cacert-webdb/www/api/cemails.php
2006-02-03 18:45:23 +00:00

31 lines
1.3 KiB
PHP

<?
$username = mysql_escape_string($_REQUEST['username']);
$password = mysql_escape_string($_REQUEST['password']);
$query = "select * from `users` where `email`='$username' and (`password`=old_password('$password') or `password`=sha1('$password'))";
$res = mysql_query($query);
if(mysql_num_rows($res) != 1)
die("403,That username couldn't be found\n");
echo "200,Authentication Ok\n";
$user = mysql_fetch_assoc($res);
$memid = $user['id'];
$query = "select sum(`points`) as `points` from `notary` where `to`='$memid' group by `to`";
$row = mysql_fetch_assoc(mysql_query($query));
$points = $row['points'];
echo "CS=".$user['codesign']."\n";
echo "NAME=CAcert WoT User\n";
if($points >= 50)
{
echo "NAME=".$user['fname']." ".$user['lname']."\n";
if($user['mname'] != "")
echo "NAME=".$user['fname']." ".$user['mname']." ".$user['lname']."\n";
if($user['suffix'] != "")
echo "NAME=".$user['fname']." ".$user['lname']." ".$user['suffix']."\n";
if($user['mname'] != "" && $user['suffix'] != "")
echo "NAME=".$user['fname']." ".$user['mname']." ".$user['lname']." ".$user['suffix']."\n";
}
$query = "select * from `email` where `memid`='$memid' and `hash`='' and `deleted`=0";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
echo "EMAIL=".$row['email']."\n";
?>