<? /*
    Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>

    This file is part of CAcert.

    CAcert has been released under the CAcert Source License
    which can be found included with these source files or can
    be downloaded from the internet from the following address:
    http://www.cacert.org/src-lic.php

    CAcert is distributed WITHOUT ANY WARRANTY; without even
    the implied warranty of MERCHANTABILITY or FITNESS FOR A
    PARTICULAR PURPOSE.  See the License for more details.
*/ ?>
<?
	loadem("account");

	if($type == "email")
	{
		$id = 1;
		$emailid = intval($emailid);
		$hash = mysql_escape_string(stripslashes($hash));

		$query = "select * from `email` where `id`='$emailid' and hash!='' and deleted=0";
		$res = mysql_query($query);
		if(mysql_num_rows($res) > 0)
		{
			$row = mysql_fetch_assoc($res);
			$row['attempts']++;
			if($row['attempts'] == 4)
			{
				mysql_query("update `email` set `hash`='', `attempts`='$row[attempts]', `deleted`=NOW() where `id`='$emailid'");
				showheader(_("Error!"), _("Error!"));
				echo _("You've attempted to verify the same email address a fourth time with an invalid hash, subsequently this request has been deleted in the system");
				showfooter();
				exit;
			}
			mysql_query("update `email` set `attempts`='$row[attempts]' where `id`='$emailid'");
		}

		$query = "select * from `email` where `id`='$emailid' and `hash`='$hash' and hash!='' and deleted=0 and `attempts` <= 2";
		$res = mysql_query($query);
		if(mysql_num_rows($res) <= 0)
		{
			showheader(_("Error!"), _("Error!"));
			echo _("The ID or Hash has already been verified, or something weird happened.");
			showfooter();
			exit;
		}
		$row = mysql_fetch_assoc($res);
		$query = "update `email` set `hash`='',`modified`=NOW() where `id`='$emailid'";
		mysql_query($query);
		$query = "update `users` set `verified`='1' where `id`='$row[memid]' and `email`='$row[email]' and `verified`='0'";
		mysql_query($query);
		showheader(_("Updated"), _("Updated"));
		echo _("Your account and/or email address has been verified. You can now start issuing certificates for this address.");
		showfooter();
		exit;
	}

	if($type == "domain")
	{
		$id = 7;
		$domainid = intval($domainid);
		$hash = mysql_escape_string(stripslashes($hash));

		$query = "select * from `domains` where `id`='$domainid' and hash!='' and deleted=0";
		$res = mysql_query($query);
		if(mysql_num_rows($res) > 0)
		{
			$row = mysql_fetch_assoc($res);
			$row[attempts]++;
			if($row[attempts] == 4)
			{
				$query = "update `domains` set `hash`='', `attempts`='$row[attempts]', `deleted`=NOW() where `id`='$domainid'";
				showheader(_("Error!"), _("Error!"));
				echo _("You've attempted to verify the same domain a fourth time with an invalid hash, subsequantly this request has been deleted in the system");
				showfooter();
				exit;
			}
			$query = "update `domains` set `attempts`='$row[attempts]' where `id`='$domainid'";
			mysql_query($query);
		}

		$query = "select * from `domains` where `id`='$domainid' and `hash`='$hash' and hash!='' and deleted=0";
		$res = mysql_query($query);
		if(mysql_num_rows($res) <= 0)
		{
			showheader(_("Error!"), _("Error!"));
			echo _("The ID or Hash has already been verified, the domain no longer exists in the system, or something weird happened.");
			showfooter();
			exit;
		}
		$row = mysql_fetch_assoc($res);
		$query = "update `domains` set `hash`='',`modified`=NOW() where `id`='$domainid'";
		mysql_query($query);
		showheader(_("Updated"), _("Updated"));
		echo _("Your domain has been verified. You can now start issuing certificates for this domain.");
		showfooter();
		exit;
	}
?>