cacert/cacert-webdb
9
0
Fork 0
Code Issues Pull requests 3 Projects Releases 4 Wiki Activity

Fix for http://bugs.cacert.org/view.php?id=999

Browse source 
"When revoking an assurance in the SE console the messagebox is unclear"
This commit is contained in:
Wytze van der Raay 2013-06-26 11:02:45 +00:00
parent 868ff702d5
commit f9e74c01d0
2 changed files with 44 additions and 44 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
includes/notary.inc.php
View file

@ -14,7 +14,7 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
*/
function query_init ($query)
{
@ -52,8 +52,8 @@
function get_top_assurer_position ($no_of_assurances)
{
$res = query_init ("SELECT count(*) AS `list` FROM `notary`
WHERE `method` = 'Face to Face Meeting'
$res = query_init ("SELECT count(*) AS `list` FROM `notary`
WHERE `method` = 'Face to Face Meeting'
GROUP BY `from` HAVING count(*) > '".intval($no_of_assurances)."'");
return intval(query_get_number_of_rows($res)+1);
}
@ -83,7 +83,7 @@
$res = query_init ("select count(*) as number,points,awarded,method from notary where `from`='".intval($userid)."' group by points,awarded,method");
return $res;
}
function get_received_assurances_summary ($userid)
{
$res = query_init ("select count(*) as number,points,awarded,method from notary where `to`='".intval($userid)."' group by points,awarded,method");
@ -129,7 +129,7 @@
$awarded = 100;
}
else
$experience = 0;
$experience = 0;
switch ($row['method'])
{
@ -303,7 +303,7 @@
?>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$when?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$email?><?=$emclose?></td>
<? }
<? }
?>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$awarded?><?=$emclose?></td>
@ -319,7 +319,7 @@
<td class="DataTD" <?=$tdstyle?>>&nbsp;</td>
<? } else {
?>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&amp;userid=<?=intval($userid)?>&amp;assurance=<?=intval($assuranceid)?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&amp;userid=<?=intval($userid)?>&amp;assurance=<?=intval($assuranceid)?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$assuranceid)?>');"><?=_("Revoke")?></a><?=$emclose?></td>
<?
}
}
@ -374,7 +374,7 @@
$res = get_given_assurances(intval($userid));
while($row = mysql_fetch_assoc($res))
{
$fromuser = get_user (intval($row['to']));
$fromuser = get_user (intval($row['to']));
$apoints = calc_experience ($row,$points,$experience,$sum_experience,$revoked);
$name = show_user_link ($fromuser['fname']." ".$fromuser['lname'],intval($row['to']));
$email = show_email_link ($fromuser['email'],intval($row['to']));

72
pages/account/43.php
View file

@ -53,14 +53,14 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
} else {
// $email contains non-digits ==> search for mail addresses
// Be defensive here (outer join) if primary mail is not listed in email table
$query = "select `users`.`id` as `id`, `email`.`email` as `email`
$query = "select `users`.`id` as `id`, `email`.`email` as `email`
from `users` left outer join `email` on (`users`.`id`=`email`.`memid`)
where (`email`.`email` like '$emailsearch'
where (`email`.`email` like '$emailsearch'
or `users`.`email` like '$emailsearch')
and `users`.`deleted`=0
group by `users`.`id` limit 100";
}
// bug-975 ted+uli changes --- end
// bug-975 ted+uli changes --- end
$res = mysql_query($query);
if(mysql_num_rows($res) > 1) { ?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
@ -342,7 +342,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
<td colspan="2" class="title"><?=_("Account State")?></td>
</tr>
<?
<?
// --- bug-975 begin ---
// potential db inconsistency like in a20110804.1
// Admin console -> don't list user account
@ -363,7 +363,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
4. email.email = primary-email (???) or'd
not covered by admin console find user routine, but may block users login
5. users.verified = 0|1
further "special settings"
further "special settings"
6. users.locked (setting displayed in display form)
7. users.assurer_blocked (setting displayed in display form)
@ -374,7 +374,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
1. users.verified = 1
2. users.deleted = 0
3. users.locked = 0
4. users.email = primary-email
4. users.email = primary-email
--- Assurer, assure someone find user query
select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."'
@ -388,11 +388,11 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
1. email.hash = '' Yes No No
2. email.deleted = 0 Yes No No
3. users.deleted = 0 Yes Yes Yes
4. users.verified = 1 No Yes No
4. users.verified = 1 No Yes No
5. users.locked = 0 No Yes No
6. users.email = prim-email No Yes Yes
7. email.email = prim-email Yes No No
full usable account needs all 7 requirements fulfilled
so if one setting isn't set/cleared there is an inconsistency either way
if eg email.email is not avail, admin console cannot open user info
@ -436,7 +436,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
}
if ($drow) {
$eemail = $drow['eemail'];
$edeleted = $drow['edeleted'];
@ -455,11 +455,11 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
}
if ($edeleted!=0) {
$inconsistency += 8;
$inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted");
$inccause .= (empty($inccause)?"":"<br>")._("Email record set deleted");
}
if ($ehash!='') {
$inconsistency += 16;
$inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset");
$inccause .= (empty($inccause)?"":"<br>")._("Email record hash not unset");
}
} else {
$inconsistency = 32;
@ -478,14 +478,14 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
"operations and needs to be fixed manually through arbitration/critical ".
"team.")?>
</td>
</tr>
</tr>
<? }
// --- bug-975 end ---
?>
</table>
<br>
<?
<?
// End - Debug infos
?>
@ -514,12 +514,12 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$total = $drow['total'];
$maxexpire = "0000-00-00 00:00:00";
if ($drow['maxexpire']) {
$maxexpire = $drow['maxexpire'];
}
if($total > 0) {
$query = "select COUNT(*) as `valid`
from `domains` inner join `domaincerts`
@ -530,7 +530,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$valid = $drow['valid'];
$query = "select COUNT(*) as `expired`
from `domains` inner join `domaincerts`
on `domains`.`id` = `domaincerts`.`domid`
@ -539,7 +539,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$expired = $drow['expired'];
$query = "select COUNT(*) as `revoked`
from `domains` inner join `domaincerts`
on `domains`.`id` = `domaincerts`.`domid`
@ -572,12 +572,12 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$total = $drow['total'];
$maxexpire = "0000-00-00 00:00:00";
if ($drow['maxexpire']) {
$maxexpire = $drow['maxexpire'];
}
if($total > 0) {
$query = "select COUNT(*) as `valid`
from `emailcerts`
@ -587,7 +587,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$valid = $drow['valid'];
$query = "select COUNT(*) as `expired`
from `emailcerts`
where `memid` = '".intval($row['id'])."'
@ -595,7 +595,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$expired = $drow['expired'];
$query = "select COUNT(*) as `revoked`
from `emailcerts`
where `memid` = '".intval($row['id'])."'
@ -627,12 +627,12 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$total = $drow['total'];
$maxexpire = "0000-00-00 00:00:00";
if ($drow['maxexpire']) {
$maxexpire = $drow['maxexpire'];
}
if($total > 0) {
$query = "select COUNT(*) as `valid`
from `gpg`
@ -641,7 +641,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$valid = $drow['valid'];
$query = "select COUNT(*) as `expired`
from `emailcerts`
where `memid` = '".intval($row['id'])."'
@ -649,7 +649,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$expired = $drow['expired'];
?>
<td class="DataTD"><?=intval($total)?></td>
<td class="DataTD"><?=intval($valid)?></td>
@ -676,12 +676,12 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$total = $drow['total'];
$maxexpire = "0000-00-00 00:00:00";
if ($drow['maxexpire']) {
$maxexpire = $drow['maxexpire'];
}
if($total > 0) {
$query = "select COUNT(*) as `valid`
from `orgdomaincerts` as `orgcerts` inner join `org`
@ -692,7 +692,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$valid = $drow['valid'];
$query = "select COUNT(*) as `expired`
from `orgdomaincerts` as `orgcerts` inner join `org`
on `orgcerts`.`orgid` = `org`.`orgid`
@ -701,7 +701,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$expired = $drow['expired'];
$query = "select COUNT(*) as `revoked`
from `orgdomaincerts` as `orgcerts` inner join `org`
on `orgcerts`.`orgid` = `org`.`orgid`
@ -736,12 +736,12 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$total = $drow['total'];
$maxexpire = "0000-00-00 00:00:00";
if ($drow['maxexpire']) {
$maxexpire = $drow['maxexpire'];
}
if($total > 0) {
$query = "select COUNT(*) as `valid`
from `orgemailcerts` as `orgcerts` inner join `org`
@ -752,7 +752,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$valid = $drow['valid'];
$query = "select COUNT(*) as `expired`
from `orgemailcerts` as `orgcerts` inner join `org`
on `orgcerts`.`orgid` = `org`.`orgid`
@ -761,7 +761,7 @@ include_once($_SESSION['_config']['filepath']."/includes/notary.inc.php");
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$expired = $drow['expired'];
$query = "select COUNT(*) as `revoked`
from `orgemailcerts` as `orgcerts` inner join `org`
on `orgcerts`.`orgid` = `org`.`orgid`
@ -831,7 +831,7 @@ function showassuredto()
<td class="DataTD"><?=intval($drow['points'])?></td>
<td class="DataTD"><?=sanitizeHTML($drow['location'])?></td>
<td class="DataTD"><?=sanitizeHTML($drow['method'])?></td>
<td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>&amp;assurance=<?=intval($drow['id'])?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a></td>
<td class="DataTD"><a href="account.php?id=43&amp;userid=<?=intval($drow['to'])?>&amp;assurance=<?=intval($drow['id'])?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$drow['id'])?>');"><?=_("Revoke")?></a></td>
</tr>
<? } ?>
<tr>
@ -877,7 +877,7 @@ function showassuredby()
<td class="DataTD"><?=$drow['points']?></td>
<td class="DataTD"><?=$drow['location']?></td>
<td class="DataTD"><?=$drow['method']?></td>
<td class="DataTD"><a href="account.php?id=43&userid=<?=$drow['from']?>&assurance=<?=$drow['id']?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=_("Are you sure you want to revoke this assurance?")?>');"><?=_("Revoke")?></a></td>
<td class="DataTD"><a href="account.php?id=43&userid=<?=$drow['from']?>&assurance=<?=$drow['id']?>&amp;csrf=<?=make_csrf('admdelassurance')?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$drow['id'])?>');"><?=_("Revoke")?></a></td>
</tr>
<? } ?>
<tr>
@ -888,7 +888,7 @@ function showassuredby()
</table>
<? } ?>
<br><br>
<? } }
<? } }
switch ($_GET['shownotary'])
{