tverify updates

19 years ago · 2f92ab9aba
parent 6e5332f5b5
commit 2f92ab9aba
10 changed files with 211 additions and 13 deletions
--- a/includes/account.php
+++ b/includes/account.php
@ -1878,6 +1878,119 @@
 		}
 	}

+	if(($id == 51 || $id == 52 || $oldid == 52) && $_SESSION['profile']['tverify'] <= 0)
+	{
+		showheader(_("My CAcert.org Account!"));
+		echo _("You don't have access to this area.");
+		showfooter();
+		exit;
+	}
+
+	if($oldid == 52)
+	{
+		$uid = intval($_POST['uid']);
+		$query = "select * from `tverify` where `id`='$uid' and `modified`=0";
+		$rc = mysql_num_rows(mysql_query($query));
+		if($rc <= 0)
+		{
+			showheader(_("My CAcert.org Account!"));
+			echo _("Unable to find a valid tverify request for this ID.");
+			showfooter();
+			exit;
+		}
+	}
+
+	if($oldid == 52)
+	{
+		$query = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".$_SESSION['profile']['id']."'";
+		$rc = mysql_num_rows(mysql_query($query));
+		if($rc > 0)
+		{
+			showheader(_("My CAcert.org Account!"));
+			echo _("You have already voted on this request.");
+			showfooter();
+			exit;
+		}
+	}
+
+	if($oldid == 52 && ($_POST['agree'] != "" || $_POST['disagree'] != ""))
+	{
+		$vote = -1;
+		if($_POST['agree'] != "")
+			$vote = 1;
+
+		$query = "insert into `tverify-vote` set
+				`tverify`='$uid',
+				`memid`='".$_SESSION['profile']['id']."',
+				`when`=NOW(), `vote`='$vote',
+				`comment`='".mysql_escape_string($_POST['comment'])."'";
+		mysql_query($query);
+
+		$rc = mysql_num_rows(mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='1'"));
+		if($rc >= 4)
+		{
+			mysql_query("update `tverify` set `modified`=NOW() where `id`='$uid'");
+			$tverify = mysql_fetch_assoc(mysql_query("select * from `tverify` where `id`='$uid'"));
+			$memid = $tverify['memid'];
+			$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$memid'"));
+			$tmp = mysql_fetch_assoc(mysql_query("select sum(`points`) as `points` from `notary` where `to`='$memid'"));
+
+			$points = 0;
+			if($tverify['URL'] != "" && $tverify['photoid'] != "")
+				$points = 150 - intval($tmp['points']);
+			if($tverify['URL'] != "" && $tverify['photoid'] == "")
+				$points = 90 - intval($tmp['points']);
+			if($tverify['URL'] == "" && $tverify['photoid'] == "")
+				$points = 50 - intval($tmp['points']);
+
+			if($points < 0)
+				$points = 0;
+
+			if($points > 0)
+			{
+				mysql_query("insert into `notary` set `from`='0', `to`='$memid', `points`='$points',
+						`method`='Thawte Points Transfer', `when`=NOW()");
+			}
+			$totalpoints = intval($tmp['points']) + $points;
+
+			$body  = _("Your request to have points transfered was sucessful. You were issued $points points as a result, and you now have $totalpoints in total")."\n\n"._("The following comments were made by reviewers")."\n\n";
+			$res = mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='1'");
+			while($row = mysql_fetch_assoc($res))
+				$body .= $row['comment']."\n";
+			$body .= "\n";
+			
+			$body .= _("Best regards")."\n";
+			$body .= _("CAcert Support Team");
+			sendmail($user['email'], "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "returns@cacert.org", "", "CAcert Tverify");
+		}
+
+		$rc = mysql_num_rows(mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='-1'"));
+		if($rc >= 4)
+		{
+			mysql_query("update `tverify` set `modified`=NOW() where `id`='$uid'");
+			$tverify = mysql_fetch_assoc(mysql_query("select * from `tverify` where `id`='$uid'"));
+			$memid = $tverify['memid'];
+			$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$memid'"));
+
+			$body  = _("Unfortunately your request for a points increase has been denied, below is the comments from people that reviewed your request as to why they rejected your application.")."\n\n";
+			$res = mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='-1'");
+			while($row = mysql_fetch_assoc($res))
+				$body .= $row['comment']."\n";
+			$body .= "\n";
+
+			$body .= _("You are welcome to try submitting another request at any time in the future, please make sure you take the reviewer comments into consideration or you risk having your application rejected again.")."\n\n";
+			
+			$body .= _("Best regards")."\n";
+			$body .= _("CAcert Support Team");
+			sendmail($user['email'], "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "returns@cacert.org", "", "CAcert Tverify");
+		}
+
+		showheader(_("My CAcert.org Account!"));
+		echo _("Your vote has been accepted.");
+		showfooter();
+		exit;
+	}
+
 	if(intval($cert) > 0)
 		$_SESSION['_config']['cert'] = intval($cert);
 	if(intval($orgid) > 0)
--- a/pages/account/40.php
+++ b/pages/account/40.php
@ -17,7 +17,7 @@
 <p><b><?=_("General Questions")?></b></p>
 <p><b><?=_("PLEASE NOTE: Due to the large amounts of support questions, incorrectly directed emails may be ignored, this is a volunteer effort and directing general questions to the right place will help everyone, including yourself as you will get a speedier reply.")?></b></p>
 <p><?=_("Before contacting us, be sure to read over the inforation on our official and unofficial HowTo and FAQ pages.")?> - <a href="http://www.CAcert.org/help.php"><?=_("Go here for more details.")?></a></p>
-<p><?=_("General questions about CAcert should be sent to the general support list, this list has many more volunteers then those directly involved with the running of the website. While it's best if you sign up to the mailing list to get replied to, you don't have to, but please make sure you note this in your email, otherwise it might seem like you didn't get a reply to your question.")?></p>
+<p><?=_("General questions about CAcert should be sent to the general support list, please send all emails in ENGLISH only, this list has many more volunteers then those directly involved with the running of the website, everyone on the mailing list understands english, even if this isn't their native language this will increase your chance at a competent reply. While it's best if you sign up to the mailing list to get replied to, you don't have to, but please make sure you note this in your email, otherwise it might seem like you didn't get a reply to your question.")?></p>
 <p><a href="http://lists.cacert.org/cgi-bin/mailman/listinfo/cacert-support"><?=_("Click here to go to the Support List")?></a></p>
 <p><?=_("You can alternatively use the form below, however joining the list is the prefered option to support your queries")?></p>
 <p><form method="post" action="<?=$_SERVER['PHP_SELF']?>">
--- a/pages/account/51.php
+++ b/pages/account/51.php
@ -0,0 +1,24 @@
+<? /*
+    Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
+
+    This file is part of CAcert.
+
+    CAcert has been released under the CAcert Source License
+    which can be found included with these source files or can
+    be downloaded from the internet from the following address:
+    http://www.cacert.org/src-lic.php
+
+    CAcert is distributed WITHOUT ANY WARRANTY; without even
+    the implied warranty of MERCHANTABILITY or FITNESS FOR A
+    PARTICULAR PURPOSE.  See the License for more details.
+*/ ?>
+<? if($_SESSION['profile']['tverify'] <= 0) { echo _("You don't have access to this area."); } else { ?>
+<?
+	$uid = intval($_GET['photoid']);
+	$query = "select * from `tverify` where `id`='$uid' and `modified`=0";
+	$res = mysql_query($query);
+	if(mysql_num_rows($res) > 0) { ?>
+<img src="account.php?id=51&photoid=<?=$_GET['photoid']?>&img=show" border="0" width="800">
+<? } else { ?>
+<?=_("Unable to locate a valid request for that UID.")?>
+<? } } ?>
--- a/pages/account/52.php
+++ b/pages/account/52.php
@ -0,0 +1,48 @@
+<? /*
+    Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
+
+    This file is part of CAcert.
+
+    CAcert has been released under the CAcert Source License
+    which can be found included with these source files or can
+    be downloaded from the internet from the following address:
+    http://www.cacert.org/src-lic.php
+
+    CAcert is distributed WITHOUT ANY WARRANTY; without even
+    the implied warranty of MERCHANTABILITY or FITNESS FOR A
+    PARTICULAR PURPOSE.  See the License for more details.
+*/ ?>
+<? if($_SESSION['profile']['tverify'] <= 0) { echo _("You don't have access to this area."); } else { ?>
+<?
+	$uid = intval($_GET['uid']);
+	$query = "select * from `tverify` where `id`='$uid' and `modified`=0";
+	$res = mysql_query($query);
+	if(mysql_num_rows($res) > 0)
+	{
+		$row = mysql_fetch_assoc($res);
+		$memid = $row['memid'];
+		$query = "select sum(`points`) as `points` from `notary` where `to`='$memid'";
+		$notary = mysql_fetch_assoc(mysql_query($query));
+		$query = "select * from `users` where `id`='$memid'";
+		$user = mysql_fetch_assoc(mysql_query($query));
+?>
+<?=_("Request Details")?>:<br>
+<?=_("Name on file")?>: <?=$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix']?><br>
+<?=_("Primary email address")?>: <?=$user['email']." (".$user['id'].")"?><br>
+<?=_("Certificate Subject")?>: <?=$row['CN']?><br>
+<?=_("Notary URL")?>: <a href="<?=$row['URL']?>"><?=$row['URL']?></a><br>
+<?=_("Photo ID URL")?>: <a href="/account.php?id=51&photoid=<?=$row['id']?>"><?=_("Here")?></a><br>
+<?=_("Current Points")?>: <?=intval($notary['points'])?><br>
+<?=_("Date of Birth")?>: <?=$user['dob']?> (YYYY-MM-DD)<br>
+
+<br>
+<form method="post" action="account.php">
+<?=_("Comment")?>: <input type="text" name="comment"><br>
+<input type="submit" name="agree" value="<?=_("I agree with this Application")?>">
+<input type="submit" name="disagree" value="<?=_("I don't agree with this Application")?>">
+<input type="hidden" name="oldid" value="<?=$_GET['id']?>">
+<input type="hidden" name="uid" value="<?=$uid?>">
+</form>
+<? } else { ?>
+<?=_("Unable to locate a valid request for that UID.")?>
+<? } } ?>
--- a/pages/index/11.php
+++ b/pages/index/11.php
@ -17,7 +17,7 @@
 <p><b><?=_("General Questions")?></b></p>
 <p><b><?=_("PLEASE NOTE: Due to the large amounts of support questions, incorrectly directed emails may be ignored, this is a volunteer effort and directing general questions to the right place will help everyone, including yourself as you will get a speedier reply.")?></b></p>
 <p><?=_("Before contacting us, be sure to read over the inforation on our official and unofficial HowTo and FAQ pages.")?> - <a href="http://www.CAcert.org/help.php"><?=_("Go here for more details.")?></a></p>
-<p><?=_("General questions about CAcert should be sent to the general support list, this list has many more volunteers then those directly involved with the running of the website. While it's best if you sign up to the mailing list to get replied to, you don't have to, but please make sure you note this in your email, otherwise it might seem like you didn't get a reply to your question.")?></p>
+<p><?=_("General questions about CAcert should be sent to the general support list, please send all emails in ENGLISH only, this list has many more volunteers then those directly involved with the running of the website, everyone on the mailing list understands english, even if this isn't their native language this will increase your chance at a competent reply. While it's best if you sign up to the mailing list to get replied to, you don't have to, but please make sure you note this in your email, otherwise it might seem like you didn't get a reply to your question.")?></p>
 <p><a href="http://lists.cacert.org/cgi-bin/mailman/listinfo/cacert-support"><?=_("Click here to go to the Support List")?></a></p>
 <p><?=_("You can alternatively use the form below, however joining the list is the prefered option to support your queries")?></p>
 <p><form method="post" action="<?=$_SERVER['PHP_SELF']?>">
--- a/pages/wot/2.php
+++ b/pages/wot/2.php
@ -14,15 +14,15 @@
 */ ?>
 <h3><?=_("To become an Assurer")?></h3>

-<p><?=_("There is several ways to become a CAcert Assurer, the most common of which is face to face meetings with existing assurers, who check your ID documents (you need to show 2 government issued photo ID where possible otherwise you won't be allocated as many points!).")?></p>
+<p><?=_("There are several ways to become a CAcert Assurer, the most common of which is face to face meetings with existing assurers, who check your ID documents (you need to show 2 government issued photo ID where possible otherwise you won't be allocated as many points!).")?></p>

-<p><?=_("You can also become a CAcert Assurer by seeking out a public notary, justice of the peace, accountant, lawyer or bank manager. You will need to download and print out a copy of the TTP.pdf and fill in your sections. You will need to produce a photo copy of your ID, which the person assurance you will inspect against the originals. Once they are satisfied the documents appear to be genuine they need to sign the back of the photo copies, and fill in their sections of the TTP document. Once you have had your ID verified by 2 different people, pop the copies + forms in an envelope and post them to:")?></p>
+<p><?=_("You can also become a CAcert Assurer by seeking out a public notary, justice of the peace, accountant, lawyer or bank manager. You will need to download and print out a copy of the TTP.pdf and fill in your sections. You will need to produce a photo copy of your ID, which the person assuring you will inspect against the originals. Once they are satisfied the documents appear to be genuine they need to sign the back of the photo copies, and fill in their sections of the TTP document. Once you have had your ID verified by 2 different people, pop the copies + forms in an envelope and post them to:")?></p>

 <p>CAcert Inc.<br>
 P.O. Box 75<br>
 Banksia NSW 2216<br>
 Australia</p>

-<p><?=_("Apon receiving your documents you will be notified, and points will be added to your account.")?></p>
+<p><?=_("Upon receiving your documents you will be notified, and points will be added to your account.")?></p>

-<p><?=_("The only other way to receive assurance points is to have had your identity checked by a third party CA, whose policies are suitably set to not let identity fraud run rampent. Please contact us if you would like more details about this.")?></p>
+<p><?=_("The only other way to receive assurance points is to have had your identity checked by a third party CA, whose policies are suitably set to not let identity fraud run rampant. Please contact us if you would like more details about this.")?></p>
--- a/pages/wot/6.php
+++ b/pages/wot/6.php
@ -71,11 +71,11 @@
  </tr>
  <tr>
    <td class="DataTD"><?=_("Location")?>:</td>
-    <td class="DataTD"><input type="text" name="location" value="<?=$_POST['location']?>"></td>
+    <td class="DataTD"><input type="text" name="location" value="<?=$_SESSION['_config']['location']?>"></td>
  </tr>
  <tr>
    <td class="DataTD"><?=_("Date")?>:</td>
-    <td class="DataTD"><input type="text" name="date" value="<?=$_POST['date']?>"><br><?=_("Only fill this in if you assured the person on a different day")?></td>
+    <td class="DataTD"><input type="text" name="date" value="<?=$_SESSION['_config']['date']?>"><br><?=_("Only fill this in if you assured the person on a different day")?></td>
  </tr>
 <? if($_SESSION['profile']['board'] == 1 && $_SESSION['_config']['pointsalready'] <= 1500) { ?>
  <tr>
--- a/tverify/index.php
+++ b/tverify/index.php
@ -44,6 +44,15 @@
 	if($id == 1)
 	{
 		$memid = mysql_escape_string($_SESSION['_config']['uid']);
+		if(mysql_num_rows(mysql_query("select * from `tverify` where `memid`='$memid'")) > 0)
+		{
+			$id = 0;
+			$_SESSION['_config']['errmsg'] = _("Unable to continue, request already exists.");
+		}
+	}
+
+	if($id == 1)
+	{
 		$email = mysql_escape_string($_POST["email"]);
 		$password = mysql_escape_string($_POST["pword"]);
 		$URL = mysql_escape_string($_POST["notaryURL"]);
@ -89,9 +98,7 @@
 		$body .= "Best regards"."\n";
 		$body .= "CAcert Support Team";

-		
-//		sendmail("cacert-tverify@lists.cacert.org", "[CAcert.org] Thawte Notary Points Transfer", $body, "@cacert.org", "returns@cacert.org", "", "CAcert Tverify");
-		sendmail("duane@cacert.org", "[CAcert.org] Thawte Notary Points Transfer", $body, "@cacert.org", "returns@cacert.org", "", "CAcert Tverify");
+		sendmail("cacert-tverify@lists.cacert.org", "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "returns@cacert.org", "", "CAcert Tverify");
 	}

 	showheader(_("Thawte Points Transfer"));
--- a/www/disputes.php
+++ b/www/disputes.php
@ -66,8 +66,8 @@
 				mysql_query($query);
 			}
 			mysql_query("update `disputeemail` set hash='',action='accept' where `id`='$emailid'");
-	                $rc = mysql_num_rows("select * from `domains` where `memid`='$oldmemid' and `deleted`=0");
-        	        $rc = mysql_num_rows("select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'");
+	                $rc = mysql_num_rows(mysql_query("select * from `domains` where `memid`='$oldmemid' and `deleted`=0"));
+        	        $rc = mysql_num_rows(mysql_query("select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'"));
        	        $res = mysql_query("select * from `users` where `id`='$oldmemid'");
 	                $user = mysql_fetch_assoc($res);
 			if($rc == 0 && $rc2 == 0 && $_SESSION['_config']['email'] == $user['email'])
--- a/www/wot.php
+++ b/www/wot.php
@ -17,6 +17,12 @@

 	loadem("account");

+	if($_POST['date'] != "")
+		$_SESSION['_config']['date'] = $_POST['date'];
+
+	if($_POST['location'] != "")
+		$_SESSION['_config']['location'] = $_POST['location'];
+
 	if(($id == 5 || $oldid == 5 || $id == 6 || $oldid == 6) && $_SESSION['profile']['points'] < 100)
 	{
 		showheader(_("My CAcert.org Account!"));