Fix for https://bugs.cacert.org/view.php?id=981

New layout of view for Organisation Administrators in account/id35
12 years ago · ccad5d5e16
parent a0686d999d
commit ccad5d5e16
3 changed files with 96 additions and 39 deletions
--- a/includes/account.php
+++ b/includes/account.php
@ -2246,8 +2246,7 @@
 		$orgid = 0;
 	}

-	if($id == 32 || $oldid == 32 || $id == 33 || $oldid == 33 || $id == 34 || $oldid == 34 ||
-		$id == 35 || $oldid == 35)
+	if($id == 32 || $oldid == 32 || $id == 33 || $oldid == 33 || $id == 34 || $oldid == 34)
 	{
 		$query = "select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'";
 		$_macc = mysql_num_rows(mysql_query($query));
@ -2260,6 +2259,19 @@
 		}
 	}

+	if($id == 35 || $oldid == 35)
+	{
+		$query = "select 1 from `org` where `memid`='".intval($_SESSION['profile']['id'])."'";
+		$is_orguser = mysql_num_rows(mysql_query($query));
+		if($_SESSION['profile']['orgadmin'] != 1 && $is_orguser <= 0)
+		{
+			showheader(_("My CAcert.org Account!"));
+			echo _("You don't have access to this area.");
+			showfooter();
+			exit;
+		}
+	}
+
 	if($id == 33 && $_SESSION['profile']['orgadmin'] != 1)
 	{
 		$orgid = intval($_SESSION['_config']['orgid']);
--- a/includes/account_stuff.php
+++ b/includes/account_stuff.php
@ -209,7 +209,7 @@ function hideall() {
      <ul class="menu" id="serverorg"><li><a href="account.php?id=20"><?=_("New")?></a></li><li><a href="account.php?id=22"><?=_("View")?></a></li></ul>
    </div>
 <? } ?>
-<? if(mysql_num_rows(mysql_query("select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'")) > 0 || $_SESSION['profile']['orgadmin'] == 1) { ?>
+<? if(mysql_num_rows(mysql_query("select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."'")) > 0 || $_SESSION['profile']['orgadmin'] == 1) { ?>
    <div class="relatedLinks">
      <h3 class="pointer" onclick="explode('orgadmin')">+ <?=_("Org Admin")?></h3>
      <ul class="menu" id="orgadmin"><? if($_SESSION['profile']['orgadmin'] == 1) { ?><li><a href="account.php?id=24"><?=_("New Organisation")?></a></li><li><a href="account.php?id=25"><?=_("View Organisations")?></a></li><? } ?><li><a href="account.php?id=35"><?=_("View")?></a></li></ul>
--- a/pages/account/35.php
+++ b/pages/account/35.php
@ -15,44 +15,89 @@
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */ ?>
+
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper" width="400">
-  <tr>
-    <td colspan="3" class="title"><?=_("Organisations")?></td>
-  </tr>
-  <tr>
-    <td class="DataTD">#</td>
-    <td class="DataTD"><?=_("Organisation")?></td>
-    <td class="DataTD"><?=_("Admins")?></td>
-  </tr>
-<?
-	$query = "select * from `orginfo`,`org` where `orginfo`.`id`=`org`.`orgid` and `org`.`memid`='".intval($_SESSION['profile']['id'])."'";
-	$res = mysql_query($query);
-	while($row = mysql_fetch_assoc($res))
-	{
-		//number of admins for the org
-		$r2 = mysql_query("select * from `org` where `orgid`='".intval($row['id'])."'");
-		$admincount = mysql_num_rows($r2);

-		// number of domains for the org
-		$r2 = mysql_query("select * from `orgdomains` where `orgid`='".intval($row['id'])."'");
-		$domcount = mysql_num_rows($r2);
-?>
-  <tr>
-    <td class="DataTD"><?=intval($row['id'])?></td>
-    <td class="DataTD"><?=($row['O'])?>, <?=($row['ST'])?> <?=sanitizeHTML($row['C'])?></td>
-    <td class="DataTD"><a href="account.php?id=32&amp;orgid=<?=$row['id']?>"><?=_("Admins")?> (<?=$admincount?>)</a></td>
-  </tr>
 <?
-	// display the domains of each organisation
-	$query3 = "select * from `orgdomains` where `orgid`='".intval($row['id'])."'";
-	$res3 = mysql_query($query3);
-	while($detailorg = mysql_fetch_assoc($res3))
+$query = "select *
+			from `orginfo`,`org`
+			where `orginfo`.`id`=`org`.`orgid`
+			and `org`.`memid`='".intval($_SESSION['profile']['id'])."'";
+
+$res = mysql_query($query);
+while($row = mysql_fetch_assoc($res))
+{
+	?>
+	<tr>
+		<td colspan="3" class="title"><?=_("Organisation")?></td>
+	</tr>
+	<tr>
+		<td class="DataTD"><?=_("Organisation Name")?>:</td>
+		<td colspan="2" class="DataTD" ><b><?=$row['O']?></b></td>
+	</tr>
+	<tr>
+		<td class="DataTD"><?=_("Contact Email")?>:</td>
+		<td colspan="2" class="DataTD"><?=($row['contact'])?></td>
+	</tr>
+	<tr>
+		<td class="DataTD"><?=_("Town/Suburb")?>:</td>
+		<td colspan="2" class="DataTD"><?=($row['L'])?></td>
+	</tr>
+	<tr>
+		<td class="DataTD"><?=_("State/Province")?>:</td>
+		<td colspan="2" class="DataTD"><?=($row['ST'])?></td>
+	</tr>
+	<tr>
+		<td class="DataTD"><?=_("Country")?>:</td>
+		<td colspan="2" class="DataTD"><?=($row['C'])?></td>
+	</tr>
+	<?
+	
+	//domain info
+	$query = "select `domain` from `orgdomains` where `orgid`='".intval($row['id'])."'";
+	$res1 = mysql_query($query);
+	while($domain = mysql_fetch_assoc($res1))
+	{
+		?>
+		<tr>
+			<td class="DataTD"><?=_("Domain")?></td>
+			<td colspan="2" class="DataTD"><?=sanitizeHTML($domain['domain'])?></td>
+		</tr>
+		<?
+	}
+	
+	?>
+	<tr>
+		<td class="DataTD"><?=_("Administrator")?></td>
+		<td class="DataTD"><?=_("Master Account")?></td>
+		<td class="DataTD"><?=_("Department")?></td>
+	</tr>
+	<?
+	
+	//org admins
+	$query = "select * from `org` where `orgid`='".intval($row['id'])."'";
+	$res2 = mysql_query($query);
+	while($org = mysql_fetch_assoc($res2))
 	{
-?>
-  <tr>
-    <td class="DataTD"><?=intval($detailorg['id'])?></td>
-    <td class="DataTD"><?=_("Domain available")?></td>
-    <td class="DataTD"><?=sanitizeHTML($detailorg['domain'])?></td>
-  </tr>		
-<? } } ?>
+		$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($org['memid'])."'"));
+		?> 
+		<tr>
+			<td class="DataTD"><a href='mailto:<?=$user['email']?>'><?=($user['fname'])?> <?=($user['lname'])?></a></td>
+			<td class="DataTD"><?=($org['masteracc'])?></td>
+			<td class="DataTD"><?=($org['OU'])?></td>
+		</tr>
+		<?
+		
+		if(intval($org['masteracc']) === 1 &&
+				 intval($org['memid']) === intval($_SESSION['profile']['id']))
+		{ 
+			$master="account.php?id=32&amp;orgid=".intval($row['id']);
+			?>
+			<tr>
+				<td colspan="3" class="DataTD"><a href="<?=$master ?>"><?=_("Edit")?></a></td>
+			</tr>
+			<?
+		}
+	} 
+} ?>
 </table>