"It should not be possible to assure a blocked account"
pull/1/head
Wytze van der Raay 12 years ago
parent 6e05704ded
commit aff3516579

@ -87,28 +87,28 @@ function send_reminder()
{ {
$body = ""; $body = "";
$my_translation = L10n::get_translation(); $my_translation = L10n::get_translation();
$_SESSION['_config']['reminder-lang'] = $_POST['reminder-lang']; $_SESSION['_config']['reminder-lang'] = $_POST['reminder-lang'];
$reminder_translations[] = $_POST['reminder-lang']; $reminder_translations[] = $_POST['reminder-lang'];
if ( !in_array("en", $reminder_translations, $strict=true) ) { if ( !in_array("en", $reminder_translations, $strict=true) ) {
$reminder_translations[] = "en"; $reminder_translations[] = "en";
} }
foreach ($reminder_translations as $translation) { foreach ($reminder_translations as $translation) {
L10n::set_translation($translation); L10n::set_translation($translation);
$body .= L10n::$translations[$translation].":\n\n"; $body .= L10n::$translations[$translation].":\n\n";
$body .= sprintf(_("This is a short reminder that you filled out forms to become trusted with CAcert.org, and %s has attempted to issue you points. Please create your account at %s as soon as possible and then notify %s so that the points can be issued."), $_SESSION['profile']['fname']." (".$_SESSION['profile']['email'].")", "http://www.cacert.org", $_SESSION['profile']['fname'])."\n\n"; $body .= sprintf(_("This is a short reminder that you filled out forms to become trusted with CAcert.org, and %s has attempted to issue you points. Please create your account at %s as soon as possible and then notify %s so that the points can be issued."), $_SESSION['profile']['fname']." (".$_SESSION['profile']['email'].")", "http://www.cacert.org", $_SESSION['profile']['fname'])."\n\n";
$body .= _("Best regards")."\n"; $body .= _("Best regards")."\n";
$body .= _("CAcert Support Team")."\n\n"; $body .= _("CAcert Support Team")."\n\n";
} }
L10n::set_translation($reminder_translations[0]); // for the subject L10n::set_translation($reminder_translations[0]); // for the subject
sendmail($_POST['email'], "[CAcert.org] "._("Reminder Notice"), $body, $_SESSION['profile']['email'], "", "", $_SESSION['profile']['fname']); sendmail($_POST['email'], "[CAcert.org] "._("Reminder Notice"), $body, $_SESSION['profile']['email'], "", "", $_SESSION['profile']['fname']);
L10n::set_translation($my_translation); L10n::set_translation($my_translation);
$_SESSION['_config']['remindersent'] = 1; $_SESSION['_config']['remindersent'] = 1;
$_SESSION['_config']['error'] = _("A reminder notice has been sent."); $_SESSION['_config']['error'] = _("A reminder notice has been sent.");
} }
@ -122,13 +122,13 @@ function send_reminder()
if(array_key_exists('location',$_POST) && $_POST['location'] != "") if(array_key_exists('location',$_POST) && $_POST['location'] != "")
$_SESSION['_config']['location'] = $_POST['location']; $_SESSION['_config']['location'] = $_POST['location'];
$oldid=array_key_exists('oldid',$_REQUEST)?intval($_REQUEST['oldid']):0; $oldid=array_key_exists('oldid',$_REQUEST)?intval($_REQUEST['oldid']):0;
if($oldid == 12) if($oldid == 12)
$id = $oldid; $id = $oldid;
if(($id == 5 || $oldid == 5 || $id == 6 || $oldid == 6)) if(($id == 5 || $oldid == 5 || $id == 6 || $oldid == 6))
if (!is_assurer($_SESSION['profile']['id'])) if (!is_assurer($_SESSION['profile']['id']))
{ {
show_page ("Exit","",get_assurer_reason($_SESSION['profile']['id'])); show_page ("Exit","",get_assurer_reason($_SESSION['profile']['id']));
exit; exit;
@ -155,7 +155,7 @@ function send_reminder()
$_SESSION['_config']['noemailfound'] = 1; $_SESSION['_config']['noemailfound'] = 1;
show_page("EnterEmail","",_("I'm sorry, there was no email matching what you entered in the system. Please double check your information.")); show_page("EnterEmail","",_("I'm sorry, there was no email matching what you entered in the system. Please double check your information."));
exit; exit;
} else } else
{ {
$_SESSION['_config']['noemailfound'] = 0; $_SESSION['_config']['noemailfound'] = 0;
$_SESSION['_config']['notarise'] = mysql_fetch_assoc($res); $_SESSION['_config']['notarise'] = mysql_fetch_assoc($res);
@ -165,6 +165,14 @@ function send_reminder()
exit; exit;
} }
} }
$query = "select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' and `locked`=1";
$res = mysql_query($query);
if(mysql_num_rows($res) >= 1)
{
$_SESSION['_config']['noemailfound'] = 0;
show_page("EnterEmail","",_("This account is locked and can not be assured. For more information ask support@cacert.org."));
exit;
}
} }
if($oldid == 5 || $oldid == 6) if($oldid == 5 || $oldid == 6)
@ -247,7 +255,7 @@ $iecho= "c";
$newpoints = $awarded = $max; $newpoints = $awarded = $max;
if($newpoints < 0) if($newpoints < 0)
$newpoints = $awarded = 0; $newpoints = $awarded = 0;
$query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`"; $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`";
$res = mysql_query($query); $res = mysql_query($query);
$drow = mysql_fetch_assoc($res); $drow = mysql_fetch_assoc($res);
@ -260,13 +268,13 @@ $iecho= "c";
$newpoints = $max - $drow['total']; $newpoints = $max - $drow['total'];
if($newpoints < 0) if($newpoints < 0)
$newpoints = 0; $newpoints = 0;
if(mysql_escape_string(stripslashes($_POST['date'])) == "") if(mysql_escape_string(stripslashes($_POST['date'])) == "")
$_POST['date'] = date("Y-m-d H:i:s"); $_POST['date'] = date("Y-m-d H:i:s");
$query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' AND $query = "select * from `notary` where `from`='".$_SESSION['profile']['id']."' AND
`to`='".$_SESSION['_config']['notarise']['id']."' AND `to`='".$_SESSION['_config']['notarise']['id']."' AND
`awarded`='$awarded' AND `awarded`='$awarded' AND
`location`='".mysql_escape_string(stripslashes($_POST['location']))."' AND `location`='".mysql_escape_string(stripslashes($_POST['location']))."' AND
`date`='".mysql_escape_string(stripslashes($_POST['date']))."'"; `date`='".mysql_escape_string(stripslashes($_POST['date']))."'";
$res = mysql_query($query); $res = mysql_query($query);
@ -297,7 +305,7 @@ $iecho= "c";
} }
mysql_query($query); mysql_query($query);
fix_assurer_flag($_SESSION['_config']['notarise']['id']); fix_assurer_flag($_SESSION['_config']['notarise']['id']);
if($_SESSION['profile']['points'] < 150) if($_SESSION['profile']['points'] < 150)
{ {
$addpoints = 0; $addpoints = 0;
@ -319,7 +327,7 @@ $iecho= "c";
$my_translation = L10n::get_translation(); $my_translation = L10n::get_translation();
L10n::set_translation($_SESSION['_config']['notarise']['language']); L10n::set_translation($_SESSION['_config']['notarise']['language']);
$body = sprintf(_("You are receiving this email because you have been assured by %s %s (%s)."), $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'])."\n\n"; $body = sprintf(_("You are receiving this email because you have been assured by %s %s (%s)."), $_SESSION['profile']['fname'], $_SESSION['profile']['lname'], $_SESSION['profile']['email'])."\n\n";
if($_POST['points'] != $newpoints) if($_POST['points'] != $newpoints)
$body .= sprintf(_("You were issued %s points however the system has rounded this down to %s and you now have %s points in total."), $_POST['points'], $newpoints, ($newpoints + $drow['total']))."\n\n"; $body .= sprintf(_("You were issued %s points however the system has rounded this down to %s and you now have %s points in total."), $_POST['points'], $newpoints, ($newpoints + $drow['total']))."\n\n";
@ -448,10 +456,10 @@ $iecho= "c";
{ {
$my_translation = L10n::get_translation(); $my_translation = L10n::get_translation();
L10n::set_translation($user['language']); L10n::set_translation($user['language']);
$subject = "[CAcert.org] ".sprintf(_("Message from %s"), $subject = "[CAcert.org] ".sprintf(_("Message from %s"),
$_SESSION['profile']['fname']); $_SESSION['profile']['fname']);
$body = sprintf(_("Hi %s,"), $user['fname'])."\n\n"; $body = sprintf(_("Hi %s,"), $user['fname'])."\n\n";
$body .= sprintf(_("%s %s has sent you a message via the ". $body .= sprintf(_("%s %s has sent you a message via the ".
"contact an Assurer form on CAcert.org."), "contact an Assurer form on CAcert.org."),
@ -467,16 +475,16 @@ $iecho= "c";
"abused, please write to support@cacert.org")."\n\n"; "abused, please write to support@cacert.org")."\n\n";
$body .= _("Best regards")."\n"; $body .= _("Best regards")."\n";
$body .= _("Your CAcert Community"); $body .= _("Your CAcert Community");
sendmail($user['email'], $subject, $body, sendmail($user['email'], $subject, $body,
$_SESSION['profile']['email'], //from $_SESSION['profile']['email'], //from
"", //replyto "", //replyto
"", //toname "", //toname
$_SESSION['profile']['fname']." ". $_SESSION['profile']['fname']." ".
$_SESSION['profile']['lname']); //fromname $_SESSION['profile']['lname']); //fromname
L10n::set_translation($my_translation); L10n::set_translation($my_translation);
showheader(_("My CAcert.org Account!"));?> showheader(_("My CAcert.org Account!"));?>
<p> <p>
<? printf(_("Your email has been sent to %s."), $user['fname']); ?> <? printf(_("Your email has been sent to %s."), $user['fname']); ?>
@ -489,10 +497,10 @@ $iecho= "c";
show_page(0,"",_("Sorry, I was unable to locate that user.")); show_page(0,"",_("Sorry, I was unable to locate that user."));
exit; exit;
} }
} }
} }
if($oldid == 9) if($oldid == 9)
{ {
$oldid=0; $oldid=0;
$id = 9; $id = 9;

Loading…
Cancel
Save