<?
	$username = mysql_real_escape_string($_REQUEST['username']);
	$password = mysql_real_escape_string($_REQUEST['password']);

	$query = "select * from `users` where `email`='$username' and (`password`=old_password('$password') or `password`=sha1('$password'))";
	$res = mysql_query($query);
	if(mysql_num_rows($res) != 1)
		die("403,That username couldn't be found\n");
	$user = mysql_fetch_assoc($res);
	$memid = $user['id'];
	$emails = "";
	foreach($_REQUEST['email'] as $email)
	{
		$email = mysql_real_escape_string(trim($email));
		$query = "select * from `email` where `memid`='$memid' and `hash`='' and `deleted`=0 and `email`='$email'";
		$res = mysql_query($query);
		if(mysql_num_rows($res) > 0)
		{
			$row = mysql_fetch_assoc($res);
			$id = $row['id'];
			$emails[$id] = $email;
		}
	}
	if(count($emails) <= 0)
		die("404,Wasn't able to match any emails sent against your account");
	$query = "select sum(`points`) as `points` from `notary` where `to`='$memid' group by `to`";
	$row = mysql_fetch_assoc(mysql_query($query));
	$points = $row['points'];

	$name = "CAcert WoT User\n";
	$newname = mysql_real_escape_string(trim($_REQUEST['name']));
	if($points >= 50)
	{
		if($newname == $user['fname']." ".$user['lname'] ||
			$newname == $user['fname']." ".$user['mname']." ".$user['lname'] ||
			$newname == $user['fname']." ".$user['lname']." ".$user['suffix'] ||
			$newname == $user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix'])
			$name = $newname;
	}

	$codesign = 0;
	if($user['codesign'] == "1" && $_REQUEST['codesign'] == "1" && $points >= 100)
		$codesign = 1;

	$CSR = trim($_REQUEST['optionalCSR']);
	$tmpname = tempnam("/tmp", "CSR");
	$tempnam = tempnam("/tmp", "CSR");
	$fp = fopen($tmpname, "w");
	fputs($fp, $CSR);
	fclose($fp);
	$do = `/usr/bin/openssl req -in $tmpname -out $tempnam`;
	@unlink($tmpfname);
	if(filesize($tempnam) <= 0)
		die("404,Invalid or missing CSR");

	$csrsubject = "/CN=$name";
	foreach($emails as $id => $email)
		$csrsubject .= "/emailAddress=".$email;

	$query = "insert into `emailcerts` set `CN`='".$user['email']."', `keytype`='MS',
				`memid`='".$user['id']."', `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
				`subject`='$csrsubject', `codesign`='$codesign'";
	mysql_query($query);
	$certid = mysql_insert_id();
	$CSRname = "/www/csr/client-$certid.csr";
	rename($tempnam, $CSRname);

	mysql_query("update `emailcerts` set `csr_name`='$CSRname' where `id`='$certid'");

	foreach($emails as $emailid => $email)
		mysql_query("insert into `emaillink` set `emailcertsid`='$certid', `emailid`='$emailid'");

	$do = `../../scripts/runclient`;
	sleep(1);
	$query = "select * from `emailcerts` where `id`='$certid' and `crt_name` != ''";
	$res = mysql_query($query);
	if(mysql_num_rows($res) <= 0)
		die("404,Your certificate request has failed");
	$cert = mysql_fetch_assoc($res);
	echo "200,Authentication Ok\n";
	readfile($cert['crt_name']);
?>