2005-03-12 19:40:24 +00:00
< ? /*
Copyright ( C ) 2004 by Duane Groth < duane_at_CAcert_dot_org >
This file is part of CAcert .
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address :
http :// www . cacert . org / src - lic . php
CAcert is distributed WITHOUT ANY WARRANTY ; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE . See the License for more details .
*/ ?>
< ?
// phpinfo(); exit;
include_once ( " ../includes/general.php " );
loadem ( " tverify " );
$id = intval ( $_GET [ 'id' ]);
if ( intval ( $_POST [ 'id' ]) > 0 )
$id = intval ( $_POST [ 'id' ]);
if ( $id == 1 )
{
$nofile = 1 ;
2005-05-13 15:34:39 +00:00
$filename = " " ;
2005-03-12 19:40:24 +00:00
$photoid = $_FILES [ 'photoid' ];
2005-05-13 15:34:39 +00:00
if ( $photoid [ 'error' ] == 0 && $_POST [ " notaryURL " ] != " " )
2005-03-12 19:40:24 +00:00
{
2005-05-13 15:34:39 +00:00
$filename = $photoid [ 'tmp_name' ];
$do = trim ( `file -b -i $filename` );
$type = strtolower ( $do );
2005-03-12 19:40:24 +00:00
switch ( $type )
{
case 'image/gif' : $ext = " gif " ; $nofile = 0 ; break ;
case 'image/jpeg' : $ext = " jpg " ; $nofile = 0 ; break ;
case 'image/jpg' : $ext = " jpg " ; $nofile = 0 ; break ;
case 'image/png' : $ext = " png " ; $nofile = 0 ; break ;
default :
$id = 0 ;
2005-05-13 15:34:39 +00:00
$_SESSION [ '_config' ][ 'errmsg' ] = _ ( " Only jpg, gif and png file types are acceptable, your browser sent a file of type: " ) . $type ;
2005-03-12 19:40:24 +00:00
}
}
}
if ( $id == 1 )
{
2005-05-13 15:34:39 +00:00
$email = mysql_escape_string ( $_POST [ " email " ]);
$password = mysql_escape_string ( $_POST [ " pword " ]);
$URL = mysql_escape_string ( $_POST [ " notaryURL " ]);
$CN = mysql_escape_string ( $_SESSION [ '_config' ][ 'CN' ]);
2005-03-12 19:40:24 +00:00
$memid = mysql_escape_string ( $_SESSION [ '_config' ][ 'uid' ]);
2005-05-13 15:34:39 +00:00
$user = mysql_fetch_assoc ( mysql_query ( " select * from `users` where `id`=' $memid ' " ));
$tmp = mysql_fetch_assoc ( mysql_query ( " select sum(`points`) as `points` from `notary` where `to`=' $memid ' " ));
if ( $URL != " " && $nofile == 0 )
$max = 150 ;
else if ( $URL != " " )
$max = 90 ;
else
$max = 50 ;
2005-11-08 10:06:04 +00:00
if ( substr ( $URL , 0 , strlen ( " https://www.thawte.com/cgi/personal/wot/directory.exe?node= " )) !=
" https://www.thawte.com/cgi/personal/wot/directory.exe?node= " )
{
showheader ( _ ( " Thawte Points Transfer " ));
echo _ ( " You failed to enter a valid Thawte Notary URL. " );
showfooter ();
exit ;
}
2005-05-13 15:34:39 +00:00
if ( $tmp [ 'points' ] >= $max )
2005-03-18 16:08:22 +00:00
{
2005-05-13 15:34:39 +00:00
showheader ( _ ( " Thawte Points Transfer " ));
2005-11-08 10:06:04 +00:00
echo _ ( " Your request would not gain you any more points and will not be taken any further. " ) .
sprintf ( _ ( " You have %s points already and you would have been issued up to %s points. " ), $tmp [ 'points' ], $max );
2005-05-13 15:34:39 +00:00
showfooter ();
exit ;
2005-03-18 16:08:22 +00:00
}
}
if ( $id == 1 )
{
2005-03-12 19:40:24 +00:00
$query = " select * from `users` where `id`=' $memid ' and `email`=' $email ' and `password`=password(' $password ') " ;
if ( mysql_num_rows ( mysql_query ( $query )) <= 0 )
{
$_SESSION [ '_config' ][ 'errmsg' ] = _ ( " I'm sorry, I couldn't match your login details to your certificate to an account on this system. " );
$id = 0 ;
} else {
$query = " insert into `tverify` set `memid`=' $memid ', `URL`=' $URL ', `CN`=' $CN ', `created`=NOW() " ;
mysql_query ( $query );
$tverify = mysql_insert_id ();
if ( $nofile == 0 )
{
$filename = $photoid [ 'tmp_name' ];
$newfile = mysql_escape_string ( '/www/photoid/' . $tverify . " . " . $ext );
move_uploaded_file ( $filename , $newfile );
$query = " update `tverify` set `photoid`=' $newfile ' where `id`=' $tverify ' " ;
mysql_query ( $query );
}
}
}
if ( $id == 1 )
{
2005-05-13 15:34:39 +00:00
$points = 0 ;
if ( $URL != " " && $newfile != " " )
$points = 150 - intval ( $tmp [ 'points' ]);
else if ( $URL != " " )
$points = 90 - intval ( $tmp [ 'points' ]);
else
$points = 50 - intval ( $tmp [ 'points' ]);
if ( $points < 0 )
$points = 0 ;
}
if ( $id == 1 && $max == 50 )
{
if ( $points > 0 )
{
mysql_query ( " insert into `notary` set `from`='0', `to`=' $memid ', `points`=' $points ',
`method` = 'Thawte Points Transfer' , `when` = NOW () " );
}
$totalpoints = intval ( $tmp [ 'points' ]) + $points ;
mysql_query ( " update `tverify` set `modified`=NOW() where `id`=' $tverify ' " );
$body = _ ( " Your request to have points transfered was sucessful. You were issued $points points as a result, and you now have $totalpoints in total " ) . " \n \n " ;
$body .= _ ( " Best regards " ) . " \n " ;
$body .= _ ( " CAcert Support Team " );
sendmail ( $user [ 'email' ], " [CAcert.org] Thawte Notary Points Transfer " , $body , " website-form@cacert.org " , " returns@cacert.org " , " " , " CAcert Tverify " );
} else if ( $id == 1 ) {
2005-03-12 19:40:24 +00:00
$body = " There is a new valid request for thawte points tranfer, details as follows: \n \n " ;
2005-11-08 10:06:04 +00:00
$body .= " To vote on this application, go to: https://www.cacert.org/account.php?id=52&uid= $tverify\n\n " ;
// $body .= "Primary email address: $email ($memid)\n";
// $body .= "Certificate Subject: $CN\n";
// if($URL != "")
// $body .= "Notary URL: $URL\n";
// if($URL != "" && $nofile == 0)
// $body .= "PhotoID URL: https://www.cacert.org/account.php?id=51&photoid=$tverify\n";
// $body .= "\nCurrent Points: ".$tmp['points']."\n\n";
$body .= " We know that by signing into https://tverify.cacert.org that \n " ;
$body .= " 1. they have possession of a cert issued from Thawte \n " ;
$body .= " 2. the person named in the cert has been verified by Thawte's Web of Trust \n " ;
$body .= " 3. at least 1 of the emails listed as valid in that cert belongs to a \n " ;
$body .= " CAcert.org user \n \n " ;
$body .= " It's up to us as voting members to verify the details that can't be \n " ;
$body .= " programatically handled, that means checking the ID, and signing into \n " ;
$body .= " the Thawte site and validating their name is listed as a notary. \n \n " ;
2005-03-12 19:40:24 +00:00
$body .= " Best regards " . " \n " ;
$body .= " CAcert Support Team " ;
2005-03-18 16:08:22 +00:00
sendmail ( " cacert-tverify@lists.cacert.org " , " [CAcert.org] Thawte Notary Points Transfer " , $body , " website-form@cacert.org " , " returns@cacert.org " , " " , " CAcert Tverify " );
2005-03-12 19:40:24 +00:00
}
showheader ( _ ( " Thawte Points Transfer " ));
includeit ( $id , " tverify " );
showfooter ();
?>