cacert/cacert-webdb
9
0
Fork 0
Code Issues Pull requests 3 Projects Releases 4 Wiki Activity

Fix for https://bugs.cacert.org/view.php?id=894

Browse source 
[problems with check-boxes on website forms (Assure someone)]
This commit is contained in:
Wytze van der Raay 2011-12-12 09:51:45 +00:00
parent 13ad82c68c
commit 944acdadec
2 changed files with 192 additions and 198 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
pages/wot/5.php
View file

@ -20,16 +20,10 @@
<? <?
if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "")
{ {
if(array_key_exists('reminderset',$_SESSION['_config']) && $_SESSION['_config']['remindersent'] == 1) ?><font color="orange" size="+1">
{ <? echo _("ERROR").": ".$_SESSION['_config']['error'] ?>
?><font color="orange" size="+1"><? </font>
} <?unset($_SESSION['_config']['error']);
else
{
?><font color="orange" size="+1"><?=_("ERROR")?>: <?
}
echo $_SESSION['_config']['error']."</font>";
unset($_SESSION['_config']['error']);
} }
?> ?>
<? if(array_key_exists('noemailfound',$_SESSION['_config']) && $_SESSION['_config']['noemailfound'] == 1) { ?> <? if(array_key_exists('noemailfound',$_SESSION['_config']) && $_SESSION['_config']['noemailfound'] == 1) { ?>

326
www/wot.php
View file

@ -16,41 +16,72 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?> */ ?>
<? <?
require_once("../includes/loggedin.php");
loadem("account"); function show_page($target,$message,$error)
{
if(array_key_exists('date',$_POST) && $_POST['date'] != "")
$_SESSION['_config']['date'] = $_POST['date'];
if(array_key_exists('location',$_POST) && $_POST['location'] != "")
$_SESSION['_config']['location'] = $_POST['location'];
$oldid=array_key_exists('oldid',$_REQUEST)?intval($_REQUEST['oldid']):0;
if($oldid == 12)
{
$id = $oldid;
}
if(($id == 5 || $oldid == 5 || $id == 6 || $oldid == 6))
{
if (!is_assurer($_SESSION['profile']['id'])) {
showheader(_("My CAcert.org Account!")); showheader(_("My CAcert.org Account!"));
echo "<p>".get_assurer_reason($_SESSION['profile']['id'])."</p>"; if ($error != "")
$message=_("ERROR").": ".$error;
if ($message != "")
echo "<p><font color='orange' size='+1'>".$message."</font></p>";
switch ($target)
{
case '0':
case 'InfoPage': includeit(0, "wot");
break;
case '1':
case 'ListByCity': includeit(1, "wot");
break;
case '2':
case 'BecomeAssurer': includeit(2, "wot");
break;
case '3':
case 'TrustRules': includeit(3, "wot");
break;
case '4':
case 'ShowTTPInfo': includeit(4, "wot");
break;
case '5';
case 'EnterEmail': includeit(5, "wot");
break;
case '6':
case 'VerifyData': includeit(6, "wot");
break;
// case '7':
// case '???': includeit(7, "wot");
// break;
case '8':
case 'EnterMyInfo': includeit(8, "wot");
break;
case '9':
case 'ContactAssurer': includeit(9, "wot");
break;
case '10':
case 'MyPointsOld': includeit(10, "wot");
break;
// case '11':
// case 'OAInfo': includeit(11, "wot");
// break;
case '12':
case 'SearchAssurer': includeit(12, "wot");
break;
case '13':
case 'EnterMyCity': includeit(13, "wot");
break;
// case '14':
// case 'EnterEmail': includeit(14, "wot");
// break;
case '15':
case 'MyPointsNew': includeit(15, "wot");
break;
}
showfooter(); showfooter();
exit; }
}
}
if($oldid == 6 && intval($_SESSION['_config']['notarise']['id']) <= 0) function send_reminder()
{ {
$oldid=0;
$id = 5;
}
if($oldid == 5 && array_key_exists('reminder',$_POST) && $_POST['reminder'] != "")
{
$body = ""; $body = "";
if($_POST['reminder-lang'] != "" && $_POST['reminder-lang'] != "en_AU") if($_POST['reminder-lang'] != "" && $_POST['reminder-lang'] != "en_AU")
{ {
@ -81,191 +112,159 @@
} }
$_SESSION['_config']['remindersent'] = 1; $_SESSION['_config']['remindersent'] = 1;
$_SESSION['_config']['error'] = _("A reminder notice has been sent."); }
require_once("../includes/loggedin.php");
loadem("account");
if(array_key_exists('date',$_POST) && $_POST['date'] != "")
$_SESSION['_config']['date'] = $_POST['date'];
if(array_key_exists('location',$_POST) && $_POST['location'] != "")
$_SESSION['_config']['location'] = $_POST['location'];
$oldid=array_key_exists('oldid',$_REQUEST)?intval($_REQUEST['oldid']):0;
if($oldid == 12)
$id = $oldid; $id = $oldid;
$oldid=0;
if(($id == 5 || $oldid == 5 || $id == 6 || $oldid == 6))
if (!is_assurer($_SESSION['profile']['id']))
{
show_page ("Exit","",get_assurer_reason($_SESSION['profile']['id']));
exit;
}
if($oldid == 6 && intval($_SESSION['_config']['notarise']['id']) <= 0)
{
show_page ("EnterEmail","",_("Something went wrong. Please enter the email address again"));
exit;
}
if($oldid == 5 && array_key_exists('reminder',$_POST) && $_POST['reminder'] != "")
{
send_reminder();
show_page ("EnterEmail",_("A reminder notice has been sent."),"");
exit;
} }
if($oldid == 5) if($oldid == 5)
{ {
$_SESSION['_config']['noemailfound'] = 0;
$query = "select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' and `deleted`=0"; $query = "select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' and `deleted`=0";
$res = mysql_query($query); $res = mysql_query($query);
if(mysql_num_rows($res) != 1) if(mysql_num_rows($res) != 1)
{ {
$id = $oldid;
$oldid=0;
$_SESSION['_config']['error'] = _("I'm sorry, there was no email matching what you entered in the system. Please double check your information.");
$_SESSION['_config']['noemailfound'] = 1; $_SESSION['_config']['noemailfound'] = 1;
} else { show_page("EnterEmail","",_("I'm sorry, there was no email matching what you entered in the system. Please double check your information."));
exit;
} else
{
$_SESSION['_config']['noemailfound'] = 0;
$_SESSION['_config']['notarise'] = mysql_fetch_assoc($res); $_SESSION['_config']['notarise'] = mysql_fetch_assoc($res);
if ($_SESSION['_config']['notarise']['verified'] == 0)
{
show_page("EnterEmail","",_("User is not yet verified. Please try again in 24 hours!"));
exit;
}
} }
} }
if($oldid == 5 || $oldid == 6) if($oldid == 5 || $oldid == 6)
{ {
$id=6;
// $oldid=0;
if(array_key_exists('cancel',$_REQUEST) && $_REQUEST['cancel'] != "") if(array_key_exists('cancel',$_REQUEST) && $_REQUEST['cancel'] != "")
{ {
header("location: wot.php"); show_page("EnterEmail","","");
exit;
}
if($_SESSION['_config']['notarise']['id'] == $_SESSION['profile']['id'])
{
show_page("EnterEmail","",_("You are never allowed to Assure yourself!"));
exit; exit;
} }
if($_SESSION['_config']['notarise']['id'] == $_SESSION['profile']['id'])
{
$id = 5;
$oldid=0;
$_SESSION['_config']['error'] = _("You are never allowed to Assure yourself!");
}
}
if($oldid == 5 || $oldid == 6)
{
$query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' and $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' and
`to`='".$_SESSION['_config']['notarise']['id']."'"; `to`='".$_SESSION['_config']['notarise']['id']."'";
$_SESSION['_config']['alreadydone'] = 0;
$res = mysql_query($query); $res = mysql_query($query);
if(mysql_num_rows($res) > 0 && $_SESSION['profile']['points'] < 200) if(mysql_num_rows($res) > 0)
{ {
$id = 5; show_page("EnterEmail","",_("You are only allowed to Assure someone once!"));
$oldid=0; exit;
$_SESSION['_config']['error'] = _("You are only allowed to Assure someone once!");
} elseif($oldid == 5) {
$id = 6;
}
if($id == 6 && mysql_num_rows($res) > 0)
{
$_SESSION['_config']['alreadydone'] = 1;
}
unset($_SESSION['_config']['pointsalready']);
if($id == 6 && $_SESSION['profile']['points'] >= 100)
{
$query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`";
$res = mysql_query($query);
$drow = mysql_fetch_assoc($res);
$_SESSION['_config']['pointsalready'] = $drow['total'];
}
unset($_SESSION['_config']['verified']);
if($id == 6 && $_SESSION['profile']['points'] >= 100)
{
$query = "select `verified` from `users` where `id`='".$_SESSION['_config']['notarise']['id']."'";
$res = mysql_query($query);
$drow = mysql_fetch_assoc($res);
$_SESSION['_config']['verified'] = $drow['verified'];
} }
} }
if($oldid == 6) if($oldid == 6)
{ {
if(!array_key_exists('assertion',$_POST) || $_POST['assertion'] != 1 || !array_key_exists('rules',$_POST) || $_POST['rules'] != 1) $iecho= "c";
if(!array_key_exists('assertion',$_POST) || $_POST['assertion'] != 1)
{ {
$id = $oldid; show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
$oldid=6; exit;
$_SESSION['_config']['error'] = _("You failed to check all boxes to validate your adherence to the rules and policies of CAcert");
} }
/* if(!array_key_exists('rules',$_POST) || $_POST['rules'] != 1)
{
show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
exit;
}
*/
if((!array_key_exists('certify',$_POST) || $_POST['certify'] != 1 ) && $_SESSION['profile']['ttpadmin'] != 1) if((!array_key_exists('certify',$_POST) || $_POST['certify'] != 1 ) && $_SESSION['profile']['ttpadmin'] != 1)
{ {
$id = $oldid; show_page("VerifyData","",_("You failed to check all boxes to validate your adherence to the rules and policies of CAcert"));
$oldid=6; exit;
$_SESSION['_config']['error'] = _("You failed to check all boxes to validate your adherence to the rules and policies of CAcert");
}
} }
if($oldid == 6 && $_SESSION['profile']['ttpadmin'] != 1) if($_SESSION['profile']['ttpadmin'] != 1 && $_POST['location'] == "")
{ {
if($_POST['location'] == "") show_page("VerifyData","",_("You failed to enter a location of your meeting."));
{ exit;
$id = $oldid;
$oldid=0;
$_SESSION['_config']['error'] = _("You failed to enter a location of your meeting.");
}
} }
if($oldid == 6) if($_REQUEST['points'] == "")
{ {
show_page("VerifyData","",_("You must enter the number of points you wish to allocate to this person."));
exit;
}
$query = "select * from `users` where `id`='".$_SESSION['_config']['notarise']['id']."'"; $query = "select * from `users` where `id`='".$_SESSION['_config']['notarise']['id']."'";
$res = mysql_query($query); $res = mysql_query($query);
$row = mysql_fetch_assoc($res); $row = mysql_fetch_assoc($res);
$name = $row['fname']." ".$row['mname']." ".$row['lname']." ".$row['suffix']; $name = $row['fname']." ".$row['mname']." ".$row['lname']." ".$row['suffix'];
if($_SESSION['_config']['wothash'] != md5($name."-".$row['dob']) || $_SESSION['_config']['wothash'] != $_REQUEST['pagehash']) if($_SESSION['_config']['wothash'] != md5($name."-".$row['dob']) || $_SESSION['_config']['wothash'] != $_REQUEST['pagehash'])
{ {
$id = $oldid; show_page("VerifyData","",_("Race condition discovered, user altered details during assurance procedure. PLEASE MAKE SURE THE NEW DETAILS BELOW MATCH THE ID DOCUMENTS."));
$oldid=0; exit;
$_SESSION['_config']['error'] = _("Race condition discovered, user altered details during assurance procedure. PLEASE MAKE SURE THE NEW DETAILS BELOW MATCH THE ID DOCUMENTS.");
} }
} }
if($oldid == 6 && $_REQUEST['points'] == "")
{
$id = $oldid;
$oldid=0;
$_SESSION['_config']['error'] = _("You must enter the number of points you wish to allocate to this person.");
}
if($oldid == 6) if($oldid == 6)
{ {
$max = maxpoints(); $max = maxpoints();
if (intval($_POST['points']) > $max) {
$awarded = $newpoints = $max;
} elseif (intval($_POST['points']) < 0) {
$awarded = $newpoints = 0;
} else {
$awarded = $newpoints = intval($_POST['points']); $awarded = $newpoints = intval($_POST['points']);
} if($newpoints > $max)
$newpoints = $awarded = $max;
if($newpoints < 0)
$newpoints = $awarded = 0;
$query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`"; $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`";
$res = mysql_query($query); $res = mysql_query($query);
$drow = mysql_fetch_assoc($res); $drow = mysql_fetch_assoc($res);
if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0 && $drow['total'] > 150)
{
showheader(_("My CAcert.org Account!"));
echo "<p>"._("You tried to give a temporary points increase to someone that already has more then 150 points. Can't continue.")."</p>";
showfooter();
exit;
}
if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0 && intval($_POST['sponsor']) <= 0)
{
showheader(_("My CAcert.org Account!"));
echo "<p>"._("You didn't list a valid sponsor for this action.")."</p>";
showfooter();
exit;
}
if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0 && intval($_POST['sponsor']) > 0)
{
$resc = mysql_query("select * from `users` where `id`='".intval($_POST['sponsor'])."' and `board`='1'");
$rc = mysql_num_rows($resc);
$sponsor = mysql_fetch_assoc($resc);
if($rc <= 0)
{
showheader(_("My CAcert.org Account!"));
echo "<p>"._("You listed an invalid sponsor for this action.")."</p>";
showfooter();
exit;
}
}
if($_SESSION['profile']['board'] == 1 && intval($_POST['expire']) > 0)
{
$_POST['method'] = "Administrative Increase";
$newpoints = 200 - $drow['total'];
if(intval($_POST['expire']) > 45)
$_POST['expire'] = 45;
if(intval($_POST['expire']) <= 7)
$_POST['expire'] = 7;
} else {
$_POST['expire'] = 0; $_POST['expire'] = 0;
if(($drow['total'] + $newpoints) > 100 && $max < 100) if(($drow['total'] + $newpoints) > 100 && $max < 100)
$newpoints = 100 - $drow['total']; $newpoints = 100 - $drow['total'];
if(($drow['total'] + $newpoints) > $max && $max >= 100) if(($drow['total'] + $newpoints) > $max && $max >= 100)
$newpoints = $max - $drow['total']; $newpoints = $max - $drow['total'];
if($newpoints < 0) if($newpoints < 0)
$newpoints = 0; $newpoints = 0;
}
if(mysql_escape_string(stripslashes($_POST['date'])) == "") if(mysql_escape_string(stripslashes($_POST['date'])) == "")
$_POST['date'] = date("Y-m-d H:i:s"); $_POST['date'] = date("Y-m-d H:i:s");
@ -278,9 +277,8 @@
$res = mysql_query($query); $res = mysql_query($query);
if(mysql_num_rows($res) > 0) if(mysql_num_rows($res) > 0)
{ {
$id = $oldid; show_page("VerifyEmail","",_("Identical Assurance attempted, will not continue."));
$oldid=0; exit;
$_SESSION['_config']['error'] = _("Identical Assurance attempted, will not continue.");
} }
} }
@ -443,7 +441,8 @@
{ {
$oldid=0; $oldid=0;
$id = 9; $id = 9;
$error = _("It looks like you were trying to contact multiple people, this isn't allowed due to data security reasons."); show_page("ContactAssurer","",_("It looks like you were trying to contact multiple people, this isn't allowed due to data security reasons."));
exit;
} else { } else {
$body = $_REQUEST['message']; $body = $_REQUEST['message'];
$subject = $_REQUEST['subject']; $subject = $_REQUEST['subject'];
@ -455,25 +454,26 @@
{ {
sendmail($user['email'], "[CAcert.org] ".$_REQUEST['subject'], $_REQUEST['message'], sendmail($user['email'], "[CAcert.org] ".$_REQUEST['subject'], $_REQUEST['message'],
$_SESSION['profile']['email'], "", "", $_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']); $_SESSION['profile']['email'], "", "", $_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']);
showheader(_("My CAcert.org Account!")); show_page("ContactAssurer",_("Your email has been sent to")." ".$user['fname'].".<br />[ <a href='javascript:history.go(-2)'>"._("Go Back")."</a> ]","");
echo "<p>"._("Your email has been sent to")." ".$user['fname'].".</p>";
echo "<p>[ <a href='javascript:history.go(-2)'>Go Back</a> ]</p>\n";
showfooter();
exit; exit;
} else { } else {
showheader(_("My CAcert.org Account!")); show_page(0,"",_("Sorry, I was unable to locate that user."));
echo _("Sorry, I was unable to locate that user.");
showfooter();
exit; exit;
} }
} }
} elseif($oldid == 9) { }
if($oldid == 9)
{
$oldid=0; $oldid=0;
$error = _("There was an error and I couldn't proceed");
$id = 9; $id = 9;
show_page("ContactAssurer","",_("There was an error and I couldn't proceed"));
exit;
} }
showheader(_("My CAcert.org Account!")); // showheader(_("My CAcert.org Account!"));
includeit($id, "wot"); // echo "ID now = ".$id."/".$oldid.">>".$iecho;
showfooter(); // includeit($id, "wot");
// showfooter();
show_page ($id,"","");
?> ?>