2008-04-06 19:45:09 +00:00
|
|
|
<? /*
|
|
|
|
LibreSSL - CAcert web application
|
|
|
|
Copyright (C) 2004-2008 CAcert Inc.
|
|
|
|
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
|
|
it under the terms of the GNU General Public License as published by
|
|
|
|
the Free Software Foundation; version 2 of the License.
|
|
|
|
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
GNU General Public License for more details.
|
|
|
|
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
|
|
along with this program; if not, write to the Free Software
|
|
|
|
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
|
|
|
*/
|
2005-11-20 08:16:55 +00:00
|
|
|
$username = mysql_escape_string($_REQUEST['username']);
|
|
|
|
$password = mysql_escape_string($_REQUEST['password']);
|
2005-11-08 10:06:04 +00:00
|
|
|
|
2006-02-03 18:45:23 +00:00
|
|
|
$query = "select * from `users` where `email`='$username' and (`password`=old_password('$password') or `password`=sha1('$password'))";
|
2005-11-08 10:06:04 +00:00
|
|
|
$res = mysql_query($query);
|
|
|
|
if(mysql_num_rows($res) != 1)
|
|
|
|
die("403,That username couldn't be found\n");
|
|
|
|
echo "200,Authentication Ok\n";
|
|
|
|
$user = mysql_fetch_assoc($res);
|
|
|
|
$memid = $user['id'];
|
|
|
|
$query = "select sum(`points`) as `points` from `notary` where `to`='$memid' group by `to`";
|
|
|
|
$row = mysql_fetch_assoc(mysql_query($query));
|
|
|
|
$points = $row['points'];
|
2008-11-24 12:43:36 +00:00
|
|
|
echo "CS=".intval($user['codesign'])."\n";
|
2005-11-08 10:06:04 +00:00
|
|
|
echo "NAME=CAcert WoT User\n";
|
|
|
|
if($points >= 50)
|
|
|
|
{
|
2008-11-24 12:43:36 +00:00
|
|
|
echo "NAME=".sanitizeHTML($user['fname'])." ".sanitizeHTML($user['lname'])."\n";
|
2005-11-08 10:06:04 +00:00
|
|
|
if($user['mname'] != "")
|
2008-11-24 12:43:36 +00:00
|
|
|
echo "NAME=".sanitizeHTML($user['fname'])." ".sanitizeHTML($user['mname'])." ".sanitizeHTML($user['lname'])."\n";
|
2005-11-08 10:06:04 +00:00
|
|
|
if($user['suffix'] != "")
|
2008-11-24 12:43:36 +00:00
|
|
|
echo "NAME=".sanitizeHTML($user['fname'])." ".sanitizeHTML($user['lname'])." ".sanitizeHTML($user['suffix'])."\n";
|
2005-11-08 10:06:04 +00:00
|
|
|
if($user['mname'] != "" && $user['suffix'] != "")
|
2008-11-24 12:43:36 +00:00
|
|
|
echo "NAME=".sanitizeHTML($user['fname'])." ".sanitizeHTML($user['mname'])." ".sanitizeHTML($user['lname'])." ".sanitizeHTML($user['suffix'])."\n";
|
2005-11-08 10:06:04 +00:00
|
|
|
}
|
|
|
|
$query = "select * from `email` where `memid`='$memid' and `hash`='' and `deleted`=0";
|
|
|
|
$res = mysql_query($query);
|
|
|
|
while($row = mysql_fetch_assoc($res))
|
|
|
|
echo "EMAIL=".$row['email']."\n";
|
|
|
|
?>
|