cacert
/
cacert-webdb
8
0
Fork 0
Code Issues Pull Requests 5 Projects Releases Wiki Activity

Improved register_globals

Browse Source
pull/1/head
root 16 years ago
parent 062798f19e
commit ad9d3e8c1d
29 changed files with 169 additions and 169 deletions
Show Stats Download Patch File Download Diff File

2
pages/account/12.php
Unescape Escape View File

@ -19,7 +19,7 @@
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="5" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=12&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
<td colspan="5" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=12&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>

2
pages/account/17.php
Unescape Escape View File

@ -15,7 +15,7 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
<? if(strstr($_SESSION[_config][agent], "MSIE")) { ?>
<? if(strstr($_SESSION['_config']['agent'], "MSIE")) { ?>
<object classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" codebase="/xenroll.cab#Version=5,131,3659,0" id="cec">
<?=_("You must enable ActiveX for this to work.")?>
</object>

4
pages/account/18.php
Unescape Escape View File

@ -19,7 +19,7 @@
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="5" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=18&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
<td colspan="5" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=18&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
@ -35,7 +35,7 @@
`expire` as `expires`, `revoked` as `revoke`,
UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `id`
from `orgemailcerts`, `org`
where `memid`='".$_SESSION['profile']['id']."' and
where `memid`='".intval($_SESSION['profile']['id'])."' and
`org`.`orgid`=`orgemailcerts`.`orgid` ";
if($viewall != 1)
{

4
pages/account/2.php
Unescape Escape View File

@ -27,7 +27,7 @@
<td class="DataTD"><?=_("Address")?></td>
<?
$query = "select * from `email` where `memid`='".$_SESSION['profile']['id']."' and `deleted`=0";
$query = "select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
@ -45,7 +45,7 @@
<? } else { ?>
<td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td>
<? } ?>
<td class="DataTD"><?=$row['email']?></td>
<td class="DataTD"><?=sanitizeHTML($row['email'])?></td>
</tr>
<? } ?>
<tr>

4
pages/account/22.php
Unescape Escape View File

@ -19,7 +19,7 @@
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="5" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=22&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
<td colspan="5" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=22&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
@ -35,7 +35,7 @@
`orgdomaincerts`.`expire` as `expires`, `revoked` as `revoke`,
UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `orgdomaincerts`.`id` as `id`
from `orgdomaincerts`,`org`
where `org`.`memid`='".$_SESSION['profile']['id']."' and `orgdomaincerts`.`orgid`=`org`.`orgid` ";
where `org`.`memid`='".intval($_SESSION['profile']['id'])."' and `orgdomaincerts`.`orgid`=`org`.`orgid` ";
if($viewall != 1)
{
$query .= "AND `revoked`=0 AND `renewed`=0 ";

14
pages/account/25.php
Unescape Escape View File

@ -31,17 +31,17 @@
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
$r2 = mysql_query("select * from `org` where `orgid`='$row[id]'");
$r2 = mysql_query("select * from `org` where `orgid`='".intval($row['id'])."'");
$admincount = mysql_num_rows($r2);
$r2 = mysql_query("select * from `orgdomains` where `orgid`='$row[id]'");
$r2 = mysql_query("select * from `orgdomains` where `orgid`='".intval($row['id'])."'");
$domcount = mysql_num_rows($r2);
?>
<tr>
<td class="DataTD"><?=$row[O]?>, <?=$row[ST]?> <?=$row[C]?></td>
<td class="DataTD"><a href="account.php?id=26&orgid=<?=$row[id]?>"><?=_("Domains")?> (<?=$domcount?>)</a></td>
<td class="DataTD"><a href="account.php?id=32&orgid=<?=$row[id]?>"><?=_("Admins")?> (<?=$admincount?>)</a></td>
<td class="DataTD"><a href="account.php?id=27&orgid=<?=$row[id]?>"><?=_("Edit")?></a></td>
<td class="DataTD"><a href="account.php?id=31&orgid=<?=$row[id]?>"><?=_("Delete")?></a></td>
<td class="DataTD"><?=sanitizeHTML($row['O'])?>, <?=sanitizeHTML($row['ST'])?> <?=sanitizeHTML($row['C'])?></td>
<td class="DataTD"><a href="account.php?id=26&amp;orgid=<?=$row['id']?>"><?=_("Domains")?> (<?=$domcount?>)</a></td>
<td class="DataTD"><a href="account.php?id=32&amp;orgid=<?=$row['id']?>"><?=_("Admins")?> (<?=$admincount?>)</a></td>
<td class="DataTD"><a href="account.php?id=27&amp;orgid=<?=$row['id']?>"><?=_("Edit")?></a></td>
<td class="DataTD"><a href="account.php?id=31&amp;orgid=<?=$row['id']?>"><?=_("Delete")?></a></td>
</tr>
<? } ?>
</table>

8
pages/account/26.php
Unescape Escape View File

@ -21,7 +21,7 @@
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400">
<tr>
<td colspan="3" class="title"><? printf(_("%s's Domains"), $row[O]); ?> (<a href="account.php?id=28&amp;orgid=<?=$row['id']?>"><?=_("Add")?></a>)</td>
<td colspan="3" class="title"><? printf(_("%s's Domains"), $row[O]); ?> (<a href="account.php?id=28&amp;orgid=<?=intval($row['id'])?>"><?=_("Add")?></a>)</td>
</tr>
<tr>
<td class="DataTD"><?=_("Domain")?></td>
@ -34,9 +34,9 @@
while($row = mysql_fetch_assoc($res))
{ ?>
<tr>
<td class="DataTD"><?=$row[domain]?></a></td>
<td class="DataTD"><a href="account.php?id=29&amp;orgid=<?=$row[orgid]?>&amp;domid=<?=$row[id]?>"><?=_("Edit")?></a></td>
<td class="DataTD"><a href="account.php?id=30&amp;orgid=<?=$row[orgid]?>&amp;domid=<?=$row[id]?>"><?=_("Delete")?></a></td>
<td class="DataTD"><?=sanitizeHTML($row['domain'])?></a></td>
<td class="DataTD"><a href="account.php?id=29&amp;orgid=<?=intval($row['orgid'])?>&amp;domid=<?=intval($row['id'])?>"><?=_("Edit")?></a></td>
<td class="DataTD"><a href="account.php?id=30&amp;orgid=<?=intval($row['orgid'])?>&amp;domid=<?=intval($row['id'])?>"><?=_("Delete")?></a></td>
</tr>
<? } ?>
</table>

14
pages/account/27.php
Unescape Escape View File

@ -16,7 +16,7 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
<?
$row = mysql_fetch_assoc(mysql_query("select * from `orginfo` where `id`='".intval($_REQUEST[orgid])."'"));
$row = mysql_fetch_assoc(mysql_query("select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'"));
?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
@ -25,27 +25,27 @@
</tr>
<tr>
<td class="DataTD"><?=_("Organisation Name")?>:</td>
<td class="DataTD"><input type="text" name="O" value="<?=$row[O]?>"></td>
<td class="DataTD"><input type="text" name="O" value="<?=sanitizeHTML($row['O'])?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Contact Email")?>:</td>
<td class="DataTD"><input type="text" name="contact" value="<?=$row[contact]?>"></td>
<td class="DataTD"><input type="text" name="contact" value="<?=sanitizeHTML($row['contact'])?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Town/Suburb")?>:</td>
<td class="DataTD"><input type="text" name="L" value="<?=$row[L]?>"></td>
<td class="DataTD"><input type="text" name="L" value="<?=sanitizeHTML($row['L'])?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("State/Province")?>:</td>
<td class="DataTD"><input type="text" name="ST" value="<?=$row[ST]?>"></td>
<td class="DataTD"><input type="text" name="ST" value="<?=sanitizeHTML($row['ST'])?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Country")?>:</td>
<td class="DataTD"><input type="text" name="C" value="<?=$row[C]?>"></td>
<td class="DataTD"><input type="text" name="C" value="<?=sanitizeHTML($row['C'])?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Comments")?>:</td>
<td class="DataTD"><textarea name="comments" cols=15 rows=5><?=$row[comments]?></textarea></td>
<td class="DataTD"><textarea name="comments" cols=15 rows=5><?=sanitizeHTML($row['comments'])?></textarea></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td>

4
pages/account/28.php
Unescape Escape View File

@ -22,7 +22,7 @@
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><? printf(_("New Domain for %s"), $row[O]); ?></td>
<td colspan="2" class="title"><? printf(_("New Domain for %s"), sanitizeHTML($row['O'])); ?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Domain")?>:</td>
@ -32,7 +32,7 @@
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Add")?>"></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>">
<input type="hidden" name="oldid" value="<?=intval($id)?>">
<input type="hidden" name="orgid" value="<?=intval($_REQUEST['orgid'])?>">
</form>

6
pages/account/29.php
Unescape Escape View File

@ -21,18 +21,18 @@
$query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'";
$org = mysql_fetch_assoc(mysql_query($query));
$_SESSION[_config][domain] = $row[domain];
$_SESSION['_config']['domain'] = $row['domain'];
?>
<h3><?=_("Warning!")?></h3>
<p><?=_("Hitting update will also revoke all existing certificates issued under this domain")?></p>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><? printf(_("Update Domain for %s"), $org[O]); ?></td>
<td colspan="2" class="title"><? printf(_("Update Domain for %s"), sanitizeHTML($org['O'])); ?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Domain")?>:</td>
<td class="DataTD"><input type="text" name="domainname" value="<?=$_SESSION[_config][domain]?>"></td>
<td class="DataTD"><input type="text" name="domainname" value="<?=sanitizeHTML($_SESSION['_config']['domain'])?>"></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td>

6
pages/account/3.php
Unescape Escape View File

@ -36,13 +36,13 @@
<td class="DataTD"><?=_("Address")?></td>
<?
$query = "select * from `email` where `memid`='".$_SESSION['profile']['id']."' and `deleted`=0 and `hash`=''";
$query = "select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 and `hash`=''";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{ ?>
<tr>
<td class="DataTD"><input type="checkbox" name="addid[]" value="<?=$row['id']?>"></td>
<td class="DataTD"><?=$row['email']?></td>
<td class="DataTD"><input type="checkbox" name="addid[]" value="<?=intval($row['id'])?>"></td>
<td class="DataTD"><?=sanitizeHTML($row['email'])?></td>
</tr>
<? }
if($_SESSION['profile']['points'] >= 50)

14
pages/account/30.php
Unescape Escape View File

@ -16,22 +16,22 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
<?
$query = "select * from `orgdomains` where `id`='".intval($_REQUEST[domid])."'";
$query = "select * from `orgdomains` where `id`='".intval($_REQUEST['domid'])."'";
$row = mysql_fetch_assoc(mysql_query($query));
$query = "select * from `orginfo` where `id`='".intval($_REQUEST[orgid])."'";
$query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'";
$org = mysql_fetch_assoc(mysql_query($query));
$_SESSION[_config][domain] = $row[domain];
$_SESSION['_config']['domain'] = $row['domain'];
?>
<h3><?=_("Warning!")?></h3>
<p><?=_("Hitting delete will also revoke all existing certificates issued under this domain")?></p>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><? printf(_("Delete Domain for %s"), $org[O]); ?></td>
<td colspan="2" class="title"><? printf(_("Delete Domain for %s"), sanitizeHTML($org['O'])); ?></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><? printf(_("Are you really sure you want to remove %s and all certificates issued under this domain?"), $row[domain]); ?></td>
<td class="DataTD" colspan="2"><? printf(_("Are you really sure you want to remove %s and all certificates issued under this domain?"), sanitizeHTML($row['domain'])); ?></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Cancel")?>">
@ -39,7 +39,7 @@
</tr>
</table>
<input type="hidden" name="oldid" value="<?=intval($id)?>">
<input type="hidden" name="orgid" value="<?=intval($_REQUEST[orgid])?>">
<input type="hidden" name="domain" value="<?=$row[domain]?>">
<input type="hidden" name="orgid" value="<?=intval($_REQUEST['orgid'])?>">
<input type="hidden" name="domain" value="<?=sanitizeHTML($row['domain'])?>">
</form>

10
pages/account/31.php
Unescape Escape View File

@ -16,18 +16,18 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
<?
$query = "select * from `orginfo` where `id`='".intval($_REQUEST[orgid])."'";
$query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'";
$org = mysql_fetch_assoc(mysql_query($query));
$_SESSION[_config][domain] = $row[domain];
$_SESSION['_config']['domain'] = $row['domain'];
?>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><? printf(_("Delete Organisation"), $org[O]); ?></td>
<td colspan="2" class="title"><? printf(_("Delete Organisation"), sanitizeHTML($org['O'])); ?></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><? printf(_("Are you really sure you want to remove %s and all certificates issued under this organisation?"), $row[O]); ?></td>
<td class="DataTD" colspan="2"><? printf(_("Are you really sure you want to remove %s and all certificates issued under this organisation?"), sanitizeHTML($row['O'])); ?></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Cancel")?>">
@ -35,6 +35,6 @@
</tr>
</table>
<input type="hidden" name="oldid" value="<?=intval($id)?>">
<input type="hidden" name="orgid" value="<?=intval($_REQUEST[orgid])?>">
<input type="hidden" name="orgid" value="<?=intval($_REQUEST['orgid'])?>">
</form>

12
pages/account/32.php
Unescape Escape View File

@ -35,14 +35,14 @@
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='${row['memid']}'"));
$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($row['memid'])."'"));
?>
<tr>
<td class="DataTD"><a href='mailto:<?=$user['email']?>'><?=$user['fname']?> <?=$user['lname']?></a></td>
<td class="DataTD"><?=$row['masteracc']?></a></td>
<td class="DataTD"><?=$row['OU']?></a></td>
<td class="DataTD"><?=$row['comments']?></a></td>
<? if($row[masteracc] == 0 || $_SESSION['profile']['orgadmin'] == 1) { ?>
<td class="DataTD"><a href='mailto:<?=$user['email']?>'><?=sanitizeHTML($user['fname'])?> <?=sanitizeHTML($user['lname'])?></a></td>
<td class="DataTD"><?=sanitizeHTML($row['masteracc'])?></a></td>
<td class="DataTD"><?=sanitizeHTML($row['OU'])?></a></td>
<td class="DataTD"><?=sanitizeHTML($row['comments'])?></a></td>
<? if($row['masteracc'] == 0 || $_SESSION['profile']['orgadmin'] == 1) { ?>
<td class="DataTD"><a href="account.php?id=34&amp;orgid=<?=$row['orgid']?>&amp;memid=<?=$row['memid']?>"><?=_("Delete")?></a></td>
<? } else { ?>
<td class="DataTD">N/A</td>

8
pages/account/33.php
Unescape Escape View File

@ -23,7 +23,7 @@
<input type="hidden" name="orgid" value="<?=intval($_REQUEST['orgid'])?>">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><? printf(_("New Admin for %s"), $row[O]); ?></td>
<td colspan="2" class="title"><? printf(_("New Admin for %s"), sanitizeHTML($row['O'])); ?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Email")?>:</td>
@ -31,20 +31,20 @@
</tr>
<tr>
<td class="DataTD"><?=_("Department")?>:</td>
<td class="DataTD"><input type="text" name="OU" value="<?=$_SESSION['_config']['OU']?>"></td>
<td class="DataTD"><input type="text" name="OU" value="<?=sanitizeHTML($_SESSION['_config']['OU'])?>"></td>
</tr>
<? if($_SESSION['profile']['orgadmin'] == 1) { ?>
<tr>
<td class="DataTD"><?=_("Master Account")?>:</td>
<td class="DataTD"><select name="masteracc">
<option value="0">No</option>
<option value="1"<? if($_SESSION['_config']['masteracc'] == 1) echo " selected"; ?>>Yes</option>
<option value="1"<? if($_SESSION['_config']['masteracc'] == 1) echo " selected='selected'"; ?>>Yes</option>
</select></td>
</tr>
<? } ?>
<tr>
<td class="DataTD"><?=_("Comments")?>:</td>
<td class="DataTD"><input type="text" name="comments" value="<?=$_SESSION['_config']['comments']?>"></td>
<td class="DataTD"><input type="text" name="comments" value="<?=sanitizeHTML($_SESSION['_config']['comments'])?>"></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Add")?>"></td>

4
pages/account/34.php
Unescape Escape View File

@ -29,10 +29,10 @@
<input type="hidden" name="memid" value="<?=intval($_REQUEST['memid'])?>">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><? printf(_("Delete Admin for %s"), $org['O']); ?></td>
<td colspan="2" class="title"><? printf(_("Delete Admin for %s"), sanitizeHTML($org['O'])); ?></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><? printf(_("Are you really sure you want to remove %s from administering this organisation?"), $user['fname']." ".$user['lname']); ?></td>
<td class="DataTD" colspan="2"><? printf(_("Are you really sure you want to remove %s from administering this organisation?"), sanitizeHTML($user['fname'])." ".sanitizeHTML($user['lname'])); ?></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Cancel")?>">

18
pages/account/35.php
Unescape Escape View File

@ -25,34 +25,34 @@
<td class="DataTD"><?=_("Admins")?></td>
</tr>
<?
$query = "select * from `orginfo`,`org` where `orginfo`.`id`=`org`.`orgid` and `org`.`memid`='".$_SESSION[profile][id]."'";
$query = "select * from `orginfo`,`org` where `orginfo`.`id`=`org`.`orgid` and `org`.`memid`='".intval($_SESSION['profile']['id'])."'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
//number of admins for the org
$r2 = mysql_query("select * from `org` where `orgid`='$row[id]'");
$r2 = mysql_query("select * from `org` where `orgid`='".intval($row['id'])."'");
$admincount = mysql_num_rows($r2);
// number of domains for the org
$r2 = mysql_query("select * from `orgdomains` where `orgid`='$row[id]'");
$r2 = mysql_query("select * from `orgdomains` where `orgid`='".intval($row['id'])."'");
$domcount = mysql_num_rows($r2);
?>
<tr>
<td class="DataTD"><?=$row['id']?></td>
<td class="DataTD"><?=$row['O']?>, <?=$row['ST']?> <?=$row['C']?></td>
<td class="DataTD"><a href="account.php?id=32&orgid=<?=$row[id]?>"><?=_("Admins")?> (<?=$admincount?>)</a></td>
<td class="DataTD"><?=intval($row['id'])?></td>
<td class="DataTD"><?=sanitizeHTML($row['O'])?>, <?=sanitizeHTML($row['ST'])?> <?=sanitizeHTML($row['C'])?></td>
<td class="DataTD"><a href="account.php?id=32&amp;orgid=<?=$row['id']?>"><?=_("Admins")?> (<?=$admincount?>)</a></td>
</tr>
<?
// display the domains of each organisation
$query3 = "select * from `orgdomains` where `orgid`='$row[id]'";
$query3 = "select * from `orgdomains` where `orgid`='".intval($row['id'])."'";
$res3 = mysql_query($query3);
while($detailorg = mysql_fetch_assoc($res3))
{
?>
<tr>
<td class="DataTD"><?=$detailorg['id']?></td>
<td class="DataTD"><?=intval($detailorg['id'])?></td>
<td class="DataTD"><?=_("Domain available")?></td>
<td class="DataTD"><?=$detailorg['domain']?></td>
<td class="DataTD"><?=sanitizeHTML($detailorg['domain'])?></td>
</tr>
<? } } ?>
</table>

8
pages/account/36.php
Unescape Escape View File

@ -22,10 +22,10 @@
</tr>
<tr>
<td class="DataTD" valign="top"><b><?=_("Alert me if")?></b>: </td>
<td class="DataTD" align="left"><input type="checkbox" name="general" value="1"<? if($_REQUEST['general']) echo " checked"; ?>><?=_("General Announcements")?><br>
<input type="checkbox" name="country" value="1"<? if($_REQUEST['country']) echo " checked"; ?>><?=_("Country Announcements")?><br>
<input type="checkbox" name="regional" value="1"<? if($_REQUEST['regional']) echo " checked"; ?>><?=_("Regional Announcements")?><br>
<input type="checkbox" name="radius" value="1"<? if($_REQUEST['radius']) echo " checked"; ?>><?=_("Within 200km Announcements")?></td>
<td class="DataTD" align="left"><input type="checkbox" name="general" value="1"<? if($_REQUEST['general']) echo " checked='checked'"; ?>><?=_("General Announcements")?><br>
<input type="checkbox" name="country" value="1"<? if($_REQUEST['country']) echo " checked='checked'"; ?>><?=_("Country Announcements")?><br>
<input type="checkbox" name="regional" value="1"<? if($_REQUEST['regional']) echo " checked='checked'"; ?>><?=_("Regional Announcements")?><br>
<input type="checkbox" name="radius" value="1"<? if($_REQUEST['radius']) echo " checked='checked'"; ?>><?=_("Within 200km Announcements")?></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update My Settings")?>"></td>

2
pages/account/4.php
Unescape Escape View File

@ -15,7 +15,7 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
<? if(strstr($_SESSION[_config][agent], "MSIE")) { ?>
<? if(strstr($_SESSION['_config']['agent'], "MSIE")) { ?>
<object classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" codebase="/xenroll.cab#Version=5,131,3659,0" id="cec">
<?=_("You must enable ActiveX for this to work. On Vista you have to add this website to the list of trusted sites in the internet-settings.")?><?=_("Go to Extras->Internet Options->Security->Trusted Websites, click on Custom Level, check ActiveX control elements that are not marked as safe initialized on start in scripts")?>
</object>

10
pages/account/41.php
Unescape Escape View File

@ -49,16 +49,16 @@ echo $_SESSION['_config']['language'];
<td colspan="2" class="title"><?=_("Additional Language Preferences")?></td>
</tr>
<?
$query = "select * from `addlang` where `userid`='".$_SESSION['profile']['id']."'";
$query = "select * from `addlang` where `userid`='".intval($_SESSION['profile']['id'])."'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
$lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='${row['lang']}'"));
$lang = mysql_fetch_assoc(mysql_query("select * from `languages` where `locale`='".mysql_escape_string($row['lang'])."'"));
?>
<tr>
<td class="DataTD"><?=_("Additional Language")?>:</td>
<td class="DataTD" align="left"><? echo "${lang['lang']} - ${lang['country']}"; ?>
<a href="account.php?oldid=41&action=dellang&remove=<?=$row['lang']?>"><?=_("Delete")?></a></td>
<a href="account.php?oldid=41&amp;action=dellang&amp;remove=<?=$row['lang']?>"><?=_("Delete")?></a></td>
</tr>
<? } ?>
<tr>
@ -69,8 +69,8 @@ echo $_SESSION['_config']['language'];
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
echo "<option value='${row['locale']}'";
echo ">${row['country']} - ${row['lang']}</option>\n";
echo "<option value='".sanitizeHTML($row['locale'])."'";
echo ">".sanitizeHTML$row['country']." - ".sanitizeHTML($row['lang'])."</option>\n";
}
?>
</select>

100
pages/account/43.php
Unescape Escape View File

@ -49,8 +49,8 @@
while($row = mysql_fetch_assoc($res))
{ ?>
<tr>
<td class="DataTD"><a href="account.php?id=43&userid=<?=$row['id']?>"><?=$row['id']?></a></td>
<td class="DataTD"><a href="account.php?id=43&userid=<?=$row['id']?>"><?=$row['email']?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;userid=<?=$row['id']?>"><?=intval($row['id'])?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;userid=<?=$row['id']?>"><?=sanitizeHTML($row['email'])?></a></td>
</tr>
<? } if(mysql_num_rows($res) >= 100) { ?>
<tr>
@ -91,27 +91,27 @@
</tr>
<tr>
<td class="DataTD"><?=_("Email")?>:</td>
<td class="DataTD"><?=$row['email']?></td>
<td class="DataTD"><?=sanitizeHTML($row['email'])?></td>
</tr>
<tr>
<td class="DataTD"><?=_("First Name")?>:</td>
<td class="DataTD"><form method="post" action="account.php" onSubmit="if(!confirm('Are you sure you want to modify this DOB and/or last name?')) return false;">
<input type="text" name="fname" value="<?=$row['fname']?>"></td>
<input type="text" name="fname" value="<?=sanitizeHTML($row['fname'])?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Middle Name")?>:</td>
<td class="DataTD"><input type="text" name="mname" value="<?=$row['mname']?>"></td>
<td class="DataTD"><input type="text" name="mname" value="<?=sanitizeHTML($row['mname'])?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Last Name")?>:</td>
<td class="DataTD"> <input type="hidden" name="oldid" value="43">
<input type="hidden" name="action" value="updatedob">
<input type="hidden" name="userid" value="<?=$id?>">
<input type="text" name="lname" value="<?=$row['lname']?>"></td>
<input type="text" name="lname" value="<?=sanitizeHTML($row['lname'])?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Suffix")?>:</td>
<td class="DataTD"><input type="text" name="suffix" value="<?=$row['suffix']?>"></td>
<td class="DataTD"><input type="text" name="suffix" value="<?=sanitizeHTML($row['suffix'])?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Date of Birth")?>:</td>
@ -126,7 +126,7 @@
{
echo "<option";
if($day == $i)
echo " selected";
echo " selected='selected'";
echo ">$i</option>";
}
?>
@ -137,7 +137,7 @@
{
echo "<option value='$i'";
if($month == $i)
echo " selected";
echo " selected='selected'";
echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))."</option>";
}
?>
@ -147,11 +147,11 @@
</tr>
<tr>
<td class="DataTD"><?=_("Trainings")?>:</td>
<td class="DataTD"><a href="account.php?id=55&userid=<?=intval($row['id'])?>">show</a></td>
<td class="DataTD"><a href="account.php?id=55&amp;userid=<?=intval($row['id'])?>">show</a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Is Assurer")?>:</td>
<td class="DataTD"><a href="account.php?id=43&assurer=<?=intval($row['id'])?>"><?=$row['assurer']?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;assurer=<?=intval($row['id'])?>"><?=$row['assurer']?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Blocked Assurer")?>:</td>
@ -159,117 +159,117 @@
</tr>
<tr>
<td class="DataTD"><?=_("Account Locking")?>:</td>
<td class="DataTD"><a href="account.php?id=43&locked=<?=$row['id']?>"><?=$row['locked']?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;locked=<?=$row['id']?>"><?=$row['locked']?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Code Signing")?>:</td>
<td class="DataTD"><a href="account.php?id=43&codesign=<?=$row['id']?>"><?=$row['codesign']?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;codesign=<?=$row['id']?>"><?=$row['codesign']?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Org Admin")?>:</td>
<td class="DataTD"><a href="account.php?id=43&orgadmin=<?=$row['id']?>"><?=$row['orgadmin']?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;orgadmin=<?=$row['id']?>"><?=$row['orgadmin']?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("TTP Admin")?>:</td>
<td class="DataTD"><a href="account.php?id=43&ttpadmin=<?=$row['id']?>"><?=$row['ttpadmin']?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;ttpadmin=<?=$row['id']?>"><?=$row['ttpadmin']?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Location Admin")?>:</td>
<td class="DataTD"><a href="account.php?id=43&locadmin=<?=$row['id']?>"><?=$row['locadmin']?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;locadmin=<?=$row['id']?>"><?=$row['locadmin']?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Admin")?>:</td>
<td class="DataTD"><a href="account.php?id=43&admin=<?=$row['id']?>"><?=$row['admin']?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;admin=<?=$row['id']?>"><?=$row['admin']?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Ad Admin")?>:</td>
<td class="DataTD"><a href="account.php?id=43&adadmin=<?=$row['id']?>"><?=$row['adadmin']?></a> (0 = none, 1 = submit, 2 = approve)</td>
<td class="DataTD"><a href="account.php?id=43&amp;adadmin=<?=$row['id']?>"><?=$row['adadmin']?></a> (0 = none, 1 = submit, 2 = approve)</td>
</tr>
<tr>
<td class="DataTD"><?=_("Tverify Account")?>:</td>
<td class="DataTD"><a href="account.php?id=43&tverify=<?=$row['id']?>"><?=$row['tverify']?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;tverify=<?=$row['id']?>"><?=$row['tverify']?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("General Announcements")?>:</td>
<td class="DataTD"><a href="account.php?id=43&general=<?=$row['id']?>"><?=$alerts['general']?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;general=<?=$row['id']?>"><?=$alerts['general']?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Country Announcements")?>:</td>
<td class="DataTD"><a href="account.php?id=43&country=<?=$row['id']?>"><?=$alerts['country']?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;country=<?=$row['id']?>"><?=$alerts['country']?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Regional Announcements")?>:</td>
<td class="DataTD"><a href="account.php?id=43&regional=<?=$row['id']?>"><?=$alerts['regional']?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;regional=<?=$row['id']?>"><?=$alerts['regional']?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Within 200km Announcements")?>:</td>
<td class="DataTD"><a href="account.php?id=43&radius=<?=$row['id']?>"><?=$alerts['radius']?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;radius=<?=$row['id']?>"><?=$alerts['radius']?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Change Password")?>:</td>
<td class="DataTD"><a href="account.php?id=44&userid=<?=$row['id']?>"><?=_("Change Password")?></a></td>
<td class="DataTD"><a href="account.php?id=44&amp;userid=<?=$row['id']?>"><?=_("Change Password")?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Delete Account")?>:</td>
<td class="DataTD"><a href="account.php?id=50&userid=<?=$row['id']?>"><?=_("Delete Account")?></a></td>
<td class="DataTD"><a href="account.php?id=50&amp;userid=<?=$row['id']?>"><?=_("Delete Account")?></a></td>
</tr>
<?
// This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!!
if($_GET['showlostpw'] != "yes") {
?>
<tr>
<td class="DataTD" colspan="2"><a href="account.php?id=43&userid=<?=$row['id']?>&showlostpw=yes"><?=_("Show Lost Password Details")?></a></td>
<td class="DataTD" colspan="2"><a href="account.php?id=43&amp;userid=<?=$row['id']?>&amp;showlostpw=yes"><?=_("Show Lost Password Details")?></a></td>
</tr>
<? } else { ?>
<tr>
<td class="DataTD"><?=_("Lost Password")?> - Q1:</td>
<td class="DataTD"><?=$row['Q1']?></td>
<td class="DataTD"><?=sanitizeHTML($row['Q1'])?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Lost Password")?> - A1:</td>
<td class="DataTD"><?=$row['A1']?></td>
<td class="DataTD"><?=sanitizeHTML($row['A1'])?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Lost Password")?> - Q2:</td>
<td class="DataTD"><?=$row['Q2']?></td>
<td class="DataTD"><?=sanitizeHTML($row['Q2'])?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Lost Password")?> - A2:</td>
<td class="DataTD"><?=$row['A2']?></td>
<td class="DataTD"><?=sanitizeHTML($row['A2'])?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Lost Password")?> - Q3:</td>
<td class="DataTD"><?=$row['Q3']?></td>
<td class="DataTD"><?=sanitizeHTML($row['Q3'])?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Lost Password")?> - A3:</td>
<td class="DataTD"><?=$row['A3']?></td>
<td class="DataTD"><?=sanitizeHTML($row['A3'])?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Lost Password")?> - Q4:</td>
<td class="DataTD"><?=$row['Q4']?></td>
<td class="DataTD"><?=sanitizeHTML($row['Q4'])?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Lost Password")?> - A4:</td>
<td class="DataTD"><?=$row['A4']?></td>
<td class="DataTD"><?=sanitizeHTML($row['A4'])?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Lost Password")?> - Q5:</td>
<td class="DataTD"><?=$row['Q5']?></td>
<td class="DataTD"><?=sanitizeHTML($row['Q5'])?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Lost Password")?> - A5:</td>
<td class="DataTD"><?=$row['A5']?></td>
<td class="DataTD"><?=sanitizeHTML($row['A5'])?></td>
</tr>
<? } ?>
<tr>
<td class="DataTD"><?=_("Assurance Points")?>:</td>
<td class="DataTD"><?=$drow['points']?></td>
<td class="DataTD"><?=intval($drow['points'])?></td>
</tr>
</table>
<br><?
$query = "select * from `email` where `memid`='".$row['id']."' and `deleted`=0 and `hash`=''
and `email`!='".$row['email']."'";
$query = "select * from `email` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`=''
and `email`!='".mysql_escape_string($row['email'])."'";
$dres = mysql_query($query);
if(mysql_num_rows($dres) > 0) { ?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
@ -281,13 +281,13 @@
{ ?>
<tr>
<td class="DataTD"><?=_("Secondary Emails")?>:</td>
<td class="DataTD"><?=$drow['email']?></td>
<td class="DataTD"><?=sanitizeHTML($drow['email'])?></td>
</tr>
<? } ?>
</table>
<br><? } ?>
<?
$query = "select * from `domains` where `memid`='".$row['id']."' and `deleted`=0 and `hash`=''";
$query = "select * from `domains` where `memid`='".id($row['id'])."' and `deleted`=0 and `hash`=''";
$dres = mysql_query($query);
if(mysql_num_rows($dres) > 0) { ?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
@ -299,7 +299,7 @@
{ ?>
<tr>
<td class="DataTD"><?=_("Domain")?>:</td>
<td class="DataTD"><?=$drow['domain']?></td>
<td class="DataTD"><?=sanitizeHTML($drow['domain'])?></td>
</tr>
<? } ?>
</table>
@ -318,21 +318,21 @@
<td class="DataTD"><b><?=_("Revoke")?></b></td>
</tr>
<?
$query = "select * from `notary` where `to`='".$row['id']."'";
$query = "select * from `notary` where `to`='".intval($row['id'])."'";
$dres = mysql_query($query);
$points = 0;
while($drow = mysql_fetch_assoc($dres))
{
$fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$drow['from']."'"));
$fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($drow['from'])."'"));
$points += $drow['points'];
?>
<tr>
<td class="DataTD"><?=$drow['date']?></td>
<td class="DataTD"><a href="wot.php?id=9&userid=<?=$drow['from']?>"><?=$fromuser['fname']." ".$fromuser['lname']?></td>
<td class="DataTD"><?=$drow['points']?></td>
<td class="DataTD"><?=$drow['location']?></td>
<td class="DataTD"><?=$drow['method']?></td>
<td class="DataTD"><a href="account.php?id=43&userid=<?=$drow['to']?>&assurance=<?=$drow['id']?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a></td>
<td class="DataTD"><?=sanitizeHTML($drow['date'])?></td>
<td class="DataTD"><a href="wot.php?id=9&amp;userid=<?=intval($drow['from'])?>"><?=sanitizeHTML($fromuser['fname'])." ".sanitizeHTML($fromuser['lname'])?></td>
<td class="DataTD"><?=intval($drow['points'])?></td>
<td class="DataTD"><?=sanitizeHTML($drow['location'])?></td>
<td class="DataTD"><?=sanitizeHTML($drow['method'])?></td>
<td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to')]?>&amp;assurance=<?=intval($drow['id'])?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a></td>
</tr>
<? } ?>
<tr>

10
pages/account/49.php
Unescape Escape View File

@ -40,7 +40,7 @@
{ ?>
<tr>
<td class="DataTD"><?=_("Domain")?>:</td>
<td class="DataTD"><a href="account.php?id=43&userid=<?=$row['id']?>"><?=$row['domain']?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;userid=<?=$row['id']?>"><?=sanitizeHTML($row['domain'])?></a></td>
</tr>
<? } if(mysql_num_rows($res) >= 100) { ?>
<tr>
@ -54,7 +54,7 @@
</table><br><br>
<? } elseif(mysql_num_rows($res) == 1) {
$row = mysql_fetch_assoc($res);
$_GET['userid'] = $row['id'];
$_GET['userid'] = intval($row['id']);
} else {
// printf(_("No domains found matching %s"), $email);
}
@ -71,7 +71,7 @@
{ ?>
<tr>
<td class="DataTD"><?=_("Domain")?>:</td>
<td class="DataTD"><a href="account.php?id=26&orgid=<?=$row['orgid']?>"><?=$row['domain']?></a></td>
<td class="DataTD"><a href="account.php?id=26&amp;orgid=<?=intval($row['orgid'])?>"><?=intval($row['domain'])?></a></td>
</tr>
<? } if(mysql_num_rows($res) >= 100) { ?>
<tr>
@ -85,7 +85,7 @@
</table><br><br>
<? } elseif(mysql_num_rows($res) == 1) {
$row = mysql_fetch_assoc($res);
$_GET['userid'] = $row['id'];
$_GET['userid'] = intval($row['id']);
} else {
printf(_("No domains found matching %s"), $email);
}
@ -93,7 +93,7 @@
if(intval($_GET['userid']) > 0)
{
header("location: account.php?id=43&userid=".$_GET['userid']);
header("location: account.php?id=43&userid=".intval($_GET['userid']));
exit;
}
?>

6
pages/account/5.php
Unescape Escape View File

@ -19,7 +19,7 @@
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="6" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
<td colspan="6" class="title"><?=_("Client Certificates")?> - <a href="account.php?id=5&amp;viewall=<?=!$viewall?>"><?=_("View all certificates")?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
@ -74,7 +74,7 @@
<? if($verified != _("Pending") && $verified != _("Revoked")) { ?>
<td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"></td>
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><a href="account.php?id=6&cert=<?=$row['id']?>"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></a></td>
<td class="DataTD"><a href="account.php?id=6&amp;cert=<?=$row['id']?>"><?=(trim($row['CN'])=="" ? _("empty") : $row['CN'])?></a></td>
<? } else if($verified != _("Revoked")) { ?>
<td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td>
<td class="DataTD"><?=$verified?></td>
@ -94,7 +94,7 @@
<? } ?>
<tr>
<td class="DataTD" colspan="8">
<a href="account.php?id=5&viewall=<?=!$viewall?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a>
<a href="account.php?id=5&amp;viewall=<?=!$viewall?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a>
</td>
</tr>

2
pages/account/51.php
Unescape Escape View File

@ -21,7 +21,7 @@
$query = "select * from `tverify` where `id`='$uid' and `modified`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0) { ?>
<img src="account.php?id=51&photoid=<?=$uid ?>&img=show" border="0" width="800">
<img src="account.php?id=51&amp;photoid=<?=$uid ?>&amp;img=show" border="0" width="800">
<? } else {
$query = "select * from `tverify` where `id`='$uid' and `modified`=1";
$res = mysql_query($query);

12
pages/account/52.php
Unescape Escape View File

@ -23,9 +23,9 @@
if(mysql_num_rows($res) > 0)
{
$row = mysql_fetch_assoc($res);
$memid = $row['memid'];
$memid = intval($row['memid']);
$query2 = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".$_SESSION['profile']['id']."'";
$query2 = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".intval($_SESSION['profile']['id'])."'";
$rc2 = mysql_num_rows(mysql_query($query2));
if($rc2 > 0)
{
@ -52,7 +52,7 @@
<?=_("Primary email address")?>: <?=$user['email']." (".$user['id'].")"?><br>
<?=_("Certificate Subject")?>: <?=$row['CN']?><br>
<? if($row['URL'] != '') { ?><?=_("Notary URL")?>: <a href="<?=$row['URL']?>"><?=$row['URL']?></a><br><? } ?>
<? if($row['photoid'] != '') { ?><?=_("Photo ID URL")?>: <a href="/account.php?id=51&photoid=<?=$row['id']?>"><?=_("Here")?></a><br><? } ?>
<? if($row['photoid'] != '') { ?><?=_("Photo ID URL")?>: <a href="/account.php?id=51&amp;photoid=<?=intval($row['id'])?>"><?=_("Here")?></a><br><? } ?>
<?=_("Current Points")?>: <?=intval($notary['points'])?><br>
<?=_("Potential Points")?>: <?=intval($tobe)?><br>
<?=_("Date of Birth")?>: <?=$user['dob']?> (YYYY-MM-DD)<br>
@ -83,12 +83,12 @@
echo "<br/>"._("The following requests are still open:")."<br/><ul>";
while($row = mysql_fetch_assoc($res))
{
$uid=$row[id];
$query3 = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".$_SESSION['profile']['id']."'";
$uid=intval($row['id']);
$query3 = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".intval($_SESSION['profile']['id'])."'";
$rc3 = mysql_num_rows(mysql_query($query3));
if($rc3 <= 0)
{
echo "<li><a href='account.php?id=52&uid=${row['id']}'>$row[id]</a></li>\n";
echo "<li><a href='account.php?id=52&amp;uid=".intval($row['id'])."'>".intval($row['id'])."</a></li>\n";
}
}
echo "</ul>\n<br>\n";

32
pages/account/53.php
Unescape Escape View File

@ -31,16 +31,16 @@
{
$reg = mysql_fetch_assoc(mysql_query("select * from `regions` where `id`='$regid'"));
$display = "<ul class='top'>\n<li>\n".
"<a href='account.php?id=53&regid=$regid'>$reg[name]</a> - <a href='account.php?action=add&id=54&regid=$regid'>Add</a>\n".
"<a href='account.php?id=53&amp;regid=$regid'>$reg[name]</a> - <a href='account.php?action=add&amp;id=54&amp;regid=$regid'>Add</a>\n".
$display;
$ccid = $_REQUEST['ccid'] = $reg['ccid'];
$ccid = $_REQUEST['ccid'] = intval($reg['ccid']);
}
if($ccid > 0)
{
$cnt = mysql_fetch_assoc(mysql_query("select * from `countries` where `id`='$ccid'"));
$display = "<ul class='top'>\n<li>\n".
"<a href='account.php?id=53&ccid=$ccid'>$cnt[name]</a> - <a href='account.php?action=add&id=54&ccid=$ccid'>Add</a>\n".
"<a href='account.php?id=53&amp;ccid=$ccid'>$cnt[name]</a> - <a href='account.php?action=add&amp;id=54&amp;ccid=$ccid'>Add</a>\n".
$display;
}
@ -53,7 +53,7 @@
$query = "select * from `countries` order by `name`";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
echo "<li><a href='account.php?id=53&ccid=${row['id']}'>$row[name]</a></li>\n";
echo "<li><a href='account.php?id=53&amp;ccid=".inval($row['id'])."'>".sanitizeHTML($row['name'])."</a></li>\n";
echo "</ul>\n</li>\n</ul></div>\n<br>\n";
} elseif($regid <= 0) {
@ -62,10 +62,10 @@
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
echo "<li>( <a href='account.php?action=edit&id=54&regid=${row['id']}'>edit</a> |";
echo " <a href='account.php?action=delete&id=53&regid=${row['id']}'";
echo "<li>( <a href='account.php?action=edit&amp;id=54&regid=".intval($row['id'])."'>edit</a> |";
echo " <a href='account.php?action=delete&amp;id=53&regid=".intval($row['id'])."'";
echo " onclick=\"return confirm('Are you sure you want to delete this region and all connected locations?');\">delete</a> )";
echo " <a href='account.php?id=53&regid=${row['id']}'>$row[name]</a></li>\n";
echo " <a href='account.php?id=53&amp;regid=".intval($row['id'])."'>".sanitizeHTML($row['name'])."</a></li>\n";
}
echo "</ul>\n</li>\n</ul>\n</li>\n</ul></div>\n<br>\n";
@ -80,11 +80,11 @@
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
echo "<li>( <a href='account.php?action=move&id=54&locid=${row['id']}'>move</a> |";
echo " <a href='account.php?action=aliases&id=54&locid=${row['id']}'>aliases</a> |";
echo " <a href='account.php?action=edit&id=54&locid=${row['id']}'>edit</a> |";
echo " <a href='account.php?action=delete&id=53&locid=${row['id']}'";
echo " onclick=\"return confirm('Are you sure you want to delete this location?');\">delete</a> ) ${row['name']} (${row['lat']},${row['long']})</li>\n";
echo "<li>( <a href='account.php?action=move&amp;id=54&amp;locid=".intval($row['id'])."'>move</a> |";
echo " <a href='account.php?action=aliases&amp;id=54&amp;locid=".intval($row['id'])."'>aliases</a> |";
echo " <a href='account.php?action=edit&amp;id=54&amp;locid=".intval($row['id'])."'>edit</a> |";
echo " <a href='account.php?action=delete&amp;id=53&amp;locid=".intval($row['id'])."'";
echo " onclick=\"return confirm('Are you sure you want to delete this location?');\">delete</a> ) ".sanitizeHTML($row['name'])." (".sanitizeHTML($row['lat']).",".sanitizeHTML($row['long']).")</li>\n";
}
echo "</ul>\n</li>\n</ul>\n</li>\n</ul></div>\n<br>\n";
@ -95,16 +95,16 @@
if($prev < 0)
$prev = 0;
$st = "[ <a href='account.php?id=53&regid=$regid'><< Start</a> ] ";
$prev = "[ <a href='account.php?id=53&regid=$regid&start=$prev'>< Previous $limit</a> ] ";
$st = "[ <a href='account.php?id=53&amp;regid=$regid'><< Start</a> ] ";
$prev = "[ <a href='account.php?id=53&amp;regid=$regid&amp;start=$prev'>< Previous $limit</a> ] ";
}
if($start < $rc - $limit)
{
$next = $start + $limit;
$last = $rc - $limit;
$next = "[ <a href='account.php?id=53&regid=$regid&start=$next'>Next $limit ></a> ] ";
$end = "[ <a href='account.php?id=53&regid=$regid&start=$last'>End >></a> ]";
$next = "[ <a href='account.php?id=53&amp;regid=$regid&amp;start=$next'>Next $limit ></a> ] ";
$end = "[ <a href='account.php?id=53&amp;regid=$regid&amp;start=$last'>End >></a> ]";
}
echo "<div id='search1'>$st</div><div id='search3'>$end</div>\n";
echo "<div id='search2'>$prev</div><div id='search4'>$next</div>\n";

8
pages/account/54.php
Unescape Escape View File

@ -148,7 +148,7 @@
?>
<tr>
<td class="DataTD"><?=$row['name']?></td>
<td class="DataTD"><a href="account.php?id=54&locid=<?=$locid?>&name=<?=$row['name']?>&action=delalias" onclick="return confirm('Are you sure you want to delete this location alias?');"><?=_("Delete")?></td>
<td class="DataTD"><a href="account.php?id=54&amp;locid=<?=$locid?>&amp;name=<?=sanitizeHTML($row['name'])?>&amp;action=delalias" onclick="return confirm('Are you sure you want to delete this location alias?');"><?=_("Delete")?></td>
</tr>
<? } ?>
</table>
@ -185,13 +185,13 @@ document.getElementById("display1").style.display = "none";
<td class="DataTD"><?=_("Set Region")?>:</td>
<td class="DataTD"><select name="newreg">
<?
$query = "select * from `regions` where `ccid`='$row[ccid]' order by `name`";
$query = "select * from `regions` where `ccid`='".intval($row['ccid'])."' order by `name`";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
echo "<option value='$row[id]'";
echo "<option value='".intval($row['id'])."'";
if($_REQUEST['newreg'] == $row['id'])
echo " selected";
echo " selected='selected'";
echo ">$row[name]</option>\n";
}
?>

8
pages/account/55.php
Unescape Escape View File

@ -24,13 +24,13 @@
<td colspan="5" class="title"><?=_("Your passed Tests")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("The list of tests you did pass at ").'<a href="https://cats.cacert.org">https://cats.cacert.org</a>'?></td>
<td class="DataTD"><?=_("The list of tests you did pass at ").'<a href="https://cats.cacert.org/">https://cats.cacert.org/</a>'?></td>
</tr>
</table>
<?
} else {
$user_id = intval($_REQUEST['userid']);
$query = "select * from `users` where `id`='".(int)$user_id."' and `users`.`deleted`=0";
$query = "select * from `users` where `id`='$user_id' and `users`.`deleted`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
@ -41,7 +41,7 @@
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="5" class="title"><?=_("Passed Tests of ").$row['fname']." ".$row['mname']." ".$row['lname']?></td>
<td colspan="5" class="title"><?=_("Passed Tests of ").sanitizeHTML($row['fname'])." ".sanitizeHTML($row['mname'])." ".sanitizeHTML($row['lname'])?></td>
</tr>
</table>
@ -84,7 +84,7 @@
<?
if ($_SESSION['profile']['admin'] == 1 && intval($_REQUEST['userid']) > 0) {
?>
<tr><td colspan="3" class="DataTD"><a href="account.php?id=43&userid=<?=$user_id ?>">back</a></td></tr>
<tr><td colspan="3" class="DataTD"><a href="account.php?id=43&amp;userid=<?=$user_id ?>">back</a></td></tr>
<? } else {
$query = 'SELECT `u`.id, `u`.`assurer`, SUM(`points`) FROM `users` AS `u`, `notary` AS `n` '.
' WHERE `u`.`id` = \''.(int)intval($_SESSION['profile']['id']).'\' AND `n`.`to` = `u`.`id` AND `expire` < now() '.

6
pages/account/9.php
Unescape Escape View File

@ -26,7 +26,7 @@
<td class="DataTD"><?=_("Address")?></td>
<?
$query = "select * from `domains` where `memid`='".$_SESSION['profile']['id']."' and `deleted`=0";
$query = "select * from `domains` where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
@ -43,9 +43,9 @@
$verified = _("Unverified");
?>
<tr>
<td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"></td>
<td class="DataTD"><input type="checkbox" name="delid[]" value="<?=intval($row['id'])?>"></td>
<td class="DataTD"><?=$verified?></td>
<td class="DataTD"><?=$row['domain']?></td>
<td class="DataTD"><?=sanitizeHTML($row['domain'])?></td>
</tr>
<? } ?>
<tr>

Write Preview
Loading…
Cancel
Save