cacert/cacert-webdb
9
0
Fork 0
Code Issues Pull requests 3 Projects Releases 4 Wiki Activity

Fix for http://bugs.cacert.org/view.php?id=1173

Browse source 
While email or domain dispute check if the request belongs to a locked account
and stop the process.
This commit is contained in:
Wytze van der Raay 2013-07-15 08:38:31 +00:00
parent d9dae47ae0
commit e3836dd5cc
1 changed files with 34 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
www/disputes.php
View file

@ -236,6 +236,23 @@
exit; exit;
} }
//check if email belongs to locked account
$res = mysql_query("select 1 from `email`, `users` where `email`.`email`='$email' and `email`.`memid`=`users`.`id` and (`users`.`assurer_blocked`=1 or `users`.`locked`=1)");
if(mysql_num_rows($res) > 0)
{
showheader(_("Email Dispute"));
printf(_("Sorry, the email address '%s' cannot be disputed for administrative reasons. To solve this problem please get in contact with %s."), sanitizeHTML($email),"<a href='mailto:support@cacert.org'>support@cacert.org</a>");
$duser=$_SESSION['profile']['fname']." ".$_SESSION['profile']['lname'];
$body = sprintf("Someone has just attempted to dispute this email '%s', which belongs to a locked account:\n".
"Username(ID): %s (%s)\n".
"email: %s\n".
"IP/Hostname: %s\n", $email, $duser, $_SESSION['profile']['id'], $_SESSION['profile']['email'], $_SERVER['REMOTE_ADDR'].(array_key_exists('REMOTE_HOST',$_SERVER)?"/".$_SERVER['REMOTE_HOST']:""));
sendmail("support@cacert.org", "[CAcert.org] failed dispute on locked account", $body, $_SESSION['profile']['email'], "", "", $duser);
showfooter();
exit;
}
$res = mysql_query("select * from `disputeemail` where `email`='$email' and hash!=''"); $res = mysql_query("select * from `disputeemail` where `email`='$email' and hash!=''");
if(mysql_num_rows($res) > 0) if(mysql_num_rows($res) > 0)
{ {
@ -308,6 +325,23 @@
exit; exit;
} }
//check if domain belongs to locked account
$res = mysql_query("select 1 from `domains`, `users` where `domains`.`domain`='$domain' and `domains`.`memid`=`users`.`id` and (`users`.`assurer_blocked`=1 or `users`.`locked`=1)");
if(mysql_num_rows($res) > 0)
{
showheader(_("Domain Dispute"));
printf(_("Sorry, the domain '%s' cannot be disputed for administrative reasons. To solve this problem please get in contact with %s."), sanitizeHTML($domain),"<a href='mailto:support@cacert.org'>support@cacert.org</a>");
$duser=$_SESSION['profile']['fname']." ".$_SESSION['profile']['lname'];
$body = sprintf("Someone has just attempted to dispute this domain '%s', which belongs to a locked account:\n".
"Username(ID): %s (%s)\n".
"email: %s\n".
"IP/Hostname: %s\n", $domain, $duser, $_SESSION['profile']['id'], $_SESSION['profile']['email'], $_SERVER['REMOTE_ADDR'].(array_key_exists('REMOTE_HOST',$_SERVER)?"/".$_SERVER['REMOTE_HOST']:""));
sendmail("support@cacert.org", "[CAcert.org] failed dispute on locked account", $body, $_SESSION['profile']['email'], "", "", $duser);
showfooter();
exit;
}
$query = "select * from `disputedomain` where `domain`='$domain' and hash!=''"; $query = "select * from `disputedomain` where `domain`='$domain' and hash!=''";
$res = mysql_query($query); $res = mysql_query($query);
if(mysql_num_rows($res) > 0) if(mysql_num_rows($res) > 0)