<? /*
    Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>

    This file is part of CAcert.

    CAcert has been released under the CAcert Source License
    which can be found included with these source files or can
    be downloaded from the internet from the following address:
    http://www.cacert.org/src-lic.php

    CAcert is distributed WITHOUT ANY WARRANTY; without even
    the implied warranty of MERCHANTABILITY or FITNESS FOR A
    PARTICULAR PURPOSE.  See the License for more details.
*/ ?>
<?
//	phpinfo(); exit;
	include_once("../includes/general.php");
	loadem("tverify");

	$id = intval($_GET['id']);
	if(intval($_POST['id']) > 0)
		$id = intval($_POST['id']);

	if($id == 1)
	{
		$nofile = 1;
		$filename = "";
		$photoid = $_FILES['photoid'];
		if($photoid['error'] == 0 && $_POST["notaryURL"] != "")
		{
			$filename = $photoid['tmp_name'];
			$do = trim(`file -b -i $filename`);
			$type = strtolower($do);
			switch($type)
			{
				case 'image/gif': $ext = "gif"; $nofile = 0; break;
				case 'image/jpeg': $ext = "jpg"; $nofile = 0; break;
				case 'image/jpg': $ext = "jpg"; $nofile = 0; break;
				case 'image/png': $ext = "png"; $nofile = 0; break;
				default:
					$id = 0;
					$_SESSION['_config']['errmsg'] = _("Only jpg, gif and png file types are acceptable, your browser sent a file of type: ").$type;
			}
		}
	}

	if($id == 1)
	{
		$email = mysql_escape_string($_POST["email"]);
		$password = mysql_escape_string($_POST["pword"]);
		$URL = mysql_escape_string($_POST["notaryURL"]);
		$CN = mysql_escape_string($_SESSION['_config']['CN']);
		$memid = mysql_escape_string($_SESSION['_config']['uid']);
		$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$memid'"));
		$tmp = mysql_fetch_assoc(mysql_query("select sum(`points`) as `points` from `notary` where `to`='$memid'"));

		if($URL != "" && $nofile == 0)
			$max = 150;
		else if($URL != "")
			$max = 90;
		else
			$max = 50;

		if($tmp['points'] >= $max)
		{
			showheader(_("Thawte Points Transfer"));
			echo _("Your request would not gain you any more points and will not be taken any further.").sprintf(_("You have %s points already and you would have been issued up to %s points."), $tmp['points'], $max);
			showfooter();
			exit;
		}
	}

	if($id == 1)
	{
		$query = "select * from `users` where `id`='$memid' and `email`='$email' and `password`=password('$password')";
		if(mysql_num_rows(mysql_query($query)) <= 0)
		{
			$_SESSION['_config']['errmsg'] = _("I'm sorry, I couldn't match your login details to your certificate to an account on this system.");
			$id = 0;
		} else {
			$query = "insert into `tverify` set `memid`='$memid', `URL`='$URL', `CN`='$CN', `created`=NOW()";
			mysql_query($query);
			$tverify = mysql_insert_id();
			if($nofile == 0)
			{
				$filename = $photoid['tmp_name'];
				$newfile = mysql_escape_string('/www/photoid/'.$tverify.".".$ext);
				move_uploaded_file($filename, $newfile);
				$query = "update `tverify` set `photoid`='$newfile' where `id`='$tverify'";
				mysql_query($query);
			}
		}
	}

	if($id == 1)
	{
		$points = 0;
		if($URL != "" && $newfile != "")
			$points = 150 - intval($tmp['points']);
		else if($URL != "")
			$points = 90 - intval($tmp['points']);
		else
			$points = 50 - intval($tmp['points']);

		if($points < 0)
			$points = 0;
	}

	if($id == 1 && $max == 50)
	{
		if($points > 0)
		{
			mysql_query("insert into `notary` set `from`='0', `to`='$memid', `points`='$points',
					`method`='Thawte Points Transfer', `when`=NOW()");
		}
		$totalpoints = intval($tmp['points']) + $points;
		mysql_query("update `tverify` set `modified`=NOW() where `id`='$tverify'");

		$body  = _("Your request to have points transfered was sucessful. You were issued $points points as a result, and you now have $totalpoints in total")."\n\n";

		$body .= _("Best regards")."\n";
		$body .= _("CAcert Support Team");
		sendmail($user['email'], "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "returns@cacert.org", "", "CAcert Tverify");
	} else if($id == 1) {
		$body  = "There is a new valid request for thawte points tranfer, details as follows:\n\n";
		$body .= "Primary email address: $email ($memid)\n";
		$body .= "Certificate Subject: $CN\n";
		if($URL != "")
			$body .= "Notary URL: $URL\n";
		if($URL != "" && $nofile == 0)
			$body .= "PhotoID URL: https://www.cacert.org/account.php?id=51&photoid=$tverify\n";

		$body .= "\nCurrent Points: ".$tmp['points']."\n\n";

		$body .= "\nTo vote on this application, go to: https://www.cacert.org/account.php?id=52&uid=$tverify\n\n";

		$body .= "Best regards"."\n";
		$body .= "CAcert Support Team";

		sendmail("cacert-tverify@lists.cacert.org", "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "returns@cacert.org", "", "CAcert Tverify");
	}

	showheader(_("Thawte Points Transfer"));
	includeit($id, "tverify");
	showfooter();
?>