cacert
/
cacert-webdb
8
0
Fork 0
Code Issues Pull Requests 7 Projects Releases 2 Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
bug-1537
add-quality-check-script
bug-1562
bug-1561
bug-1560
bug-1559
main
fix/bug-1550
v2023.09.16
v2024.05.20
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '060a4762cf'
${ noResults }
cacert-webdb/tverify/index.php

147 lines
4.8 KiB
PHP
Raw Blame History

<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
// phpinfo(); exit;
include_once("../includes/general.php");
loadem("tverify");
$id = intval($_GET['id']);
if(intval($_POST['id']) > 0)
$id = intval($_POST['id']);
if($id == 1)
{
$nofile = 1;
$filename = "";
$photoid = $_FILES['photoid'];
if($photoid['error'] == 0 && $_POST["notaryURL"] != "")
{
$filename = $photoid['tmp_name'];
$do = trim(`file -b -i $filename`);
$type = strtolower($do);
switch($type)
{
case 'image/gif': $ext = "gif"; $nofile = 0; break;
case 'image/jpeg': $ext = "jpg"; $nofile = 0; break;
case 'image/jpg': $ext = "jpg"; $nofile = 0; break;
case 'image/png': $ext = "png"; $nofile = 0; break;
default:
$id = 0;
$_SESSION['_config']['errmsg'] = _("Only jpg, gif and png file types are acceptable, your browser sent a file of type: ").$type;
}
}
}
if($id == 1)
{
$email = mysql_escape_string($_POST["email"]);
$password = mysql_escape_string($_POST["pword"]);
$URL = mysql_escape_string($_POST["notaryURL"]);
$CN = mysql_escape_string($_SESSION['_config']['CN']);
$memid = mysql_escape_string($_SESSION['_config']['uid']);
$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$memid'"));
$tmp = mysql_fetch_assoc(mysql_query("select sum(`points`) as `points` from `notary` where `to`='$memid'"));
if($URL != "" && $nofile == 0)
$max = 150;
else if($URL != "")
$max = 90;
else
$max = 50;
if($tmp['points'] >= $max)
{
showheader(_("Thawte Points Transfer"));
echo _("Your request would not gain you any more points and will not be taken any further.").sprintf(_("You have %s points already and you would have been issued up to %s points."), $tmp['points'], $max);
showfooter();
exit;
}
}
if($id == 1)
{
$query = "select * from `users` where `id`='$memid' and `email`='$email' and `password`=password('$password')";
if(mysql_num_rows(mysql_query($query)) <= 0)
{
$_SESSION['_config']['errmsg'] = _("I'm sorry, I couldn't match your login details to your certificate to an account on this system.");
$id = 0;
} else {
$query = "insert into `tverify` set `memid`='$memid', `URL`='$URL', `CN`='$CN', `created`=NOW()";
mysql_query($query);
$tverify = mysql_insert_id();
if($nofile == 0)
{
$filename = $photoid['tmp_name'];
$newfile = mysql_escape_string('/www/photoid/'.$tverify.".".$ext);
move_uploaded_file($filename, $newfile);
$query = "update `tverify` set `photoid`='$newfile' where `id`='$tverify'";
mysql_query($query);
}
}
}
if($id == 1)
{
$points = 0;
if($URL != "" && $newfile != "")
$points = 150 - intval($tmp['points']);
else if($URL != "")
$points = 90 - intval($tmp['points']);
else
$points = 50 - intval($tmp['points']);
if($points < 0)
$points = 0;
}
if($id == 1 && $max == 50)
{
if($points > 0)
{
mysql_query("insert into `notary` set `from`='0', `to`='$memid', `points`='$points',
`method`='Thawte Points Transfer', `when`=NOW()");
}
$totalpoints = intval($tmp['points']) + $points;
mysql_query("update `tverify` set `modified`=NOW() where `id`='$tverify'");
$body = _("Your request to have points transfered was sucessful. You were issued $points points as a result, and you now have $totalpoints in total")."\n\n";
$body .= _("Best regards")."\n";
$body .= _("CAcert Support Team");
sendmail($user['email'], "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "returns@cacert.org", "", "CAcert Tverify");
} else if($id == 1) {
$body = "There is a new valid request for thawte points tranfer, details as follows:\n\n";
$body .= "Primary email address: $email ($memid)\n";
$body .= "Certificate Subject: $CN\n";
if($URL != "")
$body .= "Notary URL: $URL\n";
if($URL != "" && $nofile == 0)
$body .= "PhotoID URL: https://www.cacert.org/account.php?id=51&photoid=$tverify\n";
$body .= "\nCurrent Points: ".$tmp['points']."\n\n";
$body .= "\nTo vote on this application, go to: https://www.cacert.org/account.php?id=52&uid=$tverify\n\n";
$body .= "Best regards"."\n";
$body .= "CAcert Support Team";
sendmail("cacert-tverify@lists.cacert.org", "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "returns@cacert.org", "", "CAcert Tverify");
}
showheader(_("Thawte Points Transfer"));
includeit($id, "tverify");
showfooter();
?>
View Git Blame Copy Permalink