|
|
|
|
@ -41,14 +41,26 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
|
|
|
|
|
//if(!strstr($email, "%"))
|
|
|
|
|
// $emailsearch = "%$email%";
|
|
|
|
|
|
|
|
|
|
if(intval($email) > 0)
|
|
|
|
|
$emailsearch = "";
|
|
|
|
|
|
|
|
|
|
$query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email`
|
|
|
|
|
where `users`.`id`=`email`.`memid` and
|
|
|
|
|
(`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and
|
|
|
|
|
`email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0
|
|
|
|
|
group by `users`.`id` limit 100";
|
|
|
|
|
// bug-975 ted+uli changes --- begin
|
|
|
|
|
if(preg_match("/^[0-9]+$/", $email)) {
|
|
|
|
|
// $email consists of digits only ==> search for IDs
|
|
|
|
|
// Be defensive here (outer join) if primary mail is not listed in email table
|
|
|
|
|
$query = "select `users`.`id` as `id`, `email`.`email` as `email`
|
|
|
|
|
from `users` left outer join `email` on (`users`.`id`=`email`.`memid`)
|
|
|
|
|
where (`email`.`id`='$email' or `users`.`id`='$email')
|
|
|
|
|
and `users`.`deleted`=0
|
|
|
|
|
group by `users`.`id` limit 100";
|
|
|
|
|
} else {
|
|
|
|
|
// $email contains non-digits ==> search for mail addresses
|
|
|
|
|
// Be defensive here (outer join) if primary mail is not listed in email table
|
|
|
|
|
$query = "select `users`.`id` as `id`, `email`.`email` as `email`
|
|
|
|
|
from `users` left outer join `email` on (`users`.`id`=`email`.`memid`)
|
|
|
|
|
where (`email`.`email` like '$emailsearch'
|
|
|
|
|
or `users`.`email` like '$emailsearch')
|
|
|
|
|
and `users`.`deleted`=0
|
|
|
|
|
group by `users`.`id` limit 100";
|
|
|
|
|
}
|
|
|
|
|
// bug-975 ted+uli changes --- end
|
|
|
|
|
$res = mysql_query($query);
|
|
|
|
|
if(mysql_num_rows($res) > 1) { ?>
|
|
|
|
|
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
|
|
|
|
|
@ -141,7 +153,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
|
|
|
|
|
{
|
|
|
|
|
echo "<option";
|
|
|
|
|
if($day == $i)
|
|
|
|
|
echo " selected='selected'";
|
|
|
|
|
echo " selected='selected'";
|
|
|
|
|
echo ">$i</option>";
|
|
|
|
|
}
|
|
|
|
|
?>
|
|
|
|
|
@ -320,6 +332,158 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
|
|
|
|
|
</table>
|
|
|
|
|
<br>
|
|
|
|
|
<? } ?>
|
|
|
|
|
<? // Begin - Debug infos ?>
|
|
|
|
|
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
|
|
|
|
|
<tr>
|
|
|
|
|
<td colspan="2" class="title"><?=_("Account State")?></td>
|
|
|
|
|
</tr>
|
|
|
|
|
|
|
|
|
|
<?
|
|
|
|
|
// --- bug-975 begin ---
|
|
|
|
|
// potential db inconsistency like in a20110804.1
|
|
|
|
|
// Admin console -> don't list user account
|
|
|
|
|
// User login -> impossible
|
|
|
|
|
// Assurer, assure someone -> user displayed
|
|
|
|
|
/* regular user account search with regular settings
|
|
|
|
|
|
|
|
|
|
--- Admin Console find user query
|
|
|
|
|
$query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email`
|
|
|
|
|
where `users`.`id`=`email`.`memid` and
|
|
|
|
|
(`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and
|
|
|
|
|
`email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0
|
|
|
|
|
group by `users`.`id` limit 100";
|
|
|
|
|
=> requirements
|
|
|
|
|
1. email.hash = ''
|
|
|
|
|
2. email.deleted = 0
|
|
|
|
|
3. users.deleted = 0
|
|
|
|
|
4. email.email = primary-email (???) or'd
|
|
|
|
|
not covered by admin console find user routine, but may block users login
|
|
|
|
|
5. users.verified = 0|1
|
|
|
|
|
further "special settings"
|
|
|
|
|
6. users.locked (setting displayed in display form)
|
|
|
|
|
7. users.assurer_blocked (setting displayed in display form)
|
|
|
|
|
|
|
|
|
|
--- User login user query
|
|
|
|
|
select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
|
|
|
|
|
`password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0
|
|
|
|
|
=> requirements
|
|
|
|
|
1. users.verified = 1
|
|
|
|
|
2. users.deleted = 0
|
|
|
|
|
3. users.locked = 0
|
|
|
|
|
4. users.email = primary-email
|
|
|
|
|
|
|
|
|
|
--- Assurer, assure someone find user query
|
|
|
|
|
select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."'
|
|
|
|
|
and `deleted`=0
|
|
|
|
|
=> requirements
|
|
|
|
|
1. users.deleted = 0
|
|
|
|
|
2. users.email = primary-email
|
|
|
|
|
Admin User Assurer
|
|
|
|
|
bit Console Login assure someone
|
|
|
|
|
|
|
|
|
|
1. email.hash = '' Yes No No
|
|
|
|
|
2. email.deleted = 0 Yes No No
|
|
|
|
|
3. users.deleted = 0 Yes Yes Yes
|
|
|
|
|
4. users.verified = 1 No Yes No
|
|
|
|
|
5. users.locked = 0 No Yes No
|
|
|
|
|
6. users.email = prim-email No Yes Yes
|
|
|
|
|
7. email.email = prim-email Yes No No
|
|
|
|
|
|
|
|
|
|
full usable account needs all 7 requirements fulfilled
|
|
|
|
|
so if one setting isn't set/cleared there is an inconsistency either way
|
|
|
|
|
if eg email.email is not avail, admin console cannot open user info
|
|
|
|
|
but user can login and assurer can display user info
|
|
|
|
|
if user verified is not set to 1, admin console displays user record
|
|
|
|
|
but user cannot login, but assurer can search for the user and the data displays
|
|
|
|
|
|
|
|
|
|
consistency check:
|
|
|
|
|
1. search primary-email in users.email
|
|
|
|
|
2. search primary-email in email.email
|
|
|
|
|
3. userid = email.memid
|
|
|
|
|
4. check settings from table 1. - 5.
|
|
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
$inconsistency = 0;
|
|
|
|
|
$inconsistencydisp = "";
|
|
|
|
|
$inccause = "";
|
|
|
|
|
// current userid intval($row['id'])
|
|
|
|
|
$query = "select `email` as `uemail`, `deleted` as `udeleted`, `verified`, `locked`
|
|
|
|
|
from `users` where `id`='".intval($row['id'])."' ";
|
|
|
|
|
$dres = mysql_query($query);
|
|
|
|
|
$drow = mysql_fetch_assoc($dres);
|
|
|
|
|
$uemail = $drow['uemail'];
|
|
|
|
|
$udeleted = $drow['udeleted'];
|
|
|
|
|
$uverified = $drow['verified'];
|
|
|
|
|
$ulocked = $drow['locked'];
|
|
|
|
|
|
|
|
|
|
$query = "select `hash`, `email` as `eemail` from `email`
|
|
|
|
|
where `memid`='".intval($row['id'])."' and
|
|
|
|
|
`email` ='".$uemail."' and
|
|
|
|
|
`deleted` = 0";
|
|
|
|
|
$dres = mysql_query($query);
|
|
|
|
|
if ($drow = mysql_fetch_assoc($dres)) {
|
|
|
|
|
$drow['edeleted'] = 0;
|
|
|
|
|
} else {
|
|
|
|
|
// try if there are deleted entries
|
|
|
|
|
$query = "select `hash`, `deleted` as `edeleted`, `email` as `eemail` from `email`
|
|
|
|
|
where `memid`='".intval($row['id'])."' and
|
|
|
|
|
`email` ='".$uemail."'";
|
|
|
|
|
$dres = mysql_query($query);
|
|
|
|
|
$drow = mysql_fetch_assoc($dres);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($drow) {
|
|
|
|
|
$eemail = $drow['eemail'];
|
|
|
|
|
$edeleted = $drow['edeleted'];
|
|
|
|
|
$ehash = $drow['hash'];
|
|
|
|
|
if ($udeleted!=0) {
|
|
|
|
|
$inconsistency += 1;
|
|
|
|
|
$inccause .= (empty($inccause)?"":"<br>")._("Users record set to deleted");
|
|
|
|
|
}
|
|
|
|
|
if ($uverified!=1) {
|
|
|
|
|
$inconsistency += 2;
|
|
|
|
|
$inccause .= (empty($inccause)?"":"<br>")._("Users record verified not set");
|
|
|
|
|
}
|
|
|
|
|
if ($ulocked!=0) {
|
|
|
|
|
$inconsistency += 4;
|
|
|
|
|
$inccause .= (empty($inccause)?"":"<br>")._("Users record locked set");
|
|
|
|
|
}
|
|
|
|
|
if ($edeleted!=0) {
|
|
|
|
|
$inconsistency += 8;
|
|
|
|
|
$inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted");
|
|
|
|
|
}
|
|
|
|
|
if ($ehash!='') {
|
|
|
|
|
$inconsistency += 16;
|
|
|
|
|
$inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset");
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
$inconsistency = 32;
|
|
|
|
|
$inccause = _("Prim. email, Email record doesn't exist");
|
|
|
|
|
}
|
|
|
|
|
if ($inconsistency>0) {
|
|
|
|
|
// $inconsistencydisp = _("Yes");
|
|
|
|
|
?>
|
|
|
|
|
<tr>
|
|
|
|
|
<td class="DataTD"><?=_("Account inconsistency")?>:</td>
|
|
|
|
|
<td class="DataTD"><?=$inccause?><br>code: <?=$inconsistency?></td>
|
|
|
|
|
</tr>
|
|
|
|
|
<tr>
|
|
|
|
|
<td colspan="2" class="DataTD" style="max-width: 75ex">
|
|
|
|
|
<?=_("Account inconsistency can cause problems in daily account ".
|
|
|
|
|
"operations and needs to be fixed manually through arbitration/critical ".
|
|
|
|
|
"team.")?>
|
|
|
|
|
</td>
|
|
|
|
|
</tr>
|
|
|
|
|
<? }
|
|
|
|
|
|
|
|
|
|
// --- bug-975 end ---
|
|
|
|
|
?>
|
|
|
|
|
</table>
|
|
|
|
|
<br>
|
|
|
|
|
<?
|
|
|
|
|
// End - Debug infos
|
|
|
|
|
?>
|
|
|
|
|
|
|
|
|
|
<a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredto"><?=_("Show Assurances the user got")?></a>
|
|
|
|
|
(<a href="account.php?id=43&userid=<?=$row['id']?>&shownotary=assuredto15"><?=_("New calculation")?></a>)
|
|
|
|
|
|
Wytze van der Raay
13 years ago