From 2f92ab9aba539e0596e7ce4edf985123f1ae2a07 Mon Sep 17 00:00:00 2001
From: root <root@www.cacert.org>
Date: Fri, 18 Mar 2005 16:08:22 +0000
Subject: [PATCH] tverify updates

---
 includes/account.php | 113 +++++++++++++++++++++++++++++++++++++++++++
 pages/account/40.php |   2 +-
 pages/account/51.php |  24 +++++++++
 pages/account/52.php |  48 ++++++++++++++++++
 pages/index/11.php   |   2 +-
 pages/wot/2.php      |   8 +--
 pages/wot/6.php      |   4 +-
 tverify/index.php    |  13 +++--
 www/disputes.php     |   4 +-
 www/wot.php          |   6 +++
 10 files changed, 211 insertions(+), 13 deletions(-)
 create mode 100644 pages/account/51.php
 create mode 100644 pages/account/52.php

diff --git a/includes/account.php b/includes/account.php
index 4a5a5f3..bb9c5cf 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -1878,6 +1878,119 @@
 		}
 	}
 
+	if(($id == 51 || $id == 52 || $oldid == 52) && $_SESSION['profile']['tverify'] <= 0)
+	{
+		showheader(_("My CAcert.org Account!"));
+		echo _("You don't have access to this area.");
+		showfooter();
+		exit;
+	}
+
+	if($oldid == 52)
+	{
+		$uid = intval($_POST['uid']);
+		$query = "select * from `tverify` where `id`='$uid' and `modified`=0";
+		$rc = mysql_num_rows(mysql_query($query));
+		if($rc <= 0)
+		{
+			showheader(_("My CAcert.org Account!"));
+			echo _("Unable to find a valid tverify request for this ID.");
+			showfooter();
+			exit;
+		}
+	}
+
+	if($oldid == 52)
+	{
+		$query = "select * from `tverify-vote` where `tverify`='$uid' and `memid`='".$_SESSION['profile']['id']."'";
+		$rc = mysql_num_rows(mysql_query($query));
+		if($rc > 0)
+		{
+			showheader(_("My CAcert.org Account!"));
+			echo _("You have already voted on this request.");
+			showfooter();
+			exit;
+		}
+	}
+
+	if($oldid == 52 && ($_POST['agree'] != "" || $_POST['disagree'] != ""))
+	{
+		$vote = -1;
+		if($_POST['agree'] != "")
+			$vote = 1;
+
+		$query = "insert into `tverify-vote` set
+				`tverify`='$uid',
+				`memid`='".$_SESSION['profile']['id']."',
+				`when`=NOW(), `vote`='$vote',
+				`comment`='".mysql_escape_string($_POST['comment'])."'";
+		mysql_query($query);
+
+		$rc = mysql_num_rows(mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='1'"));
+		if($rc >= 4)
+		{
+			mysql_query("update `tverify` set `modified`=NOW() where `id`='$uid'");
+			$tverify = mysql_fetch_assoc(mysql_query("select * from `tverify` where `id`='$uid'"));
+			$memid = $tverify['memid'];
+			$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$memid'"));
+			$tmp = mysql_fetch_assoc(mysql_query("select sum(`points`) as `points` from `notary` where `to`='$memid'"));
+
+			$points = 0;
+			if($tverify['URL'] != "" && $tverify['photoid'] != "")
+				$points = 150 - intval($tmp['points']);
+			if($tverify['URL'] != "" && $tverify['photoid'] == "")
+				$points = 90 - intval($tmp['points']);
+			if($tverify['URL'] == "" && $tverify['photoid'] == "")
+				$points = 50 - intval($tmp['points']);
+
+			if($points < 0)
+				$points = 0;
+
+			if($points > 0)
+			{
+				mysql_query("insert into `notary` set `from`='0', `to`='$memid', `points`='$points',
+						`method`='Thawte Points Transfer', `when`=NOW()");
+			}
+			$totalpoints = intval($tmp['points']) + $points;
+
+			$body  = _("Your request to have points transfered was sucessful. You were issued $points points as a result, and you now have $totalpoints in total")."\n\n"._("The following comments were made by reviewers")."\n\n";
+			$res = mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='1'");
+			while($row = mysql_fetch_assoc($res))
+				$body .= $row['comment']."\n";
+			$body .= "\n";
+			
+			$body .= _("Best regards")."\n";
+			$body .= _("CAcert Support Team");
+			sendmail($user['email'], "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "returns@cacert.org", "", "CAcert Tverify");
+		}
+
+		$rc = mysql_num_rows(mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='-1'"));
+		if($rc >= 4)
+		{
+			mysql_query("update `tverify` set `modified`=NOW() where `id`='$uid'");
+			$tverify = mysql_fetch_assoc(mysql_query("select * from `tverify` where `id`='$uid'"));
+			$memid = $tverify['memid'];
+			$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$memid'"));
+
+			$body  = _("Unfortunately your request for a points increase has been denied, below is the comments from people that reviewed your request as to why they rejected your application.")."\n\n";
+			$res = mysql_query("select * from `tverify-vote` where `tverify`='$uid' and `vote`='-1'");
+			while($row = mysql_fetch_assoc($res))
+				$body .= $row['comment']."\n";
+			$body .= "\n";
+
+			$body .= _("You are welcome to try submitting another request at any time in the future, please make sure you take the reviewer comments into consideration or you risk having your application rejected again.")."\n\n";
+			
+			$body .= _("Best regards")."\n";
+			$body .= _("CAcert Support Team");
+			sendmail($user['email'], "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "returns@cacert.org", "", "CAcert Tverify");
+		}
+
+		showheader(_("My CAcert.org Account!"));
+		echo _("Your vote has been accepted.");
+		showfooter();
+		exit;
+	}
+
 	if(intval($cert) > 0)
 		$_SESSION['_config']['cert'] = intval($cert);
 	if(intval($orgid) > 0)
diff --git a/pages/account/40.php b/pages/account/40.php
index 50ce311..758e4fa 100644
--- a/pages/account/40.php
+++ b/pages/account/40.php
@@ -17,7 +17,7 @@
 <p><b><?=_("General Questions")?></b></p>
 <p><b><?=_("PLEASE NOTE: Due to the large amounts of support questions, incorrectly directed emails may be ignored, this is a volunteer effort and directing general questions to the right place will help everyone, including yourself as you will get a speedier reply.")?></b></p>
 <p><?=_("Before contacting us, be sure to read over the inforation on our official and unofficial HowTo and FAQ pages.")?> - <a href="http://www.CAcert.org/help.php"><?=_("Go here for more details.")?></a></p>
-<p><?=_("General questions about CAcert should be sent to the general support list, this list has many more volunteers then those directly involved with the running of the website. While it's best if you sign up to the mailing list to get replied to, you don't have to, but please make sure you note this in your email, otherwise it might seem like you didn't get a reply to your question.")?></p>
+<p><?=_("General questions about CAcert should be sent to the general support list, please send all emails in ENGLISH only, this list has many more volunteers then those directly involved with the running of the website, everyone on the mailing list understands english, even if this isn't their native language this will increase your chance at a competent reply. While it's best if you sign up to the mailing list to get replied to, you don't have to, but please make sure you note this in your email, otherwise it might seem like you didn't get a reply to your question.")?></p>
 <p><a href="http://lists.cacert.org/cgi-bin/mailman/listinfo/cacert-support"><?=_("Click here to go to the Support List")?></a></p>
 <p><?=_("You can alternatively use the form below, however joining the list is the prefered option to support your queries")?></p>
 <p><form method="post" action="<?=$_SERVER['PHP_SELF']?>">
diff --git a/pages/account/51.php b/pages/account/51.php
new file mode 100644
index 0000000..11f5df7
--- /dev/null
+++ b/pages/account/51.php
@@ -0,0 +1,24 @@
+<? /*
+    Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
+
+    This file is part of CAcert.
+
+    CAcert has been released under the CAcert Source License
+    which can be found included with these source files or can
+    be downloaded from the internet from the following address:
+    http://www.cacert.org/src-lic.php
+
+    CAcert is distributed WITHOUT ANY WARRANTY; without even
+    the implied warranty of MERCHANTABILITY or FITNESS FOR A
+    PARTICULAR PURPOSE.  See the License for more details.
+*/ ?>
+<? if($_SESSION['profile']['tverify'] <= 0) { echo _("You don't have access to this area."); } else { ?>
+<?
+	$uid = intval($_GET['photoid']);
+	$query = "select * from `tverify` where `id`='$uid' and `modified`=0";
+	$res = mysql_query($query);
+	if(mysql_num_rows($res) > 0) { ?>
+<img src="account.php?id=51&photoid=<?=$_GET['photoid']?>&img=show" border="0" width="800">
+<? } else { ?>
+<?=_("Unable to locate a valid request for that UID.")?>
+<? } } ?>
diff --git a/pages/account/52.php b/pages/account/52.php
new file mode 100644
index 0000000..ede8867
--- /dev/null
+++ b/pages/account/52.php
@@ -0,0 +1,48 @@
+<? /*
+    Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
+
+    This file is part of CAcert.
+
+    CAcert has been released under the CAcert Source License
+    which can be found included with these source files or can
+    be downloaded from the internet from the following address:
+    http://www.cacert.org/src-lic.php
+
+    CAcert is distributed WITHOUT ANY WARRANTY; without even
+    the implied warranty of MERCHANTABILITY or FITNESS FOR A
+    PARTICULAR PURPOSE.  See the License for more details.
+*/ ?>
+<? if($_SESSION['profile']['tverify'] <= 0) { echo _("You don't have access to this area."); } else { ?>
+<?
+	$uid = intval($_GET['uid']);
+	$query = "select * from `tverify` where `id`='$uid' and `modified`=0";
+	$res = mysql_query($query);
+	if(mysql_num_rows($res) > 0)
+	{
+		$row = mysql_fetch_assoc($res);
+		$memid = $row['memid'];
+		$query = "select sum(`points`) as `points` from `notary` where `to`='$memid'";
+		$notary = mysql_fetch_assoc(mysql_query($query));
+		$query = "select * from `users` where `id`='$memid'";
+		$user = mysql_fetch_assoc(mysql_query($query));
+?>
+<?=_("Request Details")?>:<br>
+<?=_("Name on file")?>: <?=$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix']?><br>
+<?=_("Primary email address")?>: <?=$user['email']." (".$user['id'].")"?><br>
+<?=_("Certificate Subject")?>: <?=$row['CN']?><br>
+<?=_("Notary URL")?>: <a href="<?=$row['URL']?>"><?=$row['URL']?></a><br>
+<?=_("Photo ID URL")?>: <a href="/account.php?id=51&photoid=<?=$row['id']?>"><?=_("Here")?></a><br>
+<?=_("Current Points")?>: <?=intval($notary['points'])?><br>
+<?=_("Date of Birth")?>: <?=$user['dob']?> (YYYY-MM-DD)<br>
+
+<br>
+<form method="post" action="account.php">
+<?=_("Comment")?>: <input type="text" name="comment"><br>
+<input type="submit" name="agree" value="<?=_("I agree with this Application")?>">
+<input type="submit" name="disagree" value="<?=_("I don't agree with this Application")?>">
+<input type="hidden" name="oldid" value="<?=$_GET['id']?>">
+<input type="hidden" name="uid" value="<?=$uid?>">
+</form>
+<? } else { ?>
+<?=_("Unable to locate a valid request for that UID.")?>
+<? } } ?>
diff --git a/pages/index/11.php b/pages/index/11.php
index 50ce311..758e4fa 100644
--- a/pages/index/11.php
+++ b/pages/index/11.php
@@ -17,7 +17,7 @@
 <p><b><?=_("General Questions")?></b></p>
 <p><b><?=_("PLEASE NOTE: Due to the large amounts of support questions, incorrectly directed emails may be ignored, this is a volunteer effort and directing general questions to the right place will help everyone, including yourself as you will get a speedier reply.")?></b></p>
 <p><?=_("Before contacting us, be sure to read over the inforation on our official and unofficial HowTo and FAQ pages.")?> - <a href="http://www.CAcert.org/help.php"><?=_("Go here for more details.")?></a></p>
-<p><?=_("General questions about CAcert should be sent to the general support list, this list has many more volunteers then those directly involved with the running of the website. While it's best if you sign up to the mailing list to get replied to, you don't have to, but please make sure you note this in your email, otherwise it might seem like you didn't get a reply to your question.")?></p>
+<p><?=_("General questions about CAcert should be sent to the general support list, please send all emails in ENGLISH only, this list has many more volunteers then those directly involved with the running of the website, everyone on the mailing list understands english, even if this isn't their native language this will increase your chance at a competent reply. While it's best if you sign up to the mailing list to get replied to, you don't have to, but please make sure you note this in your email, otherwise it might seem like you didn't get a reply to your question.")?></p>
 <p><a href="http://lists.cacert.org/cgi-bin/mailman/listinfo/cacert-support"><?=_("Click here to go to the Support List")?></a></p>
 <p><?=_("You can alternatively use the form below, however joining the list is the prefered option to support your queries")?></p>
 <p><form method="post" action="<?=$_SERVER['PHP_SELF']?>">
diff --git a/pages/wot/2.php b/pages/wot/2.php
index 3ee1851..62f7ffc 100644
--- a/pages/wot/2.php
+++ b/pages/wot/2.php
@@ -14,15 +14,15 @@
 */ ?>
 <h3><?=_("To become an Assurer")?></h3>
 
-<p><?=_("There is several ways to become a CAcert Assurer, the most common of which is face to face meetings with existing assurers, who check your ID documents (you need to show 2 government issued photo ID where possible otherwise you won't be allocated as many points!).")?></p>
+<p><?=_("There are several ways to become a CAcert Assurer, the most common of which is face to face meetings with existing assurers, who check your ID documents (you need to show 2 government issued photo ID where possible otherwise you won't be allocated as many points!).")?></p>
 
-<p><?=_("You can also become a CAcert Assurer by seeking out a public notary, justice of the peace, accountant, lawyer or bank manager. You will need to download and print out a copy of the TTP.pdf and fill in your sections. You will need to produce a photo copy of your ID, which the person assurance you will inspect against the originals. Once they are satisfied the documents appear to be genuine they need to sign the back of the photo copies, and fill in their sections of the TTP document. Once you have had your ID verified by 2 different people, pop the copies + forms in an envelope and post them to:")?></p>
+<p><?=_("You can also become a CAcert Assurer by seeking out a public notary, justice of the peace, accountant, lawyer or bank manager. You will need to download and print out a copy of the TTP.pdf and fill in your sections. You will need to produce a photo copy of your ID, which the person assuring you will inspect against the originals. Once they are satisfied the documents appear to be genuine they need to sign the back of the photo copies, and fill in their sections of the TTP document. Once you have had your ID verified by 2 different people, pop the copies + forms in an envelope and post them to:")?></p>
 
 <p>CAcert Inc.<br>
 P.O. Box 75<br>
 Banksia NSW 2216<br>
 Australia</p>
 
-<p><?=_("Apon receiving your documents you will be notified, and points will be added to your account.")?></p>
+<p><?=_("Upon receiving your documents you will be notified, and points will be added to your account.")?></p>
 
-<p><?=_("The only other way to receive assurance points is to have had your identity checked by a third party CA, whose policies are suitably set to not let identity fraud run rampent. Please contact us if you would like more details about this.")?></p>
+<p><?=_("The only other way to receive assurance points is to have had your identity checked by a third party CA, whose policies are suitably set to not let identity fraud run rampant. Please contact us if you would like more details about this.")?></p>
diff --git a/pages/wot/6.php b/pages/wot/6.php
index 202e400..01a5306 100644
--- a/pages/wot/6.php
+++ b/pages/wot/6.php
@@ -71,11 +71,11 @@
   </tr>
   <tr>
     <td class="DataTD"><?=_("Location")?>:</td>
-    <td class="DataTD"><input type="text" name="location" value="<?=$_POST['location']?>"></td>
+    <td class="DataTD"><input type="text" name="location" value="<?=$_SESSION['_config']['location']?>"></td>
   </tr>
   <tr>
     <td class="DataTD"><?=_("Date")?>:</td>
-    <td class="DataTD"><input type="text" name="date" value="<?=$_POST['date']?>"><br><?=_("Only fill this in if you assured the person on a different day")?></td>
+    <td class="DataTD"><input type="text" name="date" value="<?=$_SESSION['_config']['date']?>"><br><?=_("Only fill this in if you assured the person on a different day")?></td>
   </tr>
 <? if($_SESSION['profile']['board'] == 1 && $_SESSION['_config']['pointsalready'] <= 1500) { ?>
   <tr>
diff --git a/tverify/index.php b/tverify/index.php
index e65e050..c5c5f4f 100644
--- a/tverify/index.php
+++ b/tverify/index.php
@@ -44,6 +44,15 @@
 	if($id == 1)
 	{
 		$memid = mysql_escape_string($_SESSION['_config']['uid']);
+		if(mysql_num_rows(mysql_query("select * from `tverify` where `memid`='$memid'")) > 0)
+		{
+			$id = 0;
+			$_SESSION['_config']['errmsg'] = _("Unable to continue, request already exists.");
+		}
+	}
+
+	if($id == 1)
+	{
 		$email = mysql_escape_string($_POST["email"]);
 		$password = mysql_escape_string($_POST["pword"]);
 		$URL = mysql_escape_string($_POST["notaryURL"]);
@@ -89,9 +98,7 @@
 		$body .= "Best regards"."\n";
 		$body .= "CAcert Support Team";
 
-		
-//		sendmail("cacert-tverify@lists.cacert.org", "[CAcert.org] Thawte Notary Points Transfer", $body, "@cacert.org", "returns@cacert.org", "", "CAcert Tverify");
-		sendmail("duane@cacert.org", "[CAcert.org] Thawte Notary Points Transfer", $body, "@cacert.org", "returns@cacert.org", "", "CAcert Tverify");
+		sendmail("cacert-tverify@lists.cacert.org", "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "returns@cacert.org", "", "CAcert Tverify");
 	}
 
 	showheader(_("Thawte Points Transfer"));
diff --git a/www/disputes.php b/www/disputes.php
index cdf2371..8ce99c9 100644
--- a/www/disputes.php
+++ b/www/disputes.php
@@ -66,8 +66,8 @@
 				mysql_query($query);
 			}
 			mysql_query("update `disputeemail` set hash='',action='accept' where `id`='$emailid'");
-	                $rc = mysql_num_rows("select * from `domains` where `memid`='$oldmemid' and `deleted`=0");
-        	        $rc = mysql_num_rows("select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'");
+	                $rc = mysql_num_rows(mysql_query("select * from `domains` where `memid`='$oldmemid' and `deleted`=0"));
+        	        $rc = mysql_num_rows(mysql_query("select * from `email` where `memid`='$oldmemid' and `deleted`=0 and `id`!='$emailid'"));
         	        $res = mysql_query("select * from `users` where `id`='$oldmemid'");
 	                $user = mysql_fetch_assoc($res);
 			if($rc == 0 && $rc2 == 0 && $_SESSION['_config']['email'] == $user['email'])
diff --git a/www/wot.php b/www/wot.php
index fa96002..8c6c853 100644
--- a/www/wot.php
+++ b/www/wot.php
@@ -17,6 +17,12 @@
 
 	loadem("account");
 
+	if($_POST['date'] != "")
+		$_SESSION['_config']['date'] = $_POST['date'];
+
+	if($_POST['location'] != "")
+		$_SESSION['_config']['location'] = $_POST['location'];
+
 	if(($id == 5 || $oldid == 5 || $id == 6 || $oldid == 6) && $_SESSION['profile']['points'] < 100)
 	{
 		showheader(_("My CAcert.org Account!"));