cacert-webdb/tverify/index.php
2005-03-18 16:08:22 +00:00

107 lines
3.4 KiB
PHP

<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
// phpinfo(); exit;
include_once("../includes/general.php");
loadem("tverify");
$id = intval($_GET['id']);
if(intval($_POST['id']) > 0)
$id = intval($_POST['id']);
if($id == 1)
{
$nofile = 1;
$photoid = $_FILES['photoid'];
if($photoid['error'] == 0)
{
$type = strtolower($photoid['type']);
switch($type)
{
case 'image/gif': $ext = "gif"; $nofile = 0; break;
case 'image/jpeg': $ext = "jpg"; $nofile = 0; break;
case 'image/jpg': $ext = "jpg"; $nofile = 0; break;
case 'image/png': $ext = "png"; $nofile = 0; break;
default:
$id = 0;
$_SESSION['_config']['errmsg'] = _("On jpg, gif and png file types are acceptable");
}
}
}
if($id == 1)
{
$memid = mysql_escape_string($_SESSION['_config']['uid']);
if(mysql_num_rows(mysql_query("select * from `tverify` where `memid`='$memid'")) > 0)
{
$id = 0;
$_SESSION['_config']['errmsg'] = _("Unable to continue, request already exists.");
}
}
if($id == 1)
{
$email = mysql_escape_string($_POST["email"]);
$password = mysql_escape_string($_POST["pword"]);
$URL = mysql_escape_string($_POST["notaryURL"]);
$CN = mysql_escape_string($_SESSION['_config']['CN']);
$query = "select * from `users` where `id`='$memid' and `email`='$email' and `password`=password('$password')";
if(mysql_num_rows(mysql_query($query)) <= 0)
{
$_SESSION['_config']['errmsg'] = _("I'm sorry, I couldn't match your login details to your certificate to an account on this system.");
$id = 0;
} else {
$query = "insert into `tverify` set `memid`='$memid', `URL`='$URL', `CN`='$CN', `created`=NOW()";
mysql_query($query);
$tverify = mysql_insert_id();
if($nofile == 0)
{
$filename = $photoid['tmp_name'];
$newfile = mysql_escape_string('/www/photoid/'.$tverify.".".$ext);
move_uploaded_file($filename, $newfile);
$query = "update `tverify` set `photoid`='$newfile' where `id`='$tverify'";
mysql_query($query);
}
}
}
if($id == 1)
{
$body = "There is a new valid request for thawte points tranfer, details as follows:\n\n";
$body .= "Primary email address: $email ($memid)\n";
$body .= "Certificate Subject: $CN\n";
if($URL != "")
$body .= "Notary URL: $URL\n";
if($URL != "" && $nofile == 0)
$body .= "PhotoID URL: https://www.cacert.org/account.php?id=51&photoid=$tverify\n";
$query = "SELECT sum(`points`) as `points` FROM `notary` WHERE `to`='$memid'";
$row = mysql_fetch_assoc(mysql_query($query));
$body .= "\nCurrent Points: ".$row['points']."\n\n";
$body .= "\nTo vote on this application, go to: https://www.cacert.org/account.php?id=52&uid=$tverify\n\n";
$body .= "Best regards"."\n";
$body .= "CAcert Support Team";
sendmail("cacert-tverify@lists.cacert.org", "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "returns@cacert.org", "", "CAcert Tverify");
}
showheader(_("Thawte Points Transfer"));
includeit($id, "tverify");
showfooter();
?>