0) { $assurance = mysql_escape_string(intval($_REQUEST['assurance'])); $row = 0; $res = mysql_query("select `to` from `notary` where `id`='$assurance'"); if ($res) { $row = mysql_fetch_assoc($res); } mysql_query("delete from `notary` where `id`='$assurance'"); if ($row) { fix_assurer_flag($row['to']); } } if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0) { $emailsearch = $email = mysql_escape_string(stripslashes($_REQUEST['email'])); //Disabled to speed up the queries //if(!strstr($email, "%")) // $emailsearch = "%$email%"; if(intval($email) > 0) $emailsearch = ""; $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email` where `users`.`id`=`email`.`memid` and (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0 group by `users`.`id` limit 100"; $res = mysql_query($query); if(mysql_num_rows($res) > 1) { ?> = 100) { ?>

0) { $id = intval($_REQUEST['userid']); $query = "select * from `users` where `id`='$id' and `users`.`deleted`=0"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!"); } else { $row = mysql_fetch_assoc($res); $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."'"; $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); $alerts = mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($row['id'])."'")); ?>

:
:	')) return false;">
:
:
:
:	$i"; } ?> ".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y")))).""; } ?>
:	show
:
:
:
:
:
:
:
:
:	(0 = none, 1 = submit, 2 = approve)
:
:
:
:
:
:
:
- Q1:
- A1:
- Q2:
- A2:
- Q3:
- A3:
- Q4:
- A4:
- Q5:
- A5:
:

0) { ?>

:

0) { ?>

:

0) { // select domid's $query = "select id as domids from `domains` where `memid`='".intval($row['id'])."' "; $dres = mysql_query($query); $rcexpired = 0; $rcrevoked = 0; $rcexpiremax = "0000-00-00 00:00:00"; while ($drow = mysql_fetch_assoc($dres)) { $ndomid = intval($drow['domids']); $query2 = "select COUNT(id) as dexpired from `domaincerts` where `domid`='".$ndomid."' and revoked = '0000-00-00 00:00:00' and expire < now() "; $dres2 = mysql_query($query2); $drow2 = mysql_fetch_assoc($dres2); $rcexpired += intval($drow2['dexpired']); $query2 = "select COUNT(id) as drevoked from `domaincerts` where `domid`='".$ndomid."' and revoked != '0000-00-00 00:00:00' "; $dres2 = mysql_query($query2); $drow2 = mysql_fetch_assoc($dres2); $rcrevoked += intval($drow2['drevoked']); $query2 = "select expire as mexpire from `domaincerts` where `domid`='".$ndomid."' and revoked = '0000-00-00 00:00:00' order by expire desc "; $dres2 = mysql_query($query2); $drow2 = mysql_fetch_assoc($dres2); $rcexpiremax = max($rcexpiremax,$drow2['mexpire']); $rcactive = intval($rctotal)-intval($rcexpired)-intval($rcrevoked); } } ?> 0) { ?> 0) { $rcexpired = 0; $rcrevoked = 0; $rcexpiremax = "0000-00-00 00:00:00"; $query2 = "select COUNT(id) as eexpired from `emailcerts` where `memid`='".intval($row['id'])."' and revoked = '0000-00-00 00:00:00' and expire < now() "; $dres2 = mysql_query($query2); $drow2 = mysql_fetch_assoc($dres2); $rcexpired = intval($drow2['dexpired']); $query2 = "select COUNT(id) as erevoked from `emailcerts` where `memid`='".intval($row['id'])."' and revoked != '0000-00-00 00:00:00' "; $dres2 = mysql_query($query2); $drow2 = mysql_fetch_assoc($dres2); $rcrevoked = intval($drow2['erevoked']); $query2 = "select expire as eexpire from `emailcerts` where `memid`='".intval($row['id'])."' and revoked = '0000-00-00 00:00:00' order by expire desc "; $dres2 = mysql_query($query2); $drow2 = mysql_fetch_assoc($dres2); $rcexpiremax = $drow2['eexpire']; $rcactive = intval($rctotal)-intval($rcexpired)-intval($rcrevoked); ?> 0) { $rcexpired = 0; $rcexpiremax = "0000-00-00 00:00:00"; $query2 = "select COUNT(id) as gexpired from `gpg` where `memid`='".intval($row['id'])."' and expire < now() "; $dres2 = mysql_query($query2); $drow2 = mysql_fetch_assoc($dres2); $rcexpired = intval($drow2['gexpired']); /* $query2 = "select COUNT(id) as erevoked from `gpg` where `memid`='".intval($row['id'])."' and revoked != '0000-00-00 00:00:00' "; $dres2 = mysql_query($query2); $drow2 = mysql_fetch_assoc($dres2); $rcrevoked = intval($drow2['erevoked']); */ $query2 = "select expire as gexpire from `gpg` where `memid`='".intval($row['id'])."' order by expire desc "; $dres2 = mysql_query($query2); $drow2 = mysql_fetch_assoc($dres2); $rcexpiremax = $drow2['gexpire']; $rcactive = intval($rctotal)-intval($rcexpired); ?>

:
:					0)?"Pending":" ") ?>
:					0)?"Pending":" ") ?>
:
:					0)?"Pending":" ") ?>
:

"2009-06") { $ucrtdisp = _("between June 2009 and this year"); } elseif (substr($ucreated,0,7)>="2009-01") { $ucrtdisp = _("between January and June 2009"); } else { $ucrtdisp = _("before January 2009"); } if (substr($umodified,0,7)==substr($now,0,7)) { $umoddisp = _("this month"); } elseif (substr($umodified,0,4)==substr($now,0,4)) { $umoddisp = _("this year"); } elseif (substr($umodified,0,7)< (intval(substr($now,0,4))-2)."-".substr($now,5,2) ) { $umoddisp = _("before 2 years"); } elseif (substr($umodified,0,7)< (intval(substr($now,0,4))-1)."-".substr($now,5,2)) { $umoddisp = _("before 1 year"); } else { $umoddisp = _("within last 12 months"); } ?> don't list user account // User login -> impossible // Assurer, assure someone -> user displayed /* regular user account search with regular settings --- Admin Console find user query $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email` where `users`.`id`=`email`.`memid` and (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0 group by `users`.`id` limit 100"; => requirements 1. email.hash = '' 2. email.deleted = 0 3. users.deleted = 0 4. email.email = primary-email (???) or'd not covered by admin console find user routine, but may block users login 5. users.verified = 0|1 further "special settings" 6. users.locked (setting displayed in display form) 7. users.assurer_blocked (setting displayed in display form) --- User login user query select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or `password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0 => requirements 1. users.verified = 1 2. users.deleted = 0 3. users.locked = 0 4. users.email = primary-email --- Assurer, assure someone find user query select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' and `deleted`=0 => requirements 1. users.deleted = 0 2. users.email = primary-email Admin User Assurer bit Console Login assure someone 1. email.hash = '' Yes No No 2. email.deleted = 0 Yes No No 3. users.deleted = 0 Yes Yes Yes 4. users.verified = 1 No Yes No 5. users.locked = 0 No Yes No 6. users.email = prim-email No Yes Yes 7. email.email = prim-email Yes No No full usable account needs all 7 requirements fulfilled so if one setting isn't set/cleared there is an inconsistency either way if eg email.email is not avail, admin console cannot open user info but user can login and assurer can display user info if user verified is not set to 1, admin console displays user record but user cannot login, but assurer can search for the user and the data displays consistency check: 1. search primary-email in users.email 2. search primary-email in email.email 3. userid = email.memid 4. check settings from table 1. - 5. */ $inconsistency = 0; $inconsistencydisp = ""; $inccause = ""; // current userid intval($row['id']) $query = "select email as uemail, deleted as udeleted, verified, locked from `users` where `id`='".intval($row['id'])."' "; $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); $uemail = $drow['uemail']; $udeleted = $drow['udeleted']; $uverified = $drow['verified']; $ulocked = $drow['locked']; $query = "select hash, deleted as edeleted, email as eemail from `email` where `memid`='".intval($row['id'])."' and email='".$uemail."' "; $dres = mysql_query($query); if ($drow = mysql_fetch_assoc($dres)) { $eemail = $drow['eemail']; $edeleted = $drow['edeleted']; $ehash = $drow['hash']; if ($udeleted!=0) { $inconsistency += 1; $inccause .= (empty($inccause)?"":"
")._("Users record set to deleted"); } if ($uverified!=1) { $inconsistency += 2; $inccause .= (empty($inccause)?"":"
")._("Users record verified not set"); } if ($ulocked!=0) { $inconsistency += 4; $inccause .= (empty($inccause)?"":"
")._("Users record locked set"); } if ($edeleted!=0) { $inconsistency += 8; $inccause .= (empty($inccause)?"":"
")._("Email record set deleted"); } if ($ehash!='') { $inconsistency += 16; $inccause .= (empty($inccause)?"":"
")._("Email record hash not unset"); } } else { $inconsistency = 32; $inccause = _("Prim. email, Email record doesn't exist"); } if ($inconsistency>0) { // $inconsistencydisp = _("Yes"); ?>

:
:
:	code:
that needs to be fixed manualy thru arbitration/critical team.")?>

							');">
:

							');">
: