cacert-webdb/www/api/cemails.php

48 lines
2 KiB
PHP
Raw Normal View History

2008-04-06 19:45:09 +00:00
<? /*
LibreSSL - CAcert web application
Copyright (C) 2004-2008 CAcert Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
$username = mysql_escape_string($_REQUEST['username']);
$password = mysql_escape_string($_REQUEST['password']);
2005-11-08 10:06:04 +00:00
2006-02-03 18:45:23 +00:00
$query = "select * from `users` where `email`='$username' and (`password`=old_password('$password') or `password`=sha1('$password'))";
2005-11-08 10:06:04 +00:00
$res = mysql_query($query);
if(mysql_num_rows($res) != 1)
die("403,That username couldn't be found\n");
echo "200,Authentication Ok\n";
$user = mysql_fetch_assoc($res);
$memid = $user['id'];
$query = "select sum(`points`) as `points` from `notary` where `to`='$memid' group by `to`";
$row = mysql_fetch_assoc(mysql_query($query));
$points = $row['points'];
echo "CS=".$user['codesign']."\n";
echo "NAME=CAcert WoT User\n";
if($points >= 50)
{
echo "NAME=".$user['fname']." ".$user['lname']."\n";
if($user['mname'] != "")
echo "NAME=".$user['fname']." ".$user['mname']." ".$user['lname']."\n";
if($user['suffix'] != "")
echo "NAME=".$user['fname']." ".$user['lname']." ".$user['suffix']."\n";
if($user['mname'] != "" && $user['suffix'] != "")
echo "NAME=".$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix']."\n";
}
$query = "select * from `email` where `memid`='$memid' and `hash`='' and `deleted`=0";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
echo "EMAIL=".$row['email']."\n";
?>