/*
LibreSSL - CAcert web application
Copyright (C) 2004-2008 CAcert Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
if(array_key_exists('assurance',$_REQUEST) && $_REQUEST['assurance'] > 0)
{
$assurance = mysql_escape_string(intval($_REQUEST['assurance']));
mysql_query("delete from `notary` where `id`='$assurance'");
}
if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
{
$emailsearch = $email = mysql_escape_string(stripslashes($_REQUEST['email']));
//Disabled to speed up the queries
//if(!strstr($email, "%"))
// $emailsearch = "%$email%";
if(intval($email) > 0)
$emailsearch = "";
$query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email`
where `users`.`id`=`email`.`memid` and
(`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and
`email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0
group by `users`.`id` limit 100";
$res = mysql_query($query);
if(mysql_num_rows($res) > 1) { ?>
} elseif(mysql_num_rows($res) == 1) {
$row = mysql_fetch_assoc($res);
$_REQUEST['userid'] = $row['id'];
} else {
printf(_("No users found matching %s"), sanitizeHTML($email));
}
}
if(intval($_REQUEST['userid']) > 0)
{
$id = intval($_REQUEST['userid']);
$query = "select * from `users` where `id`='$id' and `users`.`deleted`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!");
} else {
$row = mysql_fetch_assoc($res);
$query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."'";
$dres = mysql_query($query);
$drow = mysql_fetch_assoc($dres);
$alerts = mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($row['id'])."'"));
?>
$query = "select * from `email` where `memid`='".intval($row['id'])."' and `deleted`=0 and `hash`=''
and `email`!='".mysql_escape_string($row['email'])."'";
$dres = mysql_query($query);
if(mysql_num_rows($dres) > 0) { ?>