cacert
/
cacert-webdb
8
0
Fork 0
Code Issues Pull Requests 7 Projects Releases 2 Wiki Activity

Added Assurer Blocking and Training

Browse Source
pull/1/head
root 16 years ago
parent 0064f02fbb
commit faec927f04
1 changed files with 91 additions and 79 deletions
Show Stats Download Patch File Download Diff File

170
pages/account/43.php
Unescape Escape View File

@ -16,27 +16,27 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
<?
if($_REQUEST['assurance'] > 0)
{
$assurance = mysql_escape_string($_REQUEST['assurance']);
mysql_query("delete from `notary` where `id`='$assurance'");
}
if($_REQUEST['assurance'] > 0)
{
$assurance = mysql_escape_string($_REQUEST['assurance']);
mysql_query("delete from `notary` where `id`='$assurance'");
}
if(intval($_REQUEST['userid']) <= 0)
{
$emailsearch = $email = mysql_escape_string(stripslashes($_REQUEST['email']));
if(!strstr($email, "%"))
$emailsearch = "%$email%";
if(intval($email) > 0)
$emailsearch = "";
if(intval($_REQUEST['userid']) <= 0)
{
$emailsearch = $email = mysql_escape_string(stripslashes($_REQUEST['email']));
if(!strstr($email, "%"))
$emailsearch = "%$email%";
if(intval($email) > 0)
$emailsearch = "";
$query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email`
where `users`.`id`=`email`.`memid` and
(`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and
`email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0
group by `users`.`id` limit 100";
$res = mysql_query($query);
if(mysql_num_rows($res) > 1) { ?>
$query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email`
where `users`.`id`=`email`.`memid` and
(`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and
`email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0
group by `users`.`id` limit 100";
$res = mysql_query($query);
if(mysql_num_rows($res) > 1) { ?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="5" class="title"><?=_("Select Specific Account Details")?></td>
@ -46,8 +46,8 @@
<td class="DataTD"><?=_("Email")?></td>
</tr>
<?
while($row = mysql_fetch_assoc($res))
{ ?>
while($row = mysql_fetch_assoc($res))
{ ?>
<tr>
<td class="DataTD"><a href="account.php?id=43&userid=<?=$row['id']?>"><?=$row['id']?></a></td>
<td class="DataTD"><a href="account.php?id=43&userid=<?=$row['id']?>"><?=$row['email']?></a></td>
@ -62,28 +62,28 @@
</tr>
<? } ?>
</table><br><br>
<? } elseif(mysql_num_rows($res) == 1) {
$row = mysql_fetch_assoc($res);
$_REQUEST['userid'] = $row['id'];
} else {
printf(_("No users found matching %s"), $email);
}
}
<? } elseif(mysql_num_rows($res) == 1) {
$row = mysql_fetch_assoc($res);
$_REQUEST['userid'] = $row['id'];
} else {
printf(_("No users found matching %s"), $email);
}
}
if(intval($_REQUEST['userid']) > 0)
{
$id = intval($_REQUEST['userid']);
$query = "select * from `users` where `id`='$id' and `users`.`deleted`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
} else {
$row = mysql_fetch_assoc($res);
$query = "select sum(`points`) as `points` from `notary` where `to`='".$row['id']."'";
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$alerts = mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".$row['id']."'"));
if(intval($_REQUEST['userid']) > 0)
{
$id = intval($_REQUEST['userid']);
$query = "select * from `users` where `id`='$id' and `users`.`deleted`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
} else {
$row = mysql_fetch_assoc($res);
$query = "select sum(`points`) as `points` from `notary` where `to`='".$row['id']."'";
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$alerts = mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".$row['id']."'"));
?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
@ -104,10 +104,10 @@
<tr>
<td class="DataTD"><?=_("Last Name")?>:</td>
<td class="DataTD"><form method="post" action="account.php" onSubmit="if(!confirm('Are you sure you want to modify this DOB and/or last name?')) return false;">
<input type="hidden" name="oldid" value="43">
<input type="hidden" name="action" value="updatedob">
<input type="hidden" name="userid" value="<?=$id?>">
<input type="text" name="lname" value="<?=$row['lname']?>"></td>
<input type="hidden" name="oldid" value="43">
<input type="hidden" name="action" value="updatedob">
<input type="hidden" name="userid" value="<?=$id?>">
<input type="text" name="lname" value="<?=$row['lname']?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Suffix")?>:</td>
@ -117,10 +117,10 @@
<td class="DataTD"><?=_("Date of Birth")?>:</td>
<td class="DataTD">
<?
$year = intval(substr($row['dob'], 0, 4));
$month = intval(substr($row['dob'], 5, 2));
$day = intval(substr($row['dob'], 8, 2));
?><nobr><select name="day">
$year = intval(substr($row['dob'], 0, 4));
$month = intval(substr($row['dob'], 5, 2));
$day = intval(substr($row['dob'], 8, 2));
?><nobr><select name="day">
<?
for($i = 1; $i <= 31; $i++)
{
@ -145,6 +145,18 @@
<input type="text" name="year" value="<?=$year?>" size="4">
<input type="submit" value="Go"></form></nobr></td>
</tr>
<tr>
<td class="DataTD"><?=_("Trainings")?>:</td>
<td class="DataTD"><a href="account.php?id=55&userid=<?=$row['id']?>">show</a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Is Assurer")?>:</td>
<td class="DataTD"><a href="account.php?id=43&assurer=<?=$row['id']?>"><?=$row['assurer']?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Blocked Assurer")?>:</td>
<td class="DataTD"><a href="account.php?id=43&assurer_blocked=<?=$row['id']?>"><?=$row['assurer_blocked']?></a></td>
</tr>
<tr>
<td class="DataTD"><?=_("Account Locking")?>:</td>
<td class="DataTD"><a href="account.php?id=43&locked=<?=$row['id']?>"><?=$row['locked']?></a></td>
@ -202,8 +214,8 @@
<td class="DataTD"><a href="account.php?id=50&userid=<?=$row['id']?>"><?=_("Delete Account")?></a></td>
</tr>
<?
// This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!!
if($_GET['showlostpw'] != "yes") {
// This is intensionally a $_GET for audit purposes. DO NOT CHANGE!!!
if($_GET['showlostpw'] != "yes") {
?>
<tr>
<td class="DataTD" colspan="2"><a href="account.php?id=43&userid=<?=$row['id']?>&showlostpw=yes"><?=_("Show Lost Password Details")?></a></td>
@ -256,17 +268,17 @@
</tr>
</table>
<br><?
$query = "select * from `email` where `memid`='".$row['id']."' and `deleted`=0 and `hash`=''
and `email`!='".$row['email']."'";
$dres = mysql_query($query);
if(mysql_num_rows($dres) > 0) { ?>
$query = "select * from `email` where `memid`='".$row['id']."' and `deleted`=0 and `hash`=''
and `email`!='".$row['email']."'";
$dres = mysql_query($query);
if(mysql_num_rows($dres) > 0) { ?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="5" class="title"><?=_("Alternate Verified Email Addresses")?></td>
</tr><?
$rc = mysql_num_rows($dres);
while($drow = mysql_fetch_assoc($dres))
{ ?>
$rc = mysql_num_rows($dres);
while($drow = mysql_fetch_assoc($dres))
{ ?>
<tr>
<td class="DataTD"><?=_("Secondary Emails")?>:</td>
<td class="DataTD"><?=$drow['email']?></td>
@ -275,16 +287,16 @@
</table>
<br><? } ?>
<?
$query = "select * from `domains` where `memid`='".$row['id']."' and `deleted`=0 and `hash`=''";
$dres = mysql_query($query);
if(mysql_num_rows($dres) > 0) { ?>
$query = "select * from `domains` where `memid`='".$row['id']."' and `deleted`=0 and `hash`=''";
$dres = mysql_query($query);
if(mysql_num_rows($dres) > 0) { ?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="5" class="title"><?=_("Verified Domains")?></td>
</tr><?
$rc = mysql_num_rows($dres);
while($drow = mysql_fetch_assoc($dres))
{ ?>
$rc = mysql_num_rows($dres);
while($drow = mysql_fetch_assoc($dres))
{ ?>
<tr>
<td class="DataTD"><?=_("Domain")?>:</td>
<td class="DataTD"><?=$drow['domain']?></td>
@ -306,13 +318,13 @@
<td class="DataTD"><b><?=_("Revoke")?></b></td>
</tr>
<?
$query = "select * from `notary` where `to`='".$row['id']."'";
$dres = mysql_query($query);
$points = 0;
while($drow = mysql_fetch_assoc($dres))
{
$fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$drow['from']."'"));
$points += $drow['points'];
$query = "select * from `notary` where `to`='".$row['id']."'";
$dres = mysql_query($query);
$points = 0;
while($drow = mysql_fetch_assoc($dres))
{
$fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$drow['from']."'"));
$points += $drow['points'];
?>
<tr>
<td class="DataTD"><?=$drow['date']?></td>
@ -343,13 +355,13 @@
<td class="DataTD"><b><?=_("Revoke")?></b></td>
</tr>
<?
$query = "select * from `notary` where `from`='".$row['id']."' and `to`!='".$row['id']."'";
$dres = mysql_query($query);
$points = 0;
while($drow = mysql_fetch_assoc($dres))
{
$fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$drow['to']."'"));
$points += $drow['points'];
$query = "select * from `notary` where `from`='".$row['id']."' and `to`!='".$row['id']."'";
$dres = mysql_query($query);
$points = 0;
while($drow = mysql_fetch_assoc($dres))
{
$fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$drow['to']."'"));
$points += $drow['points'];
?>
<tr>
<td class="DataTD"><?=$drow['date']?></td>

Write Preview
Loading…
Cancel
Save