0) { $assurance = mysql_escape_string(intval($_REQUEST['assurance'])); $row = 0; $res = mysql_query("select `to` from `notary` where `id`='$assurance'"); if ($res) { $row = mysql_fetch_assoc($res); } mysql_query("delete from `notary` where `id`='$assurance'"); if ($row) { fix_assurer_flag($row['to']); } } if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0) { $emailsearch = $email = mysql_escape_string(stripslashes($_REQUEST['email'])); //Disabled to speed up the queries //if(!strstr($email, "%")) // $emailsearch = "%$email%"; // bug-975 ted+uli changes --- begin if(preg_match("/^[0-9]+$/", $email)) { // $email consists of digits only ==> search for IDs $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email` where `users`.`id`=`email`.`memid` and (`email`.`id`='$email' or `users`.`id`='$email') and `users`.`deleted`=0 group by `users`.`id` limit 100"; } else { // $email contains non-digits ==> search for mail addresses // Be defensive here (outer join) if primary mail is not listed in email table $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users` left outer join `email` on (`users`.`id`=`email`.`memid`) where ((`email`.`email` like '$emailsearch') or `users`.`email` like '$emailsearch') and `users`.`deleted`=0 group by `users`.`id` limit 100"; } // bug-975 ted+uli changes --- end $res = mysql_query($query); if(mysql_num_rows($res) > 1) { ?> = 100) { ?>


0) { $id = intval($_REQUEST['userid']); $query = "select * from `users` where `id`='$id' and `users`.`deleted`=0"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!"); } else { $row = mysql_fetch_assoc($res); $query = "select sum(`points`) as `points` from `notary` where `to`='".intval($row['id'])."'"; $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); $alerts = mysql_fetch_assoc(mysql_query("select * from `alerts` where `memid`='".intval($row['id'])."'")); ?>
:
:
')) return false;">
:
:
:
:
: show
:
:
:
:
:
:
:
:
: (0 = none, 1 = submit, 2 = approve)
:
:
:
:
:
:
:
- Q1:
- A1:
- Q2:
- A2:
- Q3:
- A3:
- Q4:
- A4:
- Q5:
- A5:
:

0) { ?>
:

0) { ?>
:

don't list user account // User login -> impossible // Assurer, assure someone -> user displayed /* regular user account search with regular settings --- Admin Console find user query $query = "select `users`.`id` as `id`, `email`.`email` as `email` from `users`,`email` where `users`.`id`=`email`.`memid` and (`email`.`email` like '$emailsearch' or `email`.`id`='$email' or `users`.`id`='$email') and `email`.`hash`='' and `email`.`deleted`=0 and `users`.`deleted`=0 group by `users`.`id` limit 100"; => requirements 1. email.hash = '' 2. email.deleted = 0 3. users.deleted = 0 4. email.email = primary-email (???) or'd not covered by admin console find user routine, but may block users login 5. users.verified = 0|1 further "special settings" 6. users.locked (setting displayed in display form) 7. users.assurer_blocked (setting displayed in display form) --- User login user query select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or `password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0 => requirements 1. users.verified = 1 2. users.deleted = 0 3. users.locked = 0 4. users.email = primary-email --- Assurer, assure someone find user query select * from `users` where `email`='".mysql_escape_string(stripslashes($_POST['email']))."' and `deleted`=0 => requirements 1. users.deleted = 0 2. users.email = primary-email Admin User Assurer bit Console Login assure someone 1. email.hash = '' Yes No No 2. email.deleted = 0 Yes No No 3. users.deleted = 0 Yes Yes Yes 4. users.verified = 1 No Yes No 5. users.locked = 0 No Yes No 6. users.email = prim-email No Yes Yes 7. email.email = prim-email Yes No No full usable account needs all 7 requirements fulfilled so if one setting isn't set/cleared there is an inconsistency either way if eg email.email is not avail, admin console cannot open user info but user can login and assurer can display user info if user verified is not set to 1, admin console displays user record but user cannot login, but assurer can search for the user and the data displays consistency check: 1. search primary-email in users.email 2. search primary-email in email.email 3. userid = email.memid 4. check settings from table 1. - 5. */ $inconsistency = 0; $inconsistencydisp = ""; $inccause = ""; // current userid intval($row['id']) $query = "select email as uemail, deleted as udeleted, verified, locked from `users` where `id`='".intval($row['id'])."' "; $dres = mysql_query($query); $drow = mysql_fetch_assoc($dres); $uemail = $drow['uemail']; $udeleted = $drow['udeleted']; $uverified = $drow['verified']; $ulocked = $drow['locked']; $query = "select hash, deleted as edeleted, email as eemail from `email` where `memid`='".intval($row['id'])."' and email='".$uemail."' "; $dres = mysql_query($query); if ($drow = mysql_fetch_assoc($dres)) { $eemail = $drow['eemail']; $edeleted = $drow['edeleted']; $ehash = $drow['hash']; if ($udeleted!=0) { $inconsistency += 1; $inccause .= (empty($inccause)?"":"
")._("Users record set to deleted"); } if ($uverified!=1) { $inconsistency += 2; $inccause .= (empty($inccause)?"":"
")._("Users record verified not set"); } if ($ulocked!=0) { $inconsistency += 4; $inccause .= (empty($inccause)?"":"
")._("Users record locked set"); } if ($edeleted!=0) { $inconsistency += 8; $inccause .= (empty($inccause)?"":"
")._("Email record set deleted"); } if ($ehash!='') { $inconsistency += 16; $inccause .= (empty($inccause)?"":"
")._("Email record hash not unset"); } } else { $inconsistency = 32; $inccause = _("Prim. email, Email record doesn't exist"); } if ($inconsistency>0) { // $inconsistencydisp = _("Yes"); ?>
:
code:
that needs to be fixed manualy thru arbitration/critical team.")?>

');">
:  

');">
: