cacert
/
cacert-webdb
8
0
Fork 0
Code Issues Pull Requests 5 Projects Releases Wiki Activity

Combined fixes for

Browse Source 
- https://bugs.cacert.org/view.php?id=413
  "Add a web page indicating the certificate request is still pending"
- https://bugs.cacert.org/view.php?id=1138
  "Implement to log the SE activity"
- https://bugs.cacert.org/view.php?id=1221
  "Inconsistency in Assurance Management"
pull/1/head
Wytze van der Raay 10 years ago
parent 81932bfd0a
commit 843bbeb8c0
19 changed files with 1239 additions and 1045 deletions
Show Stats Download Patch File Download Diff File

29
pages/account/12.php
Unescape Escape View File

@ -19,7 +19,7 @@
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="8" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=12&amp;viewall=<?=!$viewall?>"><?=$viewall?_("Hide old certificates"):_("View all certificates")?></a></td>
<td colspan="8" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=12&amp;viewall=<?=intval(!$viewall)?>"><?=$viewall?_("Hide old certificates"):_("View all certificates")?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
@ -34,17 +34,20 @@
$query = "select UNIX_TIMESTAMP(`domaincerts`.`created`) as `created`,
UNIX_TIMESTAMP(`domaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
UNIX_TIMESTAMP(`domaincerts`.`expire`) as `expired`,
`domaincerts`.`expire` as `expires`, `revoked` as `revoke`,
UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`serial`, `domaincerts`.`id` as `id`,
`domaincerts`.`expire`,
`domaincerts`.`revoked` as `revoke`,
UNIX_TIMESTAMP(`revoked`) as `revoked`,
if (`domaincerts`.`expire`=0,CURRENT_TIMESTAMP(),`domaincerts`.`modified`) as `modified`,
`CN`, `domaincerts`.`serial`, `domaincerts`.`id` as `id`,
`domaincerts`.`description`
from `domaincerts`,`domains`
where `memid`='".intval($_SESSION['profile']['id'])."' and `domaincerts`.`domid`=`domains`.`id` ";
if($viewall != 1)
{
$query .= "AND `revoked`=0 AND `renewed`=0 ";
$query .= "HAVING `timeleft` > 0 ";
$query .= "HAVING `timeleft` > 0 or `expire` = 0 ";
}
$query .= "ORDER BY `domaincerts`.`modified` desc";
$query .= "ORDER BY `modified` desc";
//echo $query."<br>\n";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
@ -69,24 +72,24 @@
?>
<tr>
<? if($verified != _("Pending") && $verified != _("Revoked")) { ?>
<td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"/></td>
<td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=intval($row['id'])?>"/></td>
<? } else if($verified != _("Revoked")) { ?>
<td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"/></td>
<td class="DataTD"><input type="checkbox" name="delid[]" value="<?=intval($row['id'])?>"/></td>
<? } else { ?>
<td class="DataTD">&nbsp;</td>
<? } ?>
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><a href="account.php?id=15&amp;cert=<?=$row['id']?>"><?=$row['CN']?></a></td>
<td class="DataTD"><a href="account.php?id=15&amp;cert=<?=intval($row['id'])?>"><?=htmlspecialchars($row['CN'])?></a></td>
<td class="DataTD"><?=$row['serial']?></td>
<td class="DataTD"><?=$row['revoke']?></td>
<td class="DataTD"><?=$row['expires']?></td>
<td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
<td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
<td class="DataTD"><?=$row['expire']?></td>
<td class="DataTD"><input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
<td class="DataTD"><input type="checkbox" name="check_comment_<?=intval($row['id'])?>" /></td>
</tr>
<? } ?>
<tr>
<td class="DataTD" colspan="8">
<a href="account.php?id=12&amp;viewall=<?=!$viewall?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a>
<a href="account.php?id=12&amp;viewall=<?=intval(!$viewall)?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a>
</td>
</tr>
<tr>
@ -104,6 +107,6 @@
<td class="DataTD" colspan="8"><?=_("From here you can delete pending requests, or revoke valid certificates.")?></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>"/>
<input type="hidden" name="oldid" value="<?=intval($id)?>"/>
<input type="hidden" name="csrf" value="<?=make_csrf('srvcerchange')?>"/>
</form>

23
pages/account/13.php
Unescape Escape View File

@ -52,22 +52,22 @@
<? if($_SESSION['profile']['points'] == 0) { ?>
<tr>
<td class="DataTD" width="125"><?=_("First Name")?>: </td>
<td class="DataTD" width="125"><input type="text" name="fname" value="<?=$user['fname']?>"></td>
<td class="DataTD" width="125"><input type="text" name="fname" value="<?=sanitizeHTML($user['fname'])?>"></td>
</tr>
<tr>
<td class="DataTD" valign="top"><?=_("Middle Name(s)")?><br>
(<?=_("optional")?>)
</td>
<td class="DataTD"><input type="text" name="mname" value="<?=$user['mname']?>"></td>
<td class="DataTD"><input type="text" name="mname" value="<?=sanitizeHTML($user['mname'])?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Last Name")?>: </td>
<td class="DataTD"><input type="text" name="lname" value="<?=$user['lname']?>"></td>
<td class="DataTD"><input type="text" name="lname" value="<?=sanitizeHTML($user['lname'])?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Suffix")?><br>
(<?=_("optional")?>)</td>
<td class="DataTD"><input type="text" name="suffix" value="<?=$user['suffix']?>"></td>
<td class="DataTD"><input type="text" name="suffix" value="<?=sanitizeHTML($user['suffix'])?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Date of Birth")?><br>
@ -100,22 +100,22 @@
<? } else { ?>
<tr>
<td class="DataTD" width="125"><?=_("First Name")?>: </td>
<td class="DataTD" width="125"><?=$user['fname']?></td>
<td class="DataTD" width="125"><?=sanitizeHTML($user['fname'])?></td>
</tr>
<tr>
<td class="DataTD" valign="top"><?=_("Middle Name(s)")?><br>
(<?=_("optional")?>)
</td>
<td class="DataTD"><?=$user['mname']?></td>
<td class="DataTD"><?=sanitizeHTML($user['mname'])?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Last Name")?>: </td>
<td class="DataTD"><?=$user['lname']?></td>
<td class="DataTD"><?=sanitizeHTML($user['lname'])?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Suffix")?><br>
(<?=_("optional")?>)</td>
<td class="DataTD"><?=$user['suffix']?></td>
<td class="DataTD"><?=sanitizeHTML($user['suffix'])?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Date of Birth")?><br>
@ -124,7 +124,10 @@
</tr>
<? } ?>
<tr>
<td colspan="2" class="title"><a href="account.php?id=13&amp;showdetails=<?=!$showdetails?>"><?=_("View secret question & answers and OTP phrases")?></a></td>
<td colspan="2" class="title"><a href="account.php?id=59&amp;oldid=13&amp;userid=<?=intval($_SESSION['profile']['id'])?>"><?=_('Show account history')?></a></td>
</tr>
<tr>
<td colspan="2" class="title"><a href="account.php?id=13&amp;showdetails=<?=intval(!$showdetails)?>"><?=_("View secret question & answers and OTP phrases")?></a></td>
</tr>
<? if($showdetails){ ?>
<tr>
@ -167,5 +170,5 @@
</tr>
</table>
<input type="hidden" name="csrf" value="<?=make_csrf('perschange')?>" />
<input type="hidden" name="oldid" value="<?=$id?>">
<input type="hidden" name="oldid" value="<?=intval($id)?>">
</form>

2
pages/account/16.php
Unescape Escape View File

@ -42,7 +42,7 @@
</tr>
<tr>
<td class="DataTD"><?=_("Department")?>:</td>
<td class="DataTD"><input type="text" name="OU" value="<?=array_key_exists('OU',$_SESSION['_config'])?($_SESSION['_config']['OU']):''?>"/></td>
<td class="DataTD"><input type="text" name="OU" value="<?=array_key_exists('OU',$_SESSION['_config'])?(sanitizeHTML($_SESSION['_config']['OU'])):''?>"/></td>
</tr>
<tr>
<td class="DataTD" colspan="2" align="left">

9
pages/account/18.php
Unescape Escape View File

@ -79,6 +79,7 @@ $status = array_key_exists('status',$_SESSION['_config']) ? intval($_SESSION['_c
UNIX_TIMESTAMP(`oemail`.`expire`) as `expired`,
`oemail`.`expire` as `expires`, `oemail`.`revoked` as `revoke`,
UNIX_TIMESTAMP(`oemail`.`revoked`) as `revoked`,
if (`oemail`.`expire`=0,CURRENT_TIMESTAMP(),`oemail`.`modified`) as `modified`,
`oemail`.`CN`, `oemail`.`serial`, `oemail`.`id`,
`oemail`.`description`, `oemail`.`ou`, `orginfo`.`O`
from `orgemailcerts` as `oemail`, `org`, `orginfo`
@ -92,17 +93,17 @@ $status = array_key_exists('status',$_SESSION['_config']) ? intval($_SESSION['_c
if(0==$status)
{
$query .= "AND `oemail`.`revoked`=0 AND `oemail`.`renewed`=0 ";
$query .= "HAVING `timeleft` > 0 AND `revoked`=0 ";
$query .= "HAVING `timeleft` > 0 AND `revoked`=0 or `expires` = 0 ";
}
switch ($sorting){
case 0:
$query .= "ORDER BY `orginfo`.`O`, `oemail`.`expire` desc";
$query .= "ORDER BY `orginfo`.`O`, `modified` desc";
break;
case 1:
$query .= "ORDER BY `orginfo`.`O`, `oemail`.`ou`, `oemail`.`expire` desc";
$query .= "ORDER BY `orginfo`.`O`, `oemail`.`ou`, `modified` desc";
break;
case 2:
$query .= "ORDER BY `orginfo`.`O`, `oemail`.`CN`, `oemail`.`expire` desc";
$query .= "ORDER BY `orginfo`.`O`, `oemail`.`CN`, `modified` desc";
break;
}
$res = mysql_query($query);

2
pages/account/21.php
Unescape Escape View File

@ -41,7 +41,7 @@ if (is_array($_SESSION['_config']['altrows'])) {
}
echo _("Organisation"), ": {$org['O']}<br>\n";
echo _("Org. Unit"), ": {$_SESSION['_config']['OU']}<br>\n";
echo _("Org. Unit"), ": ", sanitizeHTML($_SESSION['_config']['OU']), "<br>\n";
echo _("Location"), ": {$org['L']}<br>\n";
echo _("State/Province"), ": {$org['ST']}<br>\n";
echo _("Country"), ": {$org['C']}<br>\n";

10
pages/account/22.php
Unescape Escape View File

@ -78,7 +78,9 @@ $status = array_key_exists('dstatus',$_SESSION['_config']) ? intval($_SESSION['_
UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
UNIX_TIMESTAMP(`orgdomaincerts`.`expire`) as `expired`,
`orgdomaincerts`.`expire` as `expires`, `revoked` as `revoke`,
UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`,
UNIX_TIMESTAMP(`orgdomaincerts`.`revoked`) as `revoked`,
if (`orgdomaincerts`.`expire`=0,CURRENT_TIMESTAMP(),`orgdomaincerts`.`modified`) as `modified`,
`CN`,
`orgdomaincerts`.`serial`,
`orgdomaincerts`.`id` as `id`,
`orgdomaincerts`.`description`, `orginfo`.`O`
@ -94,14 +96,14 @@ $status = array_key_exists('dstatus',$_SESSION['_config']) ? intval($_SESSION['_
if(0==$status)
{
$query .= "AND `revoked`=0 AND `renewed`=0 ";
$query .= "HAVING `timeleft` > 0 ";
$query .= "HAVING `timeleft` > 0 or `expires` = 0 ";
}
switch ($sorting){
case 0:
$query .= "ORDER BY `orginfo`.`O`, `orgdomaincerts`.`expire` desc";
$query .= "ORDER BY `orginfo`.`O`, `modified` desc";
break;
case 1:
$query .= "ORDER BY `orginfo`.`O`, `orgdomaincerts`.`CN`, `orgdomaincerts`.`expire` desc";
$query .= "ORDER BY `orginfo`.`O`, `orgdomaincerts`.`CN`, `modified` desc";
break;
}

519
pages/account/43.php
Unescape Escape View File

@ -14,30 +14,30 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
<?
*/
include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$ticketno='';
$ticketvalidation=FALSE;
if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0)
{
$assurance = mysql_escape_string(intval($_REQUEST['assurance']));
$row = 0;
$res = mysql_query("select `to` from `notary` where `id`='$assurance'");
if ($res) {
$row = mysql_fetch_assoc($res);
}
mysql_query("delete from `notary` where `id`='$assurance'");
if ($row) {
fix_assurer_flag($row['to']);
if (isset($_SESSION['ticketno'])) {
$ticketno = $_SESSION['ticketno'];
$ticketvalidation = valid_ticket_number($ticketno);
}
if (isset($_SESSION['ticketmsg'])) {
$ticketmsg = $_SESSION['ticketmsg'];
} else {
$ticketmsg = '';
}
// search for an account by email search, if more than one is found display list to choose
if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
{
$_REQUEST['userid'] = 0;
$emailsearch = $email = mysql_escape_string(stripslashes($_REQUEST['email']));
$emailsearch = $email = mysql_real_escape_string(stripslashes($_REQUEST['email']));
//Disabled to speed up the queries
//if(!strstr($email, "%"))
@ -64,7 +64,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
}
// bug-975 ted+uli changes --- end
$res = mysql_query($query);
if(mysql_num_rows($res) > 1) { ?>
if(mysql_num_rows($res) > 1) {
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="5" class="title"><?=_("Select Specific Account Details")?></td>
@ -75,22 +76,32 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
</tr>
<?
while($row = mysql_fetch_assoc($res))
{ ?>
{
?>
<tr>
<td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>"><?=intval($row['id'])?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td>
</tr>
<? } if(mysql_num_rows($res) >= 100) { ?>
<?
}
if(mysql_num_rows($res) >= 100) {
?>
<tr>
<td class="DataTD" colspan="2"><?=_("Only the first 100 rows are displayed.")?></td>
</tr>
<? } else { ?>
<?
} else {
?>
<tr>
<td class="DataTD" colspan="2"><? printf(_("%s rows displayed."), mysql_num_rows($res)); ?></td>
</tr>
<? } ?>
<?
}
?>
</table><br><br>
<? } elseif(mysql_num_rows($res) == 1) {
<?
} elseif(mysql_num_rows($res) == 1) {
$row = mysql_fetch_assoc($res);
$_REQUEST['userid'] = $row['id'];
} else {
@ -98,21 +109,66 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
}
}
if(intval($_REQUEST['userid']) > 0)
{
// display user information for given user id
if(intval($_REQUEST['userid']) > 0) {
$userid = intval($_REQUEST['userid']);
$query = "select * from `users` where `users`.`id`='$userid' and `users`.`deleted`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
$res =get_user_data($userid);
if(mysql_num_rows($res) <= 0) {
echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are afoot!");
} else {
$row = mysql_fetch_assoc($res);
$query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."'";
$query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."' and `deleted` = 0";
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$alerts = mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($row['id'])."'"));
$alerts =get_alerts(intval($row['id']));
//display account data
//deletes an assurance
if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0 && $ticketvalidation == true)
{
if (!write_se_log($userid, $_SESSION['profile']['id'], 'SE assurance revoke', $ticketno)) {
$ticketmsg=_("Writing to the admin log failed. Can't continue.");
} else {
$assurance = intval($_REQUEST['assurance']);
$trow = 0;
$res = mysql_query("select `to` from `notary` where `id`='".intval($assurance)."' and `deleted` = 0");
if ($res) {
$trow = mysql_fetch_assoc($res);
if ($trow) {
mysql_query("update `notary` set `deleted`=NOW() where `id`='".intval($assurance)."'");
fix_assurer_flag($trow['to']);
}
}
}
} elseif(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0 && $ticketvalidation == FALSE) {
$ticketmsg=_('No assurance revoked. Ticket number is missing!');
}
//Ticket number
?>
<form method="post" action="account.php?id=43&userid=<?=intval($_REQUEST['userid'])?>">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_('Ticket handling') ?></td>
</tr>
<tr>
<td class="DataTD"><?=_('Ticket no')?>:</td>
<td class="DataTD"><input type="text" name="ticketno" value="<?=sanitizeHTML($ticketno)?>"/></td>
</tr>
<tr>
<td colspan="2" class="DataTDError"><?=$ticketmsg?></td><?php $_SESSION['ticketmsg']='' ?>
</tr>
<tr>
<td colspan="2" ><input type="submit" value="<?=_('Set ticket number') ?>"></td>
</tr>
</table>
</form>
<br/>
<!-- display data table -->
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="5" class="title"><? printf(_("%s's Account Details"), sanitizeHTML($row['email'])); ?></td>
@ -125,7 +181,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
<td class="DataTD"><?=_("First Name")?>:</td>
<td class="DataTD"><form method="post" action="account.php" onSubmit="if(!confirm('<?=_("Are you sure you want to modify this DOB and/or last name?")?>')) return false;">
<input type="hidden" name="csrf" value="<?=make_csrf('admchangepers')?>" />
<input type="text" name="fname" value="<?=sanitizeHTML($row['fname'])?>"></td>
<input type="text" name="fname" value="<?=sanitizeHTML($row['fname'])?>">
</td>
</tr>
<tr>
<td class="DataTD"><?=_("Middle Name")?>:</td>
@ -136,7 +193,8 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
<td class="DataTD"> <input type="hidden" name="oldid" value="43">
<input type="hidden" name="action" value="updatedob">
<input type="hidden" name="userid" value="<?=intval($userid)?>">
<input type="text" name="lname" value="<?=sanitizeHTML($row['lname'])?>"></td>
<input type="text" name="lname" value="<?=sanitizeHTML($row['lname'])?>">
</td>
</tr>
<tr>
<td class="DataTD"><?=_("Suffix")?>:</td>
@ -149,21 +207,22 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$year = intval(substr($row['dob'], 0, 4));
$month = intval(substr($row['dob'], 5, 2));
$day = intval(substr($row['dob'], 8, 2));
?><nobr><select name="day">
?>
<nobr>
<select name="day">
<?
for($i = 1; $i <= 31; $i++)
{
for($i = 1; $i <= 31; $i++) {
echo "<option";
if($day == $i)
if($day == $i) {
echo " selected='selected'";
}
echo ">$i</option>";
}
?>
</select>
<select name="month">
<?
for($i = 1; $i <= 12; $i++)
{
for($i = 1; $i <= 12; $i++) {
echo "<option value='$i'";
if($month == $i)
echo " selected='selected'";
@ -172,11 +231,17 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
?>
</select>
<input type="text" name="year" value="<?=$year?>" size="4">
<input type="submit" value="Go"></form></nobr></td>
<input type="submit" value="Go">
<input type="hidden" name="ticketno" value="<?=sanitizeHTML($ticketno)?>"/>
</form>
</nobr>
</td>
</tr>
<? // list of flags ?>
<tr>
<td class="DataTD"><?=_("CCA accepted")?>:</td>
<td class="DataTD"><a href="account.php?id=57&amp;userid=<?=intval($row['id'])?>"><?=intval(get_user_agreement_status($row['id'])) ? _("Yes") : _("No") ?></a></td>
<td class="DataTD"><a href="account.php?id=57&amp;userid=<?=intval($row['id'])?>"><?=intval(get_user_agreement_status($row['id'], 'CCA')) ? _("Yes") : _("No") ?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Trainings")?>:</td>
@ -184,71 +249,84 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
</tr>
<tr>
<td class="DataTD"><?=_("Is Assurer")?>:</td>
<td class="DataTD"><a href="account.php?id=43&amp;assurer=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admsetassuret')?>"><?=$row['assurer']?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;assurer=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admsetassuret')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['assurer'])?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Blocked Assurer")?>:</td>
<td class="DataTD"><a href="account.php?id=43&amp;assurer_blocked=<?=intval($row['id'])?>"><?=$row['assurer_blocked']?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;assurer_blocked=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['assurer_blocked'])?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Account Locking")?>:</td>
<td class="DataTD"><a href="account.php?id=43&amp;locked=<?=$row['id']?>&amp;csrf=<?=make_csrf('admactlock')?>"><?=$row['locked']?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;locked=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admactlock')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['locked'])?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Code Signing")?>:</td>
<td class="DataTD"><a href="account.php?id=43&amp;codesign=<?=$row['id']?>&amp;csrf=<?=make_csrf('admcodesign')?>"><?=$row['codesign']?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;codesign=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admcodesign')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['codesign'])?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Org Assurer")?>:</td>
<td class="DataTD"><a href="account.php?id=43&amp;orgadmin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admorgadmin')?>"><?=$row['orgadmin']?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;orgadmin=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admorgadmin')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['orgadmin'])?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("TTP Admin")?>:</td>
<td class="DataTD"><a href="account.php?id=43&amp;ttpadmin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admttpadmin')?>"><?=$row['ttpadmin']?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;ttpadmin=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admttpadmin')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['ttpadmin'])?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Location Admin")?>:</td>
<td class="DataTD"><a href="account.php?id=43&amp;locadmin=<?=$row['id']?>"><?=$row['locadmin']?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;locadmin=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=$row['locadmin']?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Admin")?>:</td>
<td class="DataTD"><a href="account.php?id=43&amp;admin=<?=$row['id']?>&amp;csrf=<?=make_csrf('admsetadmin')?>"><?=$row['admin']?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;admin=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admsetadmin')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['admin'])?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Ad Admin")?>:</td>
<td class="DataTD"><a href="account.php?id=43&amp;adadmin=<?=$row['id']?>"><?=$row['adadmin']?></a> (0 = none, 1 = submit, 2 = approve)</td>
<td class="DataTD"><a href="account.php?id=43&amp;adadmin=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['adadmin'])?></a> (0 = none, 1 = submit, 2 = approve)</td>
</tr>
<!-- presently not needed
<tr>
<td class="DataTD"><?=_("Tverify Account")?>:</td>
<td class="DataTD"><a href="account.php?id=43&amp;tverify=<?=$row['id']?>"><?=$row['tverify']?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;tverify=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($row['tverify'])?></a></td>
</tr>
-->
<tr>
<td class="DataTD"><?=_("General Announcements")?>:</td>
<td class="DataTD"><a href="account.php?id=43&amp;general=<?=$row['id']?>"><?=$alerts['general']?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;general=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($alerts['general'])?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Country Announcements")?>:</td>
<td class="DataTD"><a href="account.php?id=43&amp;country=<?=$row['id']?>"><?=$alerts['country']?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;country=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($alerts['country'])?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Regional Announcements")?>:</td>
<td class="DataTD"><a href="account.php?id=43&amp;regional=<?=$row['id']?>"><?=$alerts['regional']?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;regional=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($alerts['regional'])?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Within 200km Announcements")?>:</td>
<td class="DataTD"><a href="account.php?id=43&amp;radius=<?=$row['id']?>"><?=$alerts['radius']?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;radius=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=intval($alerts['radius'])?></a></td>
</tr>
<? //change password, view secret questions and delete account section ?>
<tr>
<td class="DataTD"><?=_("Change Password")?>:</td>
<td class="DataTD"><a href="account.php?id=44&amp;userid=<?=$row['id']?>"><?=_("Change Password")?></a></td>
<td class="DataTD"><a href="account.php?id=44&amp;userid=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Change Password")?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Delete Account")?>:</td>
<td class="DataTD"><a href="account.php?id=50&amp;userid=<?=$row['id']?>&amp;csrf=<?=make_csrf('admdelaccount')?>"><?=_("Delete Account")?></a></td>
<td class="DataTD"><a href="account.php?id=50&amp;userid=<?=intval($row['id'])?>&amp;csrf=<?=make_csrf('admdelaccount')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Delete Account")?></a></td>
</tr>
<?
// This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!!
if(array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes") {
if(array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==true) {
if (!write_se_log($userid, $_SESSION['profile']['id'], 'SE view lost password information', $ticketno)) {
?>
<tr>
<td class="DataTD" colspan="2"><?=_("Writing to the admin log failed. Can't continue.")?></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>&amp;showlostpw=yes&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Show Lost Password Details")?></a></td>
</tr>
<?
} else {
?>
<tr>
<td class="DataTD"><?=_("Lost Password")?> - Q1:</td>
@ -290,54 +368,85 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
<td class="DataTD"><?=_("Lost Password")?> - A5:</td>
<td class="DataTD"><?=sanitizeHTML($row['A5'])?></td>
</tr>
<? } else { ?>
<?
}
} elseif (array_key_exists('showlostpw',$_GET) && $_GET['showlostpw'] == "yes" && $ticketvalidation==false) {
?>
<tr>
<td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;showlostpw=yes"><?=_("Show Lost Password Details")?></a></td>
<td class="DataTD" colspan="2"><?=_('No access granted. Ticket number is missing')?></td>
</tr>
<? } ?>
<tr>
<td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>&amp;showlostpw=yes&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Show Lost Password Details")?></a></td>
</tr>
<?
} else {
?>
<tr>
<td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>&amp;showlostpw=yes&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Show Lost Password Details")?></a></td>
</tr>
<? }
// list assurance points
?>
<tr>
<td class="DataTD"><?=_("Assurance Points")?>:</td>
<td class="DataTD"><?=intval($drow['points'])?></td>
</tr>
<?
// show account history
?>
<tr>
<td class="DataTD" colspan="2"><a href="account.php?id=59&amp;oldid=43&amp;userid=<?=intval($row['id'])?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_('Show account history')?></a></td>
</tr>
</table>
<br><?
$query = "select * from `email` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`=''
and `email`!='".mysql_escape_string($row['email'])."'";
$dres = mysql_query($query);
if(mysql_num_rows($dres) > 0) { ?>
<br/>
<?
//list secondary email addresses
$dres = get_email_addresses(intval($row['id']),$row['email']);
if(mysql_num_rows($dres) > 0) {
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="5" class="title"><?=_("Alternate Verified Email Addresses")?></td>
</tr><?
$rc = mysql_num_rows($dres);
while($drow = mysql_fetch_assoc($dres))
{ ?>
</tr>
<?
while($drow = mysql_fetch_assoc($dres)) {
?>
<tr>
<td class="DataTD"><?=_("Secondary Emails")?>:</td>
<td class="DataTD"><?=sanitizeHTML($drow['email'])?></td>
</tr>
<? } ?>
<?
}
?>
</table>
<br><? } ?>
<br/>
<?
$query = "select * from `domains` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`=''";
$dres = mysql_query($query);
if(mysql_num_rows($dres) > 0) { ?>
}
// list of domains
$dres=get_domains(intval($row['id']));
if(mysql_num_rows($dres) > 0) {
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="5" class="title"><?=_("Verified Domains")?></td>
</tr><?
$rc = mysql_num_rows($dres);
while($drow = mysql_fetch_assoc($dres))
{ ?>
</tr>
<?
while($drow = mysql_fetch_assoc($dres)) {
?>
<tr>
<td class="DataTD"><?=_("Domain")?>:</td>
<td class="DataTD"><?=sanitizeHTML($drow['domain'])?></td>
</tr>
<? } ?>
<?
}
?>
</table>
<br>
<? } ?>
<br/>
<?
}
?>
<? // Begin - Debug infos ?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
@ -379,11 +488,12 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
4. users.email = primary-email
--- Assurer, assure someone find user query
select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."'
select * from `users` where `email`='".mysql_real_escape_string(stripslashes($_POST['email']))."'
and `deleted`=0
=> requirements
1. users.deleted = 0
2. users.email = primary-email
Admin User Assurer
bit Console Login assure someone
@ -413,6 +523,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$inconsistency = 0;
$inconsistencydisp = "";
$inccause = "";
// current userid intval($row['id'])
$query = "select `email` as `uemail`, `deleted` as `udeleted`, `verified`, `locked`
from `users` where `id`='".intval($row['id'])."' ";
@ -472,30 +583,30 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
?>
<tr>
<td class="DataTD"><?=_("Account inconsistency")?>:</td>
<td class="DataTD"><?=$inccause?><br>code: <?=$inconsistency?></td>
<td class="DataTD"><?=$inccause?><br>code: <?=intval($inconsistency)?></td>
</tr>
<tr>
<td colspan="2" class="DataTD" style="max-width: 75ex">
<?=_("Account inconsistency can cause problems in daily account ".
"operations and needs to be fixed manually through arbitration/critical ".
"team.")?>
<td colspan="2" class="DataTD" style="max-width: 75ex;">
<?=_("Account inconsistency can cause problems in daily account operations and needs to be fixed manually through arbitration/critical team.")?>
</td>
</tr>
<? }
<?
}
// --- bug-975 end ---
?>
</table>
<br>
<br />
<?
// End - Debug infos
// certificate overview
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="6" class="title"><?=_("Certificates")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Cert Type")?>:</td>
<td class="DataTD"><?=_("Total")?></td>
@ -508,11 +619,13 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
<tr>
<td class="DataTD"><?=_("Server")?>:</td>
<?
$query = "select COUNT(*) as `total`,
$query = "
select COUNT(*) as `total`,
MAX(`domaincerts`.`expire`) as `maxexpire`
from `domains` inner join `domaincerts`
on `domains`.`id` = `domaincerts`.`domid`
where `domains`.`memid` = '".intval($row['id'])."' ";
where `domains`.`memid` = '".intval($row['id'])."'
";
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$total = $drow['total'];
@ -523,30 +636,36 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
}
if($total > 0) {
$query = "select COUNT(*) as `valid`
$query = "
select COUNT(*) as `valid`
from `domains` inner join `domaincerts`
on `domains`.`id` = `domaincerts`.`domid`
where `domains`.`memid` = '".intval($row['id'])."'
and `revoked` = '0000-00-00 00:00:00'
and `expire` > NOW()";
and `expire` > NOW()
";
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$valid = $drow['valid'];
$query = "select COUNT(*) as `expired`
$query = "
select COUNT(*) as `expired`
from `domains` inner join `domaincerts`
on `domains`.`id` = `domaincerts`.`domid`
where `domains`.`memid` = '".intval($row['id'])."'
and `expire` <= NOW()";
and `expire` <= NOW()
";
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$expired = $drow['expired'];
$query = "select COUNT(*) as `revoked`
$query = "
select COUNT(*) as `revoked`
from `domains` inner join `domaincerts`
on `domains`.`id` = `domaincerts`.`domid`
where `domains`.`memid` = '".intval($row['id'])."'
and `revoked` != '0000-00-00 00:00:00'";
and `revoked` != '0000-00-00 00:00:00'
";
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$revoked = $drow['revoked'];
@ -555,22 +674,24 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
<td class="DataTD"><?=intval($valid)?></td>
<td class="DataTD"><?=intval($expired)?></td>
<td class="DataTD"><?=intval($revoked)?></td>
<td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?
substr($maxexpire, 0, 10) : _("Pending")?></td>
<td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
<?
} else { // $total > 0
?>
<td colspan="5" class="DataTD"><?=_("None")?></td>
<?
} ?>
}
?>
</tr>
<!-- client certificates -->
<tr>
<td class="DataTD"><?=_("Client")?>:</td>
<?
$query = "select COUNT(*) as `total`, MAX(`expire`) as `maxexpire`
$query = "
select COUNT(*) as `total`, MAX(`expire`) as `maxexpire`
from `emailcerts`
where `memid` = '".intval($row['id'])."' ";
where `memid` = '".intval($row['id'])."'
";
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$total = $drow['total'];
@ -581,27 +702,33 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
}
if($total > 0) {
$query = "select COUNT(*) as `valid`
$query = "
select COUNT(*) as `valid`
from `emailcerts`
where `memid` = '".intval($row['id'])."'
and `revoked` = '0000-00-00 00:00:00'
and `expire` > NOW()";
and `expire` > NOW()
";
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$valid = $drow['valid'];
$query = "select COUNT(*) as `expired`
$query = "
select COUNT(*) as `expired`
from `emailcerts`
where `memid` = '".intval($row['id'])."'
and `expire` <= NOW()";
and `expire` <= NOW()
";
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$expired = $drow['expired'];
$query = "select COUNT(*) as `revoked`
$query = "
select COUNT(*) as `revoked`
from `emailcerts`
where `memid` = '".intval($row['id'])."'
and `revoked` != '0000-00-00 00:00:00'";
and `revoked` != '0000-00-00 00:00:00'
";
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$revoked = $drow['revoked'];
@ -610,22 +737,24 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
<td class="DataTD"><?=intval($valid)?></td>
<td class="DataTD"><?=intval($expired)?></td>
<td class="DataTD"><?=intval($revoked)?></td>
<td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?
substr($maxexpire, 0, 10) : _("Pending")?></td>
<td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
<?
} else { // $total > 0
?>
<td colspan="5" class="DataTD"><?=_("None")?></td>
<?
} ?>
}
?>
</tr>
<!-- gpg certificates -->
<tr>
<td class="DataTD"><?=_("GPG")?>:</td>
<?
$query = "select COUNT(*) as `total`, MAX(`expire`) as `maxexpire`
$query = "
select COUNT(*) as `total`, MAX(`expire`) as `maxexpire`
from `gpg`
where `memid` = '".intval($row['id'])."' ";
where `memid` = '".intval($row['id'])."'
";
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$total = $drow['total'];
@ -636,45 +765,50 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
}
if($total > 0) {
$query = "select COUNT(*) as `valid`
$query = "
select COUNT(*) as `valid`
from `gpg`
where `memid` = '".intval($row['id'])."'
and `expire` > NOW()";
and `expire` > NOW()
";
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$valid = $drow['valid'];
$query = "select COUNT(*) as `expired`
$query = "
select COUNT(*) as `expired`
from `gpg`
where `memid` = '".intval($row['id'])."'
and `expire` <= NOW()";
and `expire` <= NOW()
";
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$expired = $drow['expired'];
?>
<td class="DataTD"><?=intval($total)?></td>
<td class="DataTD"><?=intval($valid)?></td>
<td class="DataTD"><?=intval($expired)?></td>
<td class="DataTD"></td>
<td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?
substr($maxexpire, 0, 10) : _("Pending")?></td>
<td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
<?
} else { // $total > 0
?>
<td colspan="5" class="DataTD"><?=_("None")?></td>
<?
} ?>
}
?>
</tr>
<!-- org server certificates -->
<tr>
<td class="DataTD"><a href="account.php?id=58&amp;userid=<?=intval($row['id'])?>"><?=_("Org Server")?></a>:</td>
<?
$query = "select COUNT(*) as `total`,
$query = "
select COUNT(*) as `total`,
MAX(`orgcerts`.`expire`) as `maxexpire`
from `orgdomaincerts` as `orgcerts` inner join `org`
on `orgcerts`.`orgid` = `org`.`orgid`
where `org`.`memid` = '".intval($row['id'])."' ";
where `org`.`memid` = '".intval($row['id'])."'
";
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$total = $drow['total'];
@ -685,30 +819,36 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
}
if($total > 0) {
$query = "select COUNT(*) as `valid`
$query = "
select COUNT(*) as `valid`
from `orgdomaincerts` as `orgcerts` inner join `org`
on `orgcerts`.`orgid` = `org`.`orgid`
where `org`.`memid` = '".intval($row['id'])."'
and `orgcerts`.`revoked` = '0000-00-00 00:00:00'
and `orgcerts`.`expire` > NOW()";
and `orgcerts`.`expire` > NOW()
";
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$valid = $drow['valid'];
$query = "select COUNT(*) as `expired`
$query = "
select COUNT(*) as `expired`
from `orgdomaincerts` as `orgcerts` inner join `org`
on `orgcerts`.`orgid` = `org`.`orgid`
where `org`.`memid` = '".intval($row['id'])."'
and `orgcerts`.`expire` <= NOW()";
and `orgcerts`.`expire` <= NOW()
";
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$expired = $drow['expired'];
$query = "select COUNT(*) as `revoked`
$query = "
select COUNT(*) as `revoked`
from `orgdomaincerts` as `orgcerts` inner join `org`
on `orgcerts`.`orgid` = `org`.`orgid`
where `org`.`memid` = '".intval($row['id'])."'
and `orgcerts`.`revoked` != '0000-00-00 00:00:00'";
and `orgcerts`.`revoked` != '0000-00-00 00:00:00'
";
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$revoked = $drow['revoked'];
@ -717,24 +857,26 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
<td class="DataTD"><?=intval($valid)?></td>
<td class="DataTD"><?=intval($expired)?></td>
<td class="DataTD"><?=intval($revoked)?></td>
<td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?
substr($maxexpire, 0, 10) : _("Pending")?></td>
<td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
<?
} else { // $total > 0
?>
<td colspan="5" class="DataTD"><?=_("None")?></td>
<?
} ?>
}
?>
</tr>
<!-- org client certificates -->
<tr>
<td class="DataTD"><?=_("Org Client")?>:</td>
<?
$query = "select COUNT(*) as `total`,
$query = "
select COUNT(*) as `total`,
MAX(`orgcerts`.`expire`) as `maxexpire`
from `orgemailcerts` as `orgcerts` inner join `org`
on `orgcerts`.`orgid` = `org`.`orgid`
where `org`.`memid` = '".intval($row['id'])."' ";
where `org`.`memid` = '".intval($row['id'])."'
";
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$total = $drow['total'];
@ -745,30 +887,36 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
}
if($total > 0) {
$query = "select COUNT(*) as `valid`
$query = "
select COUNT(*) as `valid`
from `orgemailcerts` as `orgcerts` inner join `org`
on `orgcerts`.`orgid` = `org`.`orgid`
where `org`.`memid` = '".intval($row['id'])."'
and `orgcerts`.`revoked` = '0000-00-00 00:00:00'
and `orgcerts`.`expire` > NOW()";
and `orgcerts`.`expire` > NOW()
";
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$valid = $drow['valid'];
$query = "select COUNT(*) as `expired`
$query = "
select COUNT(*) as `expired`
from `orgemailcerts` as `orgcerts` inner join `org`
on `orgcerts`.`orgid` = `org`.`orgid`
where `org`.`memid` = '".intval($row['id'])."'
and `orgcerts`.`expire` <= NOW()";
and `orgcerts`.`expire` <= NOW()
";
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$expired = $drow['expired'];
$query = "select COUNT(*) as `revoked`
$query = "
select COUNT(*) as `revoked`
from `orgemailcerts` as `orgcerts` inner join `org`
on `orgcerts`.`orgid` = `org`.`orgid`
where `org`.`memid` = '".intval($row['id'])."'
and `orgcerts`.`revoked` != '0000-00-00 00:00:00'";
and `orgcerts`.`revoked` != '0000-00-00 00:00:00'
";
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$revoked = $drow['revoked'];
@ -777,14 +925,14 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
<td class="DataTD"><?=intval($valid)?></td>
<td class="DataTD"><?=intval($expired)?></td>
<td class="DataTD"><?=intval($revoked)?></td>
<td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?
substr($maxexpire, 0, 10) : _("Pending")?></td>
<td class="DataTD"><?=($maxexpire != "0000-00-00 00:00:00")?substr($maxexpire, 0, 10) : _("Pending")?></td>
<?
} else { // $total > 0
?>
<td colspan="5" class="DataTD"><?=_("None")?></td>
<?
} ?>
}
?>
</tr>
<tr>
<td colspan="6" class="title">
@ -793,24 +941,32 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
<input type="hidden" name="oldid" value="43">
<input type="hidden" name="userid" value="<?=intval($userid)?>">
<input type="submit" value="<?=_('revoke certificates')?>">
<input type="hidden" name="ticketno" value="<?=sanitizeHTML($ticketno)?>"/>
</form>
</td>
</tr>
</table>
<br>
<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredto"><?=_("Show Assurances the user got")?></a>
(<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredto15"><?=_("New calculation")?></a>)
<br />
<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredby"><?=_("Show Assurances the user gave")?></a>
(<a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;shownotary=assuredby15"><?=_("New calculation")?></a>)
<br />
<? // list assurances ?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td class="DataTD">
<a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>&amp;shownotary=assuredto&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Show Assurances the user got")?></a>
(<a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>&amp;shownotary=assuredto15&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("New calculation")?></a>)
</td>
</tr>
<tr>
<td class="DataTD">
<a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>&amp;shownotary=assuredby&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("Show Assurances the user gave")?></a>
(<a href="account.php?id=43&amp;userid=<?=intval($row['id'])?>&amp;shownotary=assuredby15&amp;ticketno=<?=sanitizeHTML($ticketno)?>"><?=_("New calculation")?></a>)
</td>
</tr>
</table>
<?
// if(array_key_exists('assuredto',$_GET) && $_GET['assuredto'] == "yes") {
function showassuredto()
function showassuredto($ticketno)
{
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
@ -828,11 +984,10 @@ function showassuredto()
<td class="DataTD"><b><?=_("Revoke")?></b></td>
</tr>
<?
$query = "select * from `notary` where `to`='".intval($_GET['userid'])."'";
$query = "select * from `notary` where `to`='".intval($_GET['userid'])."' and `deleted` = 0";
$dres = mysql_query($query);
$points = 0;
while($drow = mysql_fetch_assoc($dres))
{
while($drow = mysql_fetch_assoc($dres)) {
$fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['from'])."'"));
$points += $drow['points'];
?>
@ -844,19 +999,21 @@ function showassuredto()
<td class="DataTD"><?=intval($drow['points'])?></td>
<td class="DataTD"><?=sanitizeHTML($drow['location'])?></td>
<td class="DataTD"><?=sanitizeHTML($drow['method'])?></td>
<td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>&amp;assurance=<?=intval($drow['id'])?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$drow['id'])?>');"><?=_("Revoke")?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>&amp;assurance=<?=intval($drow['id'])?>&amp;csrf=<?=make_csrf('admdelassurance')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),intval($drow['id']))?>');"><?=_("Revoke")?></a></td>
</tr>
<? } ?>
<?
}
?>
<tr>
<td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td>
<td class="DataTD"><?=$points?></td>
<td class="DataTD"><?=intval($points)?></td>
<td class="DataTD" colspan="3">&nbsp;</td>
</tr>
</table>
<? } ?>
<?
function showassuredby()
}
function showassuredby($ticketno)
{
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
@ -874,48 +1031,50 @@ function showassuredby()
<td class="DataTD"><b><?=_("Revoke")?></b></td>
</tr>
<?
$query = "select * from `notary` where `from`='".intval($_GET['userid'])."'";
$query = "select * from `notary` where `from`='".intval($_GET['userid'])."' and `deleted` = 0";
$dres = mysql_query($query);
$points = 0;
while($drow = mysql_fetch_assoc($dres))
{
$fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$drow['to']."'"));
$points += $drow['points'];
while($drow = mysql_fetch_assoc($dres)) {
$fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['to'])."'"));
$points += intval($drow['points']);
?>
<tr>
<td class="DataTD"><?=$drow['id']?></td>
<td class="DataTD"><?=intval($drow['id'])?></td>
<td class="DataTD"><?=$drow['date']?></td>
<td class="DataTD"><a href="wot.php?id=9&userid=<?=$drow['to']?>"><?=$fromuser['fname']." ".$fromuser['lname']?></td>
<td class="DataTD"><a href="wot.php?id=9&userid=<?=intval($drow['to'])?>"><?=sanitizeHTML($fromuser['fname']." ".$fromuser['lname'])?></td>
<td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>"><?=sanitizeHTML($fromuser['email'])?></a></td>
<td class="DataTD"><?=$drow['points']?></td>
<td class="DataTD"><?=$drow['location']?></td>
<td class="DataTD"><?=$drow['method']?></td>
<td class="DataTD"><a href="account.php?id=43&userid=<?=$drow['from']?>&assurance=<?=$drow['id']?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$drow['id'])?>');"><?=_("Revoke")?></a></td>
<td class="DataTD"><?=intval($drow['points'])?></td>
<td class="DataTD"><?=sanitizeHTML($drow['location'])?></td>
<td class="DataTD"><?=sanitizeHTML($drow['method'])?></td>
<td class="DataTD"><a href="account.php?id=43&userid=<?=intval($drow['from'])?>&assurance=<?=intval($drow['id'])?>&amp;csrf=<?=make_csrf('admdelassurance')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),intval($drow['id']))?>');"><?=_("Revoke")?></a></td>
</tr>
<? } ?>
<?
}
?>
<tr>
<td class="DataTD" colspan="4"><b><?=_("Total Points")?>:</b></td>
<td class="DataTD"><?=$points?></td>
<td class="DataTD"><?=intval($points)?></td>
<td class="DataTD" colspan="3">&nbsp;</td>
</tr>
</table>
<?} ?>
<br><br>
<? } }
<br/><br/>
<?
} }
if(isset($_GET['shownotary'])) {
switch($_GET['shownotary']) {
case 'assuredto':
showassuredto();
showassuredto($ticketno);
break;
case 'assuredby':
showassuredby();
showassuredby($ticketno);
break;
case 'assuredto15':
output_received_assurances(intval($_GET['userid']),1);
output_received_assurances(intval($_GET['userid']),1,$ticketno);
break;
case 'assuredby15':
output_given_assurances(intval($_GET['userid']),1);
output_given_assurances(intval($_GET['userid']),1, $ticketno);
break;
}
}

27
pages/account/44.php
Unescape Escape View File

@ -14,8 +14,28 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
<? if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") { ?><div color="orange">ERROR: <?=$_SESSION['_config']['error']?></div><? unset($_SESSION['_config']['error']); } ?>
*/
if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") {
?>
<div style="color: orange;">ERROR: <?=$_SESSION['_config']['error']?></div>
<?
unset($_SESSION['_config']['error']);
}
$ticketno = "";
if (array_key_exists('ticketno', $_SESSION)) {
$ticketno = $_SESSION['ticketno'];
}
if (!valid_ticket_number($ticketno)) {
printf(_("I'm sorry, you did not enter a ticket number! %s You cannot reset the password."), '<br/>');
echo '<br/><a href="account.php?id=43&amp;userid='.intval($_REQUEST['userid']).'">'._('Back to previous page.').'</a>';
showfooter();
exit;
}
?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
@ -34,5 +54,6 @@
</tr>
</table>
<input type="hidden" name="userid" value="<?=intval($_REQUEST['userid'])?>">
<input type="hidden" name="oldid" value="<?=$id?>">
<input type="hidden" name="oldid" value="<?=intval($id)?>">
<input type="hidden" name="ticketno" value="<?=sanitizeHTML($ticketno)?>"/>
</form>

39
pages/account/5.php
Unescape Escape View File

@ -19,7 +19,7 @@
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="10" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&amp;viewall=<?=!$viewall?>"><?=$viewall?_("Hide old certificates"):_("View all certificates")?></a></td>
<td colspan="10" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&amp;viewall=<?=intval(!$viewall)?>"><?=$viewall?_("Hide old certificates"):_("View all certificates")?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
@ -34,23 +34,24 @@
$query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`,
UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`,
`emailcerts`.`expire` as `expires`,
`emailcerts`.`expire`,
`emailcerts`.`revoked` as `revoke`,
UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`,
if (`emailcerts`.`expire`=0,CURRENT_TIMESTAMP(),`emailcerts`.`modified`) as `modified` ,
`emailcerts`.`id`,
`emailcerts`.`CN`,
`emailcerts`.`serial`,
`emailcerts`.`disablelogin` as `disablelogin`,
`emailcerts`.`description`
from `emailcerts`
where `emailcerts`.`memid`='".$_SESSION['profile']['id']."'
where `emailcerts`.`memid`='".intval($_SESSION['profile']['id'])."'
";
if($viewall != 1)
$query .= " AND `revoked`=0 AND `renewed`=0 ";
$query .= " GROUP BY `emailcerts`.`id` ";
if($viewall != 1)
$query .= " HAVING `timeleft` > 0 ";
$query .= " ORDER BY `emailcerts`.`modified` desc";
$query .= " HAVING `timeleft` > 0 or `expire` = 0 ";
$query .= " ORDER BY `modified` desc";
// echo $query."<br>\n";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
@ -75,32 +76,32 @@
?>
<tr>
<? if($verified != _("Pending") && $verified != _("Revoked")) { ?>
<td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"></td>
<td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=intval($row['id'])?>"></td>
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><a href="account.php?id=6&amp;cert=<?=$row['id']?>"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></a></td>
<td class="DataTD"><a href="account.php?id=6&amp;cert=<?=intval($row['id'])?>"><?=(trim($row['CN'])=="" ? _("empty") : sanitizeHTML($row['CN']))?></a></td>
<? } else if($verified != _("Revoked")) { ?>
<td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td>
<td class="DataTD"><input type="checkbox" name="delid[]" value="<?=intval($row['id'])?>"></td>
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td>
<td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : sanitizeHTML($row['CN']))?></td>
<? } else { ?>
<td class="DataTD">&nbsp;</td>
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td>
<td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : sanitizeHTML($row['CN']))?></td>
<? } ?>
<td class="DataTD"><?=$row['serial']?></td>
<td class="DataTD"><?=$row['revoke']?></td>
<td class="DataTD"><?=$row['expires']?></td>
<td class="DataTD"><?=sanitizeHTML($row['serial'])?></td>
<td class="DataTD"><?=sanitizeHTML($row['revoke'])?></td>
<td class="DataTD"><?=sanitizeHTML($row['expire'])?></td>
<td class="DataTD">
<input type="checkbox" name="disablelogin_<?=$row['id']?>" value="1" <?=$row['disablelogin']?"":'checked="checked"'?>/>
<input type="hidden" name="cert_<?=$row['id']?>" value="1" />
<input type="checkbox" name="disablelogin_<?=intval($row['id'])?>" value="1" <?=$row['disablelogin']?"":'checked="checked"'?>/>
<input type="hidden" name="cert_<?=intval($row['id'])?>" value="1" />
</td>
<td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
<td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
<td class="DataTD"><input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
<td class="DataTD"><input type="checkbox" name="check_comment_<?=intval($row['id'])?>" /></td>
</tr>
<? } ?>
<tr>
<td class="DataTD" colspan="9">
<a href="account.php?id=5&amp;viewall=<?=!$viewall?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a>
<a href="account.php?id=5&amp;viewall=<?=intval(!$viewall)?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a>
</td>
</tr>
@ -119,7 +120,7 @@
</tr>
<? } ?>
</table>
<input type="hidden" name="oldid" value="<?=$id?>" />
<input type="hidden" name="oldid" value="<?=intval($id)?>" />
<input type="hidden" name="csrf" value="<?=make_csrf('clicerchange')?>" />
</form>
<p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p>

71
pages/account/52.php
Unescape Escape View File

@ -14,45 +14,51 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
<? if($_SESSION['profile']['tverify'] <= 0) { echo _("You don't have access to this area."); } else { ?>
<?
*/
if($_SESSION['profile']['tverify'] <= 0) {
echo _("You don't have access to this area.");
} else {
$uid = intval($_GET['uid']);
$query = "select * from `tverify` where `id`='$uid' and `modified`=0";
$query = "select * from `tverify` where `id`='".intval($uid)."' and `modified`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
if(mysql_num_rows($res) > 0) {
$row = mysql_fetch_assoc($res);
$memid = intval($row['memid']);
$query2 = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".intval($_SESSION['profile']['id'])."'";
$query2 = "select * from `tverify-vote` where `tverify`='".intval($uid)."' and `memid`='".intval($_SESSION['profile']['id'])."'";
$rc2 = mysql_num_rows(mysql_query($query2));
if($rc2 > 0)
{
if($rc2 > 0) {
showheader(_("My CAcert.org Account!"));
echo _("You have already voted on this request.");
showfooter();
exit;
}
$query = "select sum(`points`) as `points` from `notary` where `to`='$memid'";
$query = "select sum(`points`) as `points` from `notary` where `to`='".intval($memid)."' and `deleted` = 0";
$notary = mysql_fetch_assoc(mysql_query($query));
$query = "select * from `users` where `id`='$memid'";
$query = "select * from `users` where `id`='".intval($memid)."'";
$user = mysql_fetch_assoc(mysql_query($query));
$tobe = 50 - $notary['points'];
if($row['URL'] != '' && $row['photoid'] != '')
if($row['URL'] != '' && $row['photoid'] != '') {
$tobe = 150 - $notary['points'];
else if($row['URL'] != '')
} else if($row['URL'] != '') {
$tobe = 90 - $notary['points'];
if(intval($tobe) <= 0)
}
if(intval($tobe) <= 0) {
$tobe = 0;
}
?>
<?=_("Request Details")?>:<br>
<?=_("Name on file")?>: <?=$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix']?><br>
<?=_("Primary email address")?>: <?=$user['email']." (".$user['id'].")"?><br>
<?=_("Certificate Subject")?>: <?=$row['CN']?><br>
<? if($row['URL'] != '') { ?><?=_("Notary URL")?>: <a href="<?=$row['URL']?>"><?=$row['URL']?></a><br><? } ?>
<? if($row['photoid'] != '') { ?><?=_("Photo ID URL")?>: <a href="/account.php?id=51&amp;photoid=<?=intval($row['id'])?>"><?=_("Here")?></a><br><? } ?>
<?=_("Name on file")?>: <?=sanitizeHTML($user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix'])?><br>
<?=_("Primary email address")?>: <?=sanitizeHTML($user['email'])." (".intval($user['id']).")"?><br>
<?=_("Certificate Subject")?>: <?=sanitizeHTML($row['CN'])?><br>
<? if($row['URL'] != '') { ?>
<?=_("Notary URL")?>: <a href="<?=$row['URL']?>"><?=$row['URL']?></a><br>
<? } ?>
<? if($row['photoid'] != '') { ?>
<?=_("Photo ID URL")?>: <a href="/account.php?id=51&amp;photoid=<?=intval($row['id'])?>"><?=_("Here")?></a><br>
<? } ?>
<?=_("Current Points")?>: <?=intval($notary['points'])?><br>
<?=_("Potential Points")?>: <?=intval($tobe)?><br>
<?=_("Date of Birth")?>: <?=$user['dob']?> (YYYY-MM-DD)<br>
@ -63,13 +69,13 @@
<input type="submit" name="agree" value="<?=_("I agree with this Application")?>">
<input type="submit" name="disagree" value="<?=_("I don't agree with this Application")?>">
<input type="hidden" name="oldid" value="<?=intval($_GET['id'])?>">
<input type="hidden" name="uid" value="<?=$uid?>">
<input type="hidden" name="uid" value="<?=intval($uid)?>">
</form>
<? } else {
$query = "select * from `tverify` where `id`='$uid' and `modified`=1";
<?
} else {
$query = "select * from `tverify` where `id`='".intval($uid)."' and `modified`=1";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
if(mysql_num_rows($res) > 0) {
echo _("This UID has already been voted on.")."<br/>";
} else {
if($uid) echo _("Unable to locate a valid request for that UID.")."<br/>";
@ -78,13 +84,11 @@
// Search for open requests:
$query = "select * from `tverify` where `modified`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0)
{
if(mysql_num_rows($res) > 0) {
echo "<br/>"._("The following requests are still open:")."<br/><ul>";
while($row = mysql_fetch_assoc($res))
{
while($row = mysql_fetch_assoc($res)) {
$uid=intval($row['id']);
$query3 = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".intval($_SESSION['profile']['id'])."'";
$query3 = "select * from `tverify-vote` where `tverify`='".intval($uid)."' and `memid`='".intval($_SESSION['profile']['id'])."'";
$rc3 = mysql_num_rows(mysql_query($query3));
if($rc3 <= 0)
{
@ -92,11 +96,10 @@
}
}
echo "</ul>\n<br>\n";
}
else
{
} else {
echo "<br/>"._("There are no pending requests where you haven't voted yet.");
}
}
}
} } ?>
?>

15
pages/account/55.php
Unescape Escape View File

@ -58,7 +58,7 @@
<?
$query = "SELECT `CP`.`pass_date`, `CT`.`type_text`, `CV`.`test_text` ".
" FROM `cats_passed` AS CP, `cats_variant` AS CV, `cats_type` AS CT ".
" WHERE `CP`.`variant_id`=`CV`.`id` AND `CV`.`type_id`=`CT`.`id` AND `CP`.`user_id` ='".(int)$user_id."'".
" WHERE `CP`.`variant_id`=`CV`.`id` AND `CV`.`type_id`=`CT`.`id` AND `CP`.`user_id` ='".intval($user_id)."'".
" ORDER BY `CP`.`pass_date`";
$res = mysql_query($query);
@ -71,9 +71,9 @@
}
?>
<tr>
<td class="DataTD"><?=$row[0]?></td>
<td class="DataTD"><?=$row[1]?></td>
<td class="DataTD"><?=$row[2]?></td>
<td class="DataTD"><?=sanitizeHTML($row[0])?></td>
<td class="DataTD"><?=sanitizeHTML($row[1])?></td>
<td class="DataTD"><?=sanitizeHTML($row[2])?></td>
</tr>
<? }
?>
@ -84,10 +84,11 @@
<?
if ($_SESSION['profile']['admin'] == 1 && array_key_exists('userid',$_REQUEST) && intval($_REQUEST['userid']) > 0) {
?>
<tr><td colspan="3" class="DataTD"><a href="account.php?id=43&amp;userid=<?=$user_id ?>">back</a></td></tr>
<? } else {
<tr><td colspan="3" class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($user_id)?>">back</a></td></tr>
<?
} else {
$query = 'SELECT `u`.id, `u`.`assurer`, SUM(`points`) FROM `users` AS `u`, `notary` AS `n` '.
' WHERE `u`.`id` = \''.(int)intval($_SESSION['profile']['id']).'\' AND `n`.`to` = `u`.`id` AND `expire` < now() '.
' WHERE `u`.`id` = \''.(int)intval($_SESSION['profile']['id']).'\' AND `n`.`to` = `u`.`id` AND `expire` < now() and and `n`.`deleted` = 0'.
' GROUP BY `u`.id, `u`.`assurer`';
$res = mysql_query($query);
if (!$res) {

8
pages/account/57.php
Unescape Escape View File

@ -48,7 +48,7 @@
<td class="DataTD"><b><?=_('Type')?></b></td>
</tr>
<?
$data=get_first_user_agreement($user_id,1);
$data=get_first_user_agreement($user_id, 'CCA', 1);
if (!isset($data['active'])){
$type='';
}else{
@ -62,7 +62,7 @@
<td class="DataTD"><?=$type?></td>
</tr>
<?
$data=get_first_user_agreement($user_id,0);
$data=get_first_user_agreement($user_id, 'CCA', 0);
if (!isset($data['active'])){
$type="";
}else{
@ -76,7 +76,7 @@
<td class="DataTD"><?=$type?></td>
</tr>
<?
$data=get_last_user_agreement($user_id);
$data=get_last_user_agreement($user_id, 'CCA');
if (!isset($data['active'])){
$type="";
}elseif($data['active']==1){
@ -98,7 +98,7 @@
<?
if ($_SESSION['profile']['admin'] == 1 && array_key_exists('userid',$_REQUEST) && intval($_REQUEST['userid']) > 0) {
?>
<tr><td colspan="3" class="DataTD"><a href="account.php?id=43&amp;userid=<?=$user_id ?>">back</a></td></tr>
<tr><td colspan="3" class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($user_id)?>">back</a></td></tr>
<? }
?> </table>
<?

8
pages/account/6.php
Unescape Escape View File

@ -25,7 +25,7 @@ if(array_key_exists('cert',$_REQUEST)) {
$query = "select UNIX_TIMESTAMP(`emailcerts`.`created`) as `created`,
UNIX_TIMESTAMP(`emailcerts`.`expire`) - UNIX_TIMESTAMP() as `timeleft`,
UNIX_TIMESTAMP(`emailcerts`.`expire`) as `expired`,
`emailcerts`.`expire` as `expires`,
`emailcerts`.`expire`,
`emailcerts`.`revoked` as `revoke`,
UNIX_TIMESTAMP(`emailcerts`.`revoked`) as `revoked`,
`emailcerts`.`id`,
@ -137,11 +137,11 @@ if (array_key_exists('format', $_REQUEST)) {
</tr>
<tr>
<td class="DataTD"><?=_("Email Address")?></td>
<td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></td>
<td class="DataTD"><?=(trim($row['CN'])=="" ? _("empty") : sanitizeHTML($row['CN']))?></td>
</tr>
<tr>
<td class="DataTD"><?=_("SerialNumber")?></td>
<td class="DataTD"><?=$row['serial']?></td>
<td class="DataTD"><?=sanitizeHTML($row['serial'])?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Revoked")?></td>
@ -149,7 +149,7 @@ if (array_key_exists('format', $_REQUEST)) {
</tr>
<tr>
<td class="DataTD"><?=_("Expires")?></td>
<td class="DataTD"><?=$row['expires']?></td>
<td class="DataTD"><?=$row['expire']?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Login")?></td>

19
pages/gpg/2.php
Unescape Escape View File

@ -30,7 +30,7 @@
$query = "select UNIX_TIMESTAMP(`issued`) as `issued`,
UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() as `timeleft`,
UNIX_TIMESTAMP(`expire`) as `expired`,
`expire` as `expires`, `id`, `level`,
`expire`, `id`, `level`,
`email`,`keyid`,`description` from `gpg` where `memid`='".intval($_SESSION['profile']['id'])."'
ORDER BY `issued` desc";
$res = mysql_query($query);
@ -43,6 +43,7 @@
<? } else {
while($row = mysql_fetch_assoc($res))
{
$verified = '';
if($row['timeleft'] > 0)
$verified = _("Valid");
if($row['timeleft'] < 0)
@ -53,18 +54,18 @@
<tr>
<? if($verified == _("Valid")) { ?>
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['email']?></a></td>
<td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td>
<? } else if($verified == _("Pending")) { ?>
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><?=$row['email']?></td>
<td class="DataTD"><?=sanitizeHTML($row['email'])?></td>
<? } else { ?>
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['email']?></a></td>
<td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td>
<? } ?>
<td class="DataTD"><?=$row['expires']?></td>
<td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['keyid']?></a></td>
<td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
<td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
<td class="DataTD"><?=$row['expire']?></td>
<td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=intval($row['id'])?>"><?=sanitizeHTML($row['keyid'])?></a></td>
<td class="DataTD"><input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
<td class="DataTD"><input type="checkbox" name="check_comment_<?=intval($row['id'])?>" /></td>
</tr>
<? } ?>
<? } ?>
@ -77,5 +78,5 @@
<td class="DataTD" colspan="6"><input type="submit" name="change" value="<?=_("Change settings")?>" /> </td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>" />
<input type="hidden" name="oldid" value="<?=intval($id)?>" />
</form>

16
pages/wot/1.php
Unescape Escape View File

@ -14,8 +14,8 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
<?
*/
$res=mysql_fetch_assoc(mysql_query("select sum(acount) as summe from countries"));
$total1 =$res['summe'];
@ -91,7 +91,7 @@
{
$query = "select *, `users`.`id` as `id` from `users`,`notary` where `listme`='1' and
`ccid`='".$ccid."' and `regid`='".$regid."' and
`locid`='".$locid."' and `users`.`id`=`notary`.`to`
`locid`='".$locid."' and `users`.`id`=`notary`.`to` and `notary`.`deleted`=0
group by `notary`.`to` HAVING SUM(`points`) >= 100 order by `points` desc";
$list = mysql_query($query);
if(mysql_num_rows($list) > 0)
@ -104,18 +104,18 @@
<td class="title"><?=_("Contact Details")?></td>
<td class="title"><?=_("Email Assurer")?></td>
<td class="title"><?=_("Assurer Challenge")?></td>
</tr>
<? while($row = mysql_fetch_assoc($list)) { ?>
<tr>
<td class="DataTD" width="100"><nobr><?=$row['fname']?> <?=substr($row['lname'], 0, 1)?></nobr></td>
<td class="DataTD" width="100"><nobr><?=sanitizeHTML($row['fname'])?> <?=substr($row['lname'], 0, 1)?>.</nobr></td>
<td class="DataTD"><?=maxpoints($row['id'])?></td>
<td class="DataTD"><?=$row['contactinfo']?></td>
<td class="DataTD"><?=sanitizeHTML($row['contactinfo'])?></td>
<td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($row['id'])?>"><?=_("Email Me")?></a></td>
<td class="DataTD"><?=$row['assurer']?_("Yes"):("<font color=\"#ff0000\">"._("Not yet!")."</font>")?></td>
</tr>
<? }
<?
}
}
?>
</table>

26
pages/wot/10.php
Unescape Escape View File

@ -24,7 +24,7 @@
<td colspan="5" class="title"><?=_("Assurer Ranking")?></td>
</tr>
<tr>
<?
<?// the rank calculation is not adjusted to the new deletion method
$query = "SELECT `users`. *, count(*) AS `list` FROM `users`, `notary`
WHERE `users`.`id` = `notary`.`from` AND `notary`.`from` != `notary`.`to`
AND `from`='".intval($_SESSION['profile']['id'])."' GROUP BY `notary`.`from`";
@ -64,18 +64,18 @@
<td class="DataTD"><b><?=_("Method")?></b></td>
</tr>
<?
$query = "select * from `notary` where `to`='".intval($_SESSION['profile']['id'])."'";
$query = "select `id`, `date`, `from`, `points`, `location`, `method` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted`=0";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
$fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($row['from'])."'"));
$fromuser = mysql_fetch_assoc(mysql_query("select `fname`, `lname` from `users` where `id`='".intval($row['from'])."'"));
?>
<tr>
<td class="DataTD"><?=$row['id']?></td>
<td class="DataTD"><?=intval($row['id'])?></td>
<td class="DataTD"><?=$row['date']?></td>
<td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($row['from'])?>"><?=$fromuser['fname']." ".$fromuser['lname']?></td>
<td class="DataTD"><?=$row['points']?></td>
<td class="DataTD"><?=$row['location']?></td>
<td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($row['from'])?>"><?=sanitizeHTML(trim($fromuser['fname']." ".$fromuser['lname']))?></td>
<td class="DataTD"><?=intval($row['points'])?></td>
<td class="DataTD"><?=sanitizeHTML($row['location'])?></td>
<td class="DataTD"><?=_(sprintf("%s", $row['method']))?></td>
</tr>
<?
@ -114,30 +114,30 @@ if ($thawte)
</tr>
<?
$points = 0;
$query = "select * from `notary` where `from`='".intval($_SESSION['profile']['id'])."' and `to`!='".intval($_SESSION['profile']['id'])."'";
$query = "select `id`, `date`, `points`, `to`, `location`, `method` from `notary` where `from`='".intval($_SESSION['profile']['id'])."' and `to`!='".intval($_SESSION['profile']['id'])."' and `deleted`=0" ;
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
$fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($row['to'])."'"));
$points += $row['points'];
$fromuser = mysql_fetch_assoc(mysql_query("select `fname`, `lname` from `users` where `id`='".intval($row['to'])."'"));
$points += intval($row['points']);
$name = trim($fromuser['fname']." ".$fromuser['lname']);
if($name == "")
$name = _("Deleted before Verification");
else
$name = "<a href='wot.php?id=9&amp;userid=".intval($row['to'])."'>$name</a>";
$name = "<a href='wot.php?id=9&amp;userid=".intval($row['to'])."'>".sanitizeHTML($name)."</a>";
?>
<tr>
<td class="DataTD"><?=intval($row['id'])?></td>
<td class="DataTD"><?=$row['date']?></td>
<td class="DataTD"><?=$name?></td>
<td class="DataTD"><?=intval($row['points'])?></td>
<td class="DataTD"><?=$row['location']?></td>
<td class="DataTD"><?=sanitizeHTML($row['location'])?></td>
<td class="DataTD"><?=$row['method']==""?"":_(sprintf("%s", $row['method']))?></td>
</tr>
<? } ?>
<tr>
<td class="DataTD" colspan="3"><b><?=_("Total Points Issued")?>:</b></td>
<td class="DataTD"><?=$points?></td>
<td class="DataTD"><?=intval($points)?></td>
<td class="DataTD" colspan="2">&nbsp;</td>
</tr>
</table>

19
pages/wot/9.php
Unescape Escape View File

@ -28,9 +28,8 @@
$user = mysql_fetch_array($res);
$userlang = $user['language'];
$points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary`
where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0"));
if($points <= 0)
{
where `to`='".intval($user['id'])."' and `deleted`=0 group by `to` HAVING SUM(`points`) > 0"));
if($points <= 0) {
echo _("Sorry, I was unable to locate that user.");
} else {
@ -38,31 +37,31 @@
?>
<? if($_SESSION['_config']['error'] != "") { ?><font color="#ff0000" size="+1">ERROR: <?=$_SESSION['_config']['error']?></font><? unset($_SESSION['_config']['error']); } ?>
<form method="post" action="wot.php">
<input type="hidden" name="userid" value="<?=$user['id']?>">
<input type="hidden" name="userid" value="<?=intval($user['id'])?>">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("Contact Assurer")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("To")?>:</td>
<td class="DataTD" align="left"><?=$user['fname']?> <?=substr($user['lname'], 0, 1)?></td>
<td class="DataTD" align="left"><?=sanitizeHTML(trim($user['fname'].' '.substr($user['lname'], 0, 1)))?></td>
</tr>
<? if($userlang != "") { ?>
<tr>
<td class="DataTD"><?=_("Language")?>:</td>
<td class="DataTD" align="left"><? printf(_("%s prefers to be contacted in %s"), $user['fname'], L10n::$translations[$userlang]) ?></td>
<td class="DataTD" align="left"><? printf(_("%s prefers to be contacted in %s"), sanitizeHTML($user['fname']), L10n::$translations[$userlang]) ?></td>
</tr>
<? } ?>
<?
$query = "select * from `addlang` where `userid`='".$user['id']."'";
$query = "select * from `addlang` where `userid`='".intval($user['id'])."'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
$lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='${row['lang']}'"));
$lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='".mysql_real_escape_string($row['lang'])."'"));
?>
<tr>
<td class="DataTD"><?=_("Additional Language")?>:</td>
<td class="DataTD" align="left"><? printf(_("%s will also accept email in %s - %s"), $user['fname'], $lang['lang'], $lang['country']) ?></td>
<td class="DataTD" align="left"><? printf(_("%s will also accept email in %s - %s"), sanitizeHTML($user['fname']), sanitizeHTML($lang['lang']), sanitizeHTML($lang['country'])) ?></td>
</tr>
<? } ?>
<tr>
@ -79,7 +78,7 @@
</table>
<input type="hidden" name="pageid" value="<?=$_SESSION['_config']['pagehash']?>">
<input type="hidden" name="userid" value="<?=intval($_REQUEST['userid'])?>">
<input type="hidden" name="oldid" value="<?=$id?>">
<input type="hidden" name="oldid" value="<?=intval($id)?>">
</form>
<p>[ <a href='javascript:history.go(-1)'><?=_("Go Back")?></a> ]</p>
<? } } ?>

Write Preview
Loading…
Cancel
Save