates"):_("View all certificates")?></a></td> <td colspan="10" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&amp;viewall=<?=intval(!$viewall)?>"><?=$viewall?_("Hide old certificates"):_("View all certificates")?></a></td>
</tr> </tr>
<tr> <tr>
<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
@ -34,23 +34,24 @@
$query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`, $query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`,
UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`, UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`, UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`,
`emailcerts`.`expire` as `expires`, `emailcerts`.`expire`,
`emailcerts`.`revoked` as `revoke`, `emailcerts`.`revoked` as `revoke`,
UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`, UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`,
if (`emailcerts`.`expire`=0,CURRENT_TIMESTAMP(),`emailcerts`.`modified`) as `modified` ,
`emailcerts`.`id`, `emailcerts`.`id`,
`emailcerts`.`CN`, `emailcerts`.`CN`,
`emailcerts`.`serial`, `emailcerts`.`serial`,
`emailcerts`.`disablelogin` as `disablelogin`, `emailcerts`.`disablelogin` as `disablelogin`,
`emailcerts`.`description` `emailcerts`.`description`
from `emailcerts` from `emailcerts`
where `emailcerts`.`memid`='".$_SESSION['profile']['id']."' where `emailcerts`.`memid`='".intval($_SESSION['profile']['id'])."'
"; ";
if($viewall != 1) if($viewall != 1)
$query .= " AND `revoked`=0 AND `renewed`=0 "; $query .= " AND `revoked`=0 AND `renewed`=0 ";
$query .= " GROUP BY `emailcerts`.`id` "; $query .= " GROUP BY `emailcerts`.`id` ";
if($viewall != 1) if($viewall != 1)
$query .= " HAVING `timeleft` > 0 "; $query .= " HAVING `timeleft` > 0 or `expire` = 0 ";
$query .= " ORDER BY `emailcerts`.`modified` desc"; $query .= " ORDER BY `modified` desc";
// echo $query."<br>\n"; // echo $query."<br>\n";
$res = mysql_query($query); $res = mysql_query($query);
if(mysql_num_rows($res) <= 0) if(mysql_num_rows($res) <= 0)
@ -75,32 +76,32 @@
?> ?>
<tr> <tr>
<? if($verified != _("Pending") && $verified != _("Revoked")) { ?> <? if($verified != _("Pending") && $verified != _("Revoked")) { ?>
<td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"></td> <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=intval($row['id'])?>"></td>
<td class="DataTD"><?=$verified?></td> <td class="DataTD"><?=$verified?></td>
<td class="DataTD"><a href="account.php?id=6&amp;cert=<?=$row['id']?>"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></a></td> <td class="DataTD"><a href="account.php?id=6&amp;cert=<?=intval($row['id'])?>"><?=(trim($row['CN'])=="" ? _("empty") : sanitizeHTML($row['CN']))?></a></td>
<? } else if($verified != _("Revoked")) { ?> <? } else if($verified != _("Revoked")) { ?>
<td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td> <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=intval($row['id'])?>"></td>
<td class="DataTD"><?=$verified?></td> <td class="DataTD"><?=$verified?></td>
<td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td> <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : sanitizeHTML($row['CN']))?></td>
<? } else { ?> <? } else { ?>
<td class="DataTD">&nbsp;</td> <td class="DataTD">&nbsp;</td>
<td class="DataTD"><?=$verified?></td> <td class="DataTD"><?=$verified?></td>
<td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td> <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : sanitizeHTML($row['CN']))?></td>
<? } ?> <? } ?>
<td class="DataTD"><?=$row['serial']?></td> <td class="DataTD"><?=sanitizeHTML($row['serial'])?></td>
<td class="DataTD"><?=$row['revoke']?></td> <td class="DataTD"><?=sanitizeHTML($row['revoke'])?></td>
<td class="DataTD"><?=$row['expires']?></td> <td class="DataTD"><?=sanitizeHTML($row['expire'])?></td>
<td class="DataTD"> <td class="DataTD">
<input type="checkbox" name="disablelogin_<?=$row['id']?>" value="1" <?=$row['disablelogin']?"":'checked="checked"'?>/> <input type="checkbox" name="disablelogin_<?=intval($row['id'])?>" value="1" <?=$row['disablelogin']?"":'checked="checked"'?>/>
<input type="hidden" name="cert_<?=$row['id']?>" value="1" /> <input type="hidden" name="cert_<?=intval($row['id'])?>" value="1" />
</td> </td>
<td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td> <td class="DataTD"><input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
<td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td> <td class="DataTD"><input type="checkbox" name="check_comment_<?=intval($row['id'])?>" /></td>
</tr> </tr>
<? } ?> <? } ?>
<tr> <tr>
<td class="DataTD" colspan="9"> <td class="DataTD" colspan="9">
<a href="account.php?id=5&amp;viewall=<?=!$viewall?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a> <a href="account.php?id=5&amp;viewall=<?=intval(!$viewall)?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a>
</td> </td>
</tr> </tr>
@ -119,7 +120,7 @@
</tr> </tr>
<? } ?> <? } ?>
</table> </table>
<input type="hidden" name="oldid" value="<?=$id?>" /> <input type="hidden" name="oldid" value="<?=intval($id)?>" />
<input type="hidden" name="csrf" value="<?=make_csrf('clicerchange')?>" /> <input type="hidden" name="csrf" value="<?=make_csrf('clicerchange')?>" />
</form> </form>
<p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p> <p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p>

107
pages/account/52.php
View file

@ -14,45 +14,51 @@
You should have received a copy of the GNU General Public License You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?> */
<? if($_SESSION['profile']['tverify'] <= 0) { echo _("You don't have access to this area."); } else { ?>
<? if($_SESSION['profile']['tverify'] <= 0) {
echo _("You don't have access to this area.");
} else {
$uid = intval($_GET['uid']); $uid = intval($_GET['uid']);
$query = "select * from `tverify` where `id`='$uid' and `modified`=0"; $query = "select * from `tverify` where `id`='".intval($uid)."' and `modified`=0";
$res = mysql_query($query); $res = mysql_query($query);
if(mysql_num_rows($res) > 0) if(mysql_num_rows($res) > 0) {
{
$row = mysql_fetch_assoc($res); $row = mysql_fetch_assoc($res);
$memid = intval($row['memid']); $memid = intval($row['memid']);
$query2 = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".intval($_SESSION['profile']['id'])."'"; $query2 = "select * from `tverify-vote` where `tverify`='".intval($uid)."' and `memid`='".intval($_SESSION['profile']['id'])."'";
$rc2 = mysql_num_rows(mysql_query($query2)); $rc2 = mysql_num_rows(mysql_query($query2));
if($rc2 > 0) if($rc2 > 0) {
{
showheader(_("My CAcert.org Account!")); showheader(_("My CAcert.org Account!"));
echo _("You have already voted on this request."); echo _("You have already voted on this request.");
showfooter(); showfooter();
exit; exit;
} }
$query = "select sum(`points`) as `points` from `notary` where `to`='$memid'"; $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($memid)."' and `deleted` = 0";
$notary = mysql_fetch_assoc(mysql_query($query)); $notary = mysql_fetch_assoc(mysql_query($query));
$query = "select * from `users` where `id`='$memid'"; $query = "select * from `users` where `id`='".intval($memid)."'";
$user = mysql_fetch_assoc(mysql_query($query)); $user = mysql_fetch_assoc(mysql_query($query));
$tobe = 50 - $notary['points']; $tobe = 50 - $notary['points'];
if($row['URL'] != '' && $row['photoid'] != '') if($row['URL'] != '' && $row['photoid'] != '') {
$tobe = 150 - $notary['points']; $tobe = 150 - $notary['points'];
else if($row['URL'] != '') } else if($row['URL'] != '') {
$tobe = 90 - $notary['points']; $tobe = 90 - $notary['points'];
if(intval($tobe) <= 0) }
if(intval($tobe) <= 0) {
$tobe = 0; $tobe = 0;
}
?> ?>
<?=_("Request Details")?>:<br> <?=_("Request Details")?>:<br>
<?=_("Name on file")?>: <?=$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix']?><br> <?=_("Name on file")?>: <?=sanitizeHTML($user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix'])?><br>
<?=_("Primary email address")?>: <?=$user['email']." (".$user['id'].")"?><br> <?=_("Primary email address")?>: <?=sanitizeHTML($user['email'])." (".intval($user['id']).")"?><br>
<?=_("Certificate Subject")?>: <?=$row['CN']?><br> <?=_("Certificate Subject")?>: <?=sanitizeHTML($row['CN'])?><br>
<? if($row['URL'] != '') { ?><?=_("Notary URL")?>: <a href="<?=$row['URL']?>"><?=$row['URL']?></a><br><? } ?> <? if($row['URL'] != '') { ?>
<? if($row['photoid'] != '') { ?><?=_("Photo ID URL")?>: <a href="/account.php?id=51&amp;photoid=<?=intval($row['id'])?>"><?=_("Here")?></a><br><? } ?> <?=_("Notary URL")?>: <a href="<?=$row['URL']?>"><?=$row['URL']?></a><br>
<? } ?>
<? if($row['photoid'] != '') { ?>
<?=_("Photo ID URL")?>: <a href="/account.php?id=51&amp;photoid=<?=intval($row['id'])?>"><?=_("Here")?></a><br>
<? } ?>
<?=_("Current Points")?>: <?=intval($notary['points'])?><br> <?=_("Current Points")?>: <?=intval($notary['points'])?><br>
<?=_("Potential Points")?>: <?=intval($tobe)?><br> <?=_("Potential Points")?>: <?=intval($tobe)?><br>
<?=_("Date of Birth")?>: <?=$user['dob']?> (YYYY-MM-DD)<br> <?=_("Date of Birth")?>: <?=$user['dob']?> (YYYY-MM-DD)<br>
@ -63,40 +69,37 @@
<input type="submit" name="agree" value="<?=_("I agree with this Application")?>"> <input type="submit" name="agree" value="<?=_("I agree with this Application")?>">
<input type="submit" name="disagree" value="<?=_("I don't agree with this Application")?>"> <input type="submit" name="disagree" value="<?=_("I don't agree with this Application")?>">
<input type="hidden" name="oldid" value="<?=intval($_GET['id'])?>"> <input type="hidden" name="oldid" value="<?=intval($_GET['id'])?>">
<input type="hidden" name="uid" value="<?=$uid?>"> <input type="hidden" name="uid" value="<?=intval($uid)?>">
</form> </form>
<? } else { <?
$query = "select * from `tverify` where `id`='$uid' and `modified`=1";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
echo _("This UID has already been voted on.")."<br/>";
} else { } else {
if($uid) echo _("Unable to locate a valid request for that UID.")."<br/>"; $query = "select * from `tverify` where `id`='".intval($uid)."' and `modified`=1";
} $res = mysql_query($query);
if(mysql_num_rows($res) > 0) {
// Search for open requests: echo _("This UID has already been voted on.")."<br/>";
$query = "select * from `tverify` where `modified`=0"; } else {
$res = mysql_query($query); if($uid) echo _("Unable to locate a valid request for that UID.")."<br/>";
if(mysql_num_rows($res) > 0) }
{
echo "<br/>"._("The following requests are still open:")."<br/><ul>"; // Search for open requests:
while($row = mysql_fetch_assoc($res)) $query = "select * from `tverify` where `modified`=0";
{ $res = mysql_query($query);
$uid=intval($row['id']); if(mysql_num_rows($res) > 0) {
$query3 = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".intval($_SESSION['profile']['id'])."'"; echo "<br/>"._("The following requests are still open:")."<br/><ul>";
$rc3 = mysql_num_rows(mysql_query($query3)); while($row = mysql_fetch_assoc($res)) {
if($rc3 <= 0) $uid=intval($row['id']);
{ $query3 = "select * from `tverify-vote` where `tverify`='".intval($uid)."' and `memid`='".intval($_SESSION['profile']['id'])."'";
echo "<li><a href='account.php?id=52&amp;uid=".intval($row['id'])."'>".intval($row['id'])."</a></li>\n"; $rc3 = mysql_num_rows(mysql_query($query3));
if($rc3 <= 0)
{
echo "<li><a href='account.php?id=52&amp;uid=".intval($row['id'])."'>".intval($row['id'])."</a></li>\n";
}
} }
} echo "</ul>\n<br>\n";
echo "</ul>\n<br>\n"; } else {
} echo "<br/>"._("There are no pending requests where you haven't voted yet.");
else }
{
echo "<br/>"._("There are no pending requests where you haven't voted yet.");
} }
}
?>
} } ?>

27
pages/account/55.php
View file

@ -23,7 +23,7 @@
<tr> <tr>
<td colspan="5" class="title"><?=_("Your passed Tests")?></td> <td colspan="5" class="title"><?=_("Your passed Tests")?></td>
</tr> </tr>
<tr> <tr>
<td class="DataTD"><?=_("The list of tests you did pass at").' <a href="https://cats.cacert.org/">https://cats.cacert.org/</a>'?></td> <td class="DataTD"><?=_("The list of tests you did pass at").' <a href="https://cats.cacert.org/">https://cats.cacert.org/</a>'?></td>
</tr> </tr>
</table> </table>
@ -34,7 +34,7 @@
$res = mysql_query($query); $res = mysql_query($query);
if(mysql_num_rows($res) <= 0) if(mysql_num_rows($res) <= 0)
{ {
echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!"); echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!");
} else { } else {
$row = mysql_fetch_assoc($res); $row = mysql_fetch_assoc($res);
} }
@ -58,11 +58,11 @@
<? <?
$query = "SELECT `CP`.`pass_date`, `CT`.`type_text`, `CV`.`test_text` ". $query = "SELECT `CP`.`pass_date`, `CT`.`type_text`, `CV`.`test_text` ".
" FROM `cats_passed` AS CP, `cats_variant` AS CV, `cats_type` AS CT ". " FROM `cats_passed` AS CP, `cats_variant` AS CV, `cats_type` AS CT ".
" WHERE `CP`.`variant_id`=`CV`.`id` AND `CV`.`type_id`=`CT`.`id` AND `CP`.`user_id` ='".(int)$user_id."'". " WHERE `CP`.`variant_id`=`CV`.`id` AND `CV`.`type_id`=`CT`.`id` AND `CP`.`user_id` ='".intval($user_id)."'".
" ORDER BY `CP`.`pass_date`"; " ORDER BY `CP`.`pass_date`";
$res = mysql_query($query); $res = mysql_query($query);
$HaveTest=0; $HaveTest=0;
while($row = mysql_fetch_array($res, MYSQL_NUM)) while($row = mysql_fetch_array($res, MYSQL_NUM))
{ {
@ -71,23 +71,24 @@
} }
?> ?>
<tr> <tr>
<td class="DataTD"><?=$row[0]?></td> <td class="DataTD"><?=sanitizeHTML($row[0])?></td>
<td class="DataTD"><?=$row[1]?></td> <td class="DataTD"><?=sanitizeHTML($row[1])?></td>
<td class="DataTD"><?=$row[2]?></td> <td class="DataTD"><?=sanitizeHTML($row[2])?></td>
</tr> </tr>
<? } <? }
?> ?>
</table> </table>
<br> <br>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr> <tr>
<? <?
if ($_SESSION['profile']['admin'] == 1 && array_key_exists('userid',$_REQUEST) && intval($_REQUEST['userid']) > 0) { if ($_SESSION['profile']['admin'] == 1 && array_key_exists('userid',$_REQUEST) && intval($_REQUEST['userid']) > 0) {
?> ?>
<tr><td colspan="3" class="DataTD"><a href="account.php?id=43&amp;userid=<?=$user_id ?>">back</a></td></tr> <tr><td colspan="3" class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($user_id)?>">back</a></td></tr>
<? } else { <?
} else {
$query = 'SELECT `u`.id, `u`.`assurer`, SUM(`points`) FROM `users` AS `u`, `notary` AS `n` '. $query = 'SELECT `u`.id, `u`.`assurer`, SUM(`points`) FROM `users` AS `u`, `notary` AS `n` '.
' WHERE `u`.`id` = \''.(int)intval($_SESSION['profile']['id']).'\' AND `n`.`to` = `u`.`id` AND `expire` < now() '. ' WHERE `u`.`id` = \''.(int)intval($_SESSION['profile']['id']).'\' AND `n`.`to` = `u`.`id` AND `expire` < now() and and `n`.`deleted` = 0'.
' GROUP BY `u`.id, `u`.`assurer`'; ' GROUP BY `u`.id, `u`.`assurer`';
$res = mysql_query($query); $res = mysql_query($query);
if (!$res) { if (!$res) {

26
pages/account/57.php
View file

@ -28,7 +28,7 @@
$res = mysql_query($query); $res = mysql_query($query);
if(mysql_num_rows($res) <= 0) if(mysql_num_rows($res) <= 0)
{ {
echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!"); echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!");
} else { } else {
$row = mysql_fetch_assoc($res); $row = mysql_fetch_assoc($res);
?> ?>
@ -48,12 +48,12 @@
<td class="DataTD"><b><?=_('Type')?></b></td> <td class="DataTD"><b><?=_('Type')?></b></td>
</tr> </tr>
<? <?
$data=get_first_user_agreement($user_id,1); $data=get_first_user_agreement($user_id, 'CCA', 1);
if (!isset($data['active'])){ if (!isset($data['active'])){
$type=''; $type='';
}else{ }else{
$type=_('active'); $type=_('active');
} }
?> ?>
<tr> <tr>
<td class="DataTD"><?=_('First active CCA')?></td> <td class="DataTD"><?=_('First active CCA')?></td>
@ -62,7 +62,7 @@
<td class="DataTD"><?=$type?></td> <td class="DataTD"><?=$type?></td>
</tr> </tr>
<? <?
$data=get_first_user_agreement($user_id,0); $data=get_first_user_agreement($user_id, 'CCA', 0);
if (!isset($data['active'])){ if (!isset($data['active'])){
$type=""; $type="";
}else{ }else{
@ -76,14 +76,14 @@
<td class="DataTD"><?=$type?></td> <td class="DataTD"><?=$type?></td>
</tr> </tr>
<? <?
$data=get_last_user_agreement($user_id); $data=get_last_user_agreement($user_id, 'CCA');
if (!isset($data['active'])){ if (!isset($data['active'])){
$type=""; $type="";
}elseif($data['active']==1){ }elseif($data['active']==1){
$type=_('active'); $type=_('active');
}else{ }else{
$type=_('passive'); $type=_('passive');
} }
?> ?>
<tr> <tr>
<td class="DataTD"><?=_('Last CCA')?></td> <td class="DataTD"><?=_('Last CCA')?></td>
@ -98,7 +98,7 @@
<? <?
if ($_SESSION['profile']['admin'] == 1 && array_key_exists('userid',$_REQUEST) && intval($_REQUEST['userid']) > 0) { if ($_SESSION['profile']['admin'] == 1 && array_key_exists('userid',$_REQUEST) && intval($_REQUEST['userid']) > 0) {
?> ?>
<tr><td colspan="3" class="DataTD"><a href="account.php?id=43&amp;userid=<?=$user_id ?>">back</a></td></tr> <tr><td colspan="3" class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($user_id)?>">back</a></td></tr>
<? } <? }
?> </table> ?> </table>
<? <?

4
pages/account/58.php
View file

@ -23,7 +23,7 @@ if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST)
$query = "select `users`.`fname`, `users`.`mname`, `users`.`lname` from `users` where `id`='$user_id' and `users`.`deleted`=0"; $query = "select `users`.`fname`, `users`.`mname`, `users`.`lname` from `users` where `id`='$user_id' and `users`.`deleted`=0";
$res = mysql_query($query); $res = mysql_query($query);
if(mysql_num_rows($res) != 1){ if(mysql_num_rows($res) != 1){
echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!"); echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!");
} else { } else {
if ($row = mysql_fetch_assoc($res)){ if ($row = mysql_fetch_assoc($res)){
$username=sanitizeHTML($row['fname']).' '.sanitizeHTML($row['mname']).' '.sanitizeHTML($row['lname']); $username=sanitizeHTML($row['fname']).' '.sanitizeHTML($row['mname']).' '.sanitizeHTML($row['lname']);
@ -54,7 +54,7 @@ if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST)
} }
?></table> ?></table>
<? }else{ <? }else{
echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!"); echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!");
} }
} }
} }

8
pages/account/6.php
View file

@ -25,7 +25,7 @@ if(array_key_exists('cert',$_REQUEST)) {
$query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`, $query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`,
UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`, UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`, UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`,
`emailcerts`.`expire` as `expires`, `emailcerts`.`expire`,
`emailcerts`.`revoked` as `revoke`, `emailcerts`.`revoked` as `revoke`,
UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`, UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`,
`emailcerts`.`id`, `emailcerts`.`id`,
@ -137,11 +137,11 @@ if (array_key_exists('format', $_REQUEST)) {
</tr> </tr>
<tr> <tr>
<td class="DataTD"><?=_("Email Address")?></td> <td class="DataTD"><?=_("Email Address")?></td>
<td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td> <td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : sanitizeHTML($row['CN']))?></td>
</tr> </tr>
<tr> <tr>
<td class="DataTD"><?=_("SerialNumber")?></td> <td class="DataTD"><?=_("SerialNumber")?></td>
<td class="DataTD"><?=$row['serial']?></td> <td class="DataTD"><?=sanitizeHTML($row['serial'])?></td>
</tr> </tr>
<tr> <tr>
<td class="DataTD"><?=_("Revoked")?></td> <td class="DataTD"><?=_("Revoked")?></td>
@ -149,7 +149,7 @@ if (array_key_exists('format', $_REQUEST)) {
</tr> </tr>
<tr> <tr>
<td class="DataTD"><?=_("Expires")?></td> <td class="DataTD"><?=_("Expires")?></td>
<td class="DataTD"><?=$row['expires']?></td> <td class="DataTD"><?=$row['expire']?></td>
</tr> </tr>
<tr> <tr>
<td class="DataTD"><?=_("Login")?></td> <td class="DataTD"><?=_("Login")?></td>

19
pages/gpg/2.php
View file

@ -30,7 +30,7 @@
$query = "select UNIX_TIMESTAMP(`issued`) as `issued`, $query = "select UNIX_TIMESTAMP(`issued`) as `issued`,
UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() as `timeleft`, UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() as `timeleft`,
UNIX_TIMESTAMP(`expire`) as `expired`, UNIX_TIMESTAMP(`expire`) as `expired`,
`expire` as `expires`, `id`, `level`, `expire`, `id`, `level`,
`email`,`keyid`,`description` from `gpg` where `memid`='".intval($_SESSION['profile']['id'])."' `email`,`keyid`,`description` from `gpg` where `memid`='".intval($_SESSION['profile']['id'])."'
ORDER BY `issued` desc"; ORDER BY `issued` desc";
$res = mysql_query($query); $res = mysql_query($query);
@ -43,6 +43,7 @@
<? } else { <? } else {
while($row = mysql_fetch_assoc($res)) while($row = mysql_fetch_assoc($res))
{ {
$verified = '';
if($row['timeleft'] > 0) if($row['timeleft'] > 0)
$verified = _("Valid"); $verified = _("Valid");
if($row['timeleft'] < 0) if($row['timeleft'] < 0)
@ -53,18 +54,18 @@
<tr> <tr>
<? if($verified == _("Valid")) { ?> <? if($verified == _("Valid")) { ?>
<td class="DataTD"><?=$verified?></td> <td class="DataTD"><?=$verified?></td>
<td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['email']?></a></td> <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td>
<? } else if($verified == _("Pending")) { ?> <? } else if($verified == _("Pending")) { ?>
<td class="DataTD"><?=$verified?></td> <td class="DataTD"><?=$verified?></td>
<td class="DataTD"><?=$row['email']?></td> <td class="DataTD"><?=sanitizeHTML($row['email'])?></td>
<? } else { ?> <? } else { ?>
<td class="DataTD"><?=$verified?></td> <td class="DataTD"><?=$verified?></td>
<td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['email']?></a></td> <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td>
<? } ?> <? } ?>
<td class="DataTD"><?=$row['expires']?></td> <td class="DataTD"><?=$row['expire']?></td>
<td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['keyid']?></a></td> <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=intval($row['id'])?>"><?=sanitizeHTML($row['keyid'])?></a></td>
<td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td> <td class="DataTD"><input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
<td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td> <td class="DataTD"><input type="checkbox" name="check_comment_<?=intval($row['id'])?>" /></td>
</tr> </tr>
<? } ?> <? } ?>
<? } ?> <? } ?>
@ -77,5 +78,5 @@
<td class="DataTD" colspan="6"><input type="submit" name="change" value="<?=_("Change settings")?>" /> </td> <td class="DataTD" colspan="6"><input type="submit" name="change" value="<?=_("Change settings")?>" /> </td>
</tr> </tr>
</table> </table>
<input type="hidden" name="oldid" value="<?=$id?>" /> <input type="hidden" name="oldid" value="<?=intval($id)?>" />
</form> </form>

22
pages/wot/1.php
View file

@ -14,9 +14,9 @@
You should have received a copy of the GNU General Public License You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?> */
<?
$res=mysql_fetch_assoc(mysql_query("select sum(acount) as summe from countries")); $res=mysql_fetch_assoc(mysql_query("select sum(acount) as summe from countries"));
$total1 =$res['summe']; $total1 =$res['summe'];
$locid=array_key_exists('locid',$_REQUEST)?intval($_REQUEST['locid']):0; $locid=array_key_exists('locid',$_REQUEST)?intval($_REQUEST['locid']):0;
@ -91,7 +91,7 @@
{ {
$query = "select *, `users`.`id` as `id` from `users`,`notary` where `listme`='1' and $query = "select *, `users`.`id` as `id` from `users`,`notary` where `listme`='1' and
`ccid`='".$ccid."' and `regid`='".$regid."' and `ccid`='".$ccid."' and `regid`='".$regid."' and
`locid`='".$locid."' and `users`.`id`=`notary`.`to` `locid`='".$locid."' and `users`.`id`=`notary`.`to` and `notary`.`deleted`=0
group by `notary`.`to` HAVING SUM(`points`) >= 100 order by `points` desc"; group by `notary`.`to` HAVING SUM(`points`) >= 100 order by `points` desc";
$list = mysql_query($query); $list = mysql_query($query);
if(mysql_num_rows($list) > 0) if(mysql_num_rows($list) > 0)
@ -104,19 +104,19 @@
<td class="title"><?=_("Contact Details")?></td> <td class="title"><?=_("Contact Details")?></td>
<td class="title"><?=_("Email Assurer")?></td> <td class="title"><?=_("Email Assurer")?></td>
<td class="title"><?=_("Assurer Challenge")?></td> <td class="title"><?=_("Assurer Challenge")?></td>
</tr> </tr>
<? while($row = mysql_fetch_assoc($list)) { ?>
<? while($row = mysql_fetch_assoc($list)) { ?>
<tr> <tr>
<td class="DataTD" width="100"><nobr><?=$row['fname']?> <?=substr($row['lname'], 0, 1)?></nobr></td> <td class="DataTD" width="100"><nobr><?=sanitizeHTML($row['fname'])?> <?=substr($row['lname'], 0, 1)?>.</nobr></td>
<td class="DataTD"><?=maxpoints($row['id'])?></td> <td class="DataTD"><?=maxpoints($row['id'])?></td>
<td class="DataTD"><?=$row['contactinfo']?></td> <td class="DataTD"><?=sanitizeHTML($row['contactinfo'])?></td>
<td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($row['id'])?>"><?=_("Email Me")?></a></td> <td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($row['id'])?>"><?=_("Email Me")?></a></td>
<td class="DataTD"><?=$row['assurer']?_("Yes"):("<font color=\"#ff0000\">"._("Not yet!")."</font>")?></td> <td class="DataTD"><?=$row['assurer']?_("Yes"):("<font color=\"#ff0000\">"._("Not yet!")."</font>")?></td>
</tr> </tr>
<? } <?
} }
}
?> ?>
</table> </table>
<br> <br>

30
pages/wot/10.php
View file

@ -24,7 +24,7 @@
<td colspan="5" class="title"><?=_("Assurer Ranking")?></td> <td colspan="5" class="title"><?=_("Assurer Ranking")?></td>
</tr> </tr>
<tr> <tr>
<? <?// the rank calculation is not adjusted to the new deletion method
$query = "SELECT `users`. *, count(*) AS `list` FROM `users`, `notary` $query = "SELECT `users`. *, count(*) AS `list` FROM `users`, `notary`
WHERE `users`.`id` = `notary`.`from` AND `notary`.`from` != `notary`.`to` WHERE `users`.`id` = `notary`.`from` AND `notary`.`from` != `notary`.`to`
AND `from`='".intval($_SESSION['profile']['id'])."' GROUP BY `notary`.`from`"; AND `from`='".intval($_SESSION['profile']['id'])."' GROUP BY `notary`.`from`";
@ -36,8 +36,8 @@
WHERE `users`.`id` = `notary`.`from` AND `notary`.`from` != `notary`.`to` WHERE `users`.`id` = `notary`.`from` AND `notary`.`from` != `notary`.`to`
GROUP BY `notary`.`from` HAVING count(*) > '$rc' ORDER BY `notary`.`when` DESC"; GROUP BY `notary`.`from` HAVING count(*) > '$rc' ORDER BY `notary`.`when` DESC";
*/ */
$query = "SELECT count(*) AS `list` FROM `users` $query = "SELECT count(*) AS `list` FROM `users`
inner join `notary` on `users`.`id` = `notary`.`from` inner join `notary` on `users`.`id` = `notary`.`from`
GROUP BY `notary`.`from` HAVING count(*) > '$rc'"; GROUP BY `notary`.`from` HAVING count(*) > '$rc'";
$rank = mysql_num_rows(mysql_query($query)) + 1; $rank = mysql_num_rows(mysql_query($query)) + 1;
@ -64,18 +64,18 @@
<td class="DataTD"><b><?=_("Method")?></b></td> <td class="DataTD"><b><?=_("Method")?></b></td>
</tr> </tr>
<? <?
$query = "select * from `notary` where `to`='".intval($_SESSION['profile']['id'])."'"; $query = "select `id`, `date`, `from`, `points`, `location`, `method` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted`=0";
$res = mysql_query($query); $res = mysql_query($query);
while($row = mysql_fetch_assoc($res)) while($row = mysql_fetch_assoc($res))
{ {
$fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($row['from'])."'")); $fromuser = mysql_fetch_assoc(mysql_query("select `fname`, `lname` from `users` where `id`='".intval($row['from'])."'"));
?> ?>
<tr> <tr>
<td class="DataTD"><?=$row['id']?></td> <td class="DataTD"><?=intval($row['id'])?></td>
<td class="DataTD"><?=$row['date']?></td> <td class="DataTD"><?=$row['date']?></td>
<td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($row['from'])?>"><?=$fromuser['fname']." ".$fromuser['lname']?></td> <td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($row['from'])?>"><?=sanitizeHTML(trim($fromuser['fname']." ".$fromuser['lname']))?></td>
<td class="DataTD"><?=$row['points']?></td> <td class="DataTD"><?=intval($row['points'])?></td>
<td class="DataTD"><?=$row['location']?></td> <td class="DataTD"><?=sanitizeHTML($row['location'])?></td>
<td class="DataTD"><?=_(sprintf("%s", $row['method']))?></td> <td class="DataTD"><?=_(sprintf("%s", $row['method']))?></td>
</tr> </tr>
<? <?
@ -114,30 +114,30 @@ if ($thawte)
</tr> </tr>
<? <?
$points = 0; $points = 0;
$query = "select * from `notary` where `from`='".intval($_SESSION['profile']['id'])."' and `to`!='".intval($_SESSION['profile']['id'])."'"; $query = "select `id`, `date`, `points`, `to`, `location`, `method` from `notary` where `from`='".intval($_SESSION['profile']['id'])."' and `to`!='".intval($_SESSION['profile']['id'])."' and `deleted`=0" ;
$res = mysql_query($query); $res = mysql_query($query);
while($row = mysql_fetch_assoc($res)) while($row = mysql_fetch_assoc($res))
{ {
$fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($row['to'])."'")); $fromuser = mysql_fetch_assoc(mysql_query("select `fname`, `lname` from `users` where `id`='".intval($row['to'])."'"));
$points += $row['points']; $points += intval($row['points']);
$name = trim($fromuser['fname']." ".$fromuser['lname']); $name = trim($fromuser['fname']." ".$fromuser['lname']);
if($name == "") if($name == "")
$name = _("Deleted before Verification"); $name = _("Deleted before Verification");
else else
$name = "<a href='wot.php?id=9&amp;userid=".intval($row['to'])."'>$name</a>"; $name = "<a href='wot.php?id=9&amp;userid=".intval($row['to'])."'>".sanitizeHTML($name)."</a>";
?> ?>
<tr> <tr>
<td class="DataTD"><?=intval($row['id'])?></td> <td class="DataTD"><?=intval($row['id'])?></td>
<td class="DataTD"><?=$row['date']?></td> <td class="DataTD"><?=$row['date']?></td>
<td class="DataTD"><?=$name?></td> <td class="DataTD"><?=$name?></td>
<td class="DataTD"><?=intval($row['points'])?></td> <td class="DataTD"><?=intval($row['points'])?></td>
<td class="DataTD"><?=$row['location']?></td> <td class="DataTD"><?=sanitizeHTML($row['location'])?></td>
<td class="DataTD"><?=$row['method']==""?"":_(sprintf("%s", $row['method']))?></td> <td class="DataTD"><?=$row['method']==""?"":_(sprintf("%s", $row['method']))?></td>
</tr> </tr>
<? } ?> <? } ?>
<tr> <tr>
<td class="DataTD" colspan="3"><b><?=_("Total Points Issued")?>:</b></td> <td class="DataTD" colspan="3"><b><?=_("Total Points Issued")?>:</b></td>
<td class="DataTD"><?=$points?></td> <td class="DataTD"><?=intval($points)?></td>
<td class="DataTD" colspan="2">&nbsp;</td> <td class="DataTD" colspan="2">&nbsp;</td>
</tr> </tr>
</table> </table>

2
pages/wot/15.php
View file

@ -14,7 +14,7 @@
You should have received a copy of the GNU General Public License You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ */
require_once($_SESSION['_config']['filepath']."/includes/notary.inc.php"); require_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");

23
pages/wot/9.php
View file

@ -15,9 +15,9 @@
along with this program; if not, write to the Free Software along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ */
require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php'); require_once($_SESSION['_config']['filepath'].'/includes/lib/l10n.php');
$res = mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."' and `listme`='1'"); $res = mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."' and `listme`='1'");
if(mysql_num_rows($res) <= 0) if(mysql_num_rows($res) <= 0)
@ -28,9 +28,8 @@
$user = mysql_fetch_array($res); $user = mysql_fetch_array($res);
$userlang = $user['language']; $userlang = $user['language'];
$points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary` $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0")); where `to`='".intval($user['id'])."' and `deleted`=0 group by `to` HAVING SUM(`points`) > 0"));
if($points <= 0) if($points <= 0) {
{
echo _("Sorry, I was unable to locate that user."); echo _("Sorry, I was unable to locate that user.");
} else { } else {
@ -38,31 +37,31 @@
?> ?>
<? if($_SESSION['_config']['error'] != "") { ?><font color="#ff0000" size="+1">ERROR: <?=$_SESSION['_config']['error']?></font><? unset($_SESSION['_config']['error']); } ?> <? if($_SESSION['_config']['error'] != "") { ?><font color="#ff0000" size="+1">ERROR: <?=$_SESSION['_config']['error']?></font><? unset($_SESSION['_config']['error']); } ?>
<form method="post" action="wot.php"> <form method="post" action="wot.php">
<input type="hidden" name="userid" value="<?=$user['id']?>"> <input type="hidden" name="userid" value="<?=intval($user['id'])?>">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr> <tr>
<td colspan="2" class="title"><?=_("Contact Assurer")?></td> <td colspan="2" class="title"><?=_("Contact Assurer")?></td>
</tr> </tr>
<tr> <tr>
<td class="DataTD"><?=_("To")?>:</td> <td class="DataTD"><?=_("To")?>:</td>
<td class="DataTD" align="left"><?=$user['fname']?> <?=substr($user['lname'], 0, 1)?></td> <td class="DataTD" align="left"><?=sanitizeHTML(trim($user['fname'].' '.substr($user['lname'], 0, 1)))?></td>
</tr> </tr>
<? if($userlang != "") { ?> <? if($userlang != "") { ?>
<tr> <tr>
<td class="DataTD"><?=_("Language")?>:</td> <td class="DataTD"><?=_("Language")?>:</td>
<td class="DataTD" align="left"><? printf(_("%s prefers to be contacted in %s"), $user['fname'], L10n::$translations[$userlang]) ?></td> <td class="DataTD" align="left"><? printf(_("%s prefers to be contacted in %s"), sanitizeHTML($user['fname']), L10n::$translations[$userlang]) ?></td>
</tr> </tr>
<? } ?> <? } ?>
<? <?
$query = "select * from `addlang` where `userid`='".$user['id']."'"; $query = "select * from `addlang` where `userid`='".intval($user['id'])."'";
$res = mysql_query($query); $res = mysql_query($query);
while($row = mysql_fetch_assoc($res)) while($row = mysql_fetch_assoc($res))
{ {
$lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='${row['lang']}'")); $lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='".mysql_real_escape_string($row['lang'])."'"));
?> ?>
<tr> <tr>
<td class="DataTD"><?=_("Additional Language")?>:</td> <td class="DataTD"><?=_("Additional Language")?>:</td>
<td class="DataTD" align="left"><? printf(_("%s will also accept email in %s - %s"), $user['fname'], $lang['lang'], $lang['country']) ?></td> <td class="DataTD" align="left"><? printf(_("%s will also accept email in %s - %s"), sanitizeHTML($user['fname']), sanitizeHTML($lang['lang']), sanitizeHTML($lang['country'])) ?></td>
</tr> </tr>
<? } ?> <? } ?>
<tr> <tr>
@ -79,7 +78,7 @@
</table> </table>
<input type="hidden" name="pageid" value="<?=$_SESSION['_config']['pagehash']?>"> <input type="hidden" name="pageid" value="<?=$_SESSION['_config']['pagehash']?>">
<input type="hidden" name="userid" value="<?=intval($_REQUEST['userid'])?>"> <input type="hidden" name="userid" value="<?=intval($_REQUEST['userid'])?>">
<input type="hidden" name="oldid" value="<?=$id?>"> <input type="hidden" name="oldid" value="<?=intval($id)?>">
</form> </form>
<p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p> <p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p>
<? } } ?> <? } } ?>