146 lines
4.8 KiB
PHP
146 lines
4.8 KiB
PHP
<? /*
|
|
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
|
|
|
|
This file is part of CAcert.
|
|
|
|
CAcert has been released under the CAcert Source License
|
|
which can be found included with these source files or can
|
|
be downloaded from the internet from the following address:
|
|
http://www.cacert.org/src-lic.php
|
|
|
|
CAcert is distributed WITHOUT ANY WARRANTY; without even
|
|
the implied warranty of MERCHANTABILITY or FITNESS FOR A
|
|
PARTICULAR PURPOSE. See the License for more details.
|
|
*/ ?>
|
|
<?
|
|
// phpinfo(); exit;
|
|
include_once("../includes/general.php");
|
|
loadem("tverify");
|
|
|
|
$id = intval($_GET['id']);
|
|
if(intval($_POST['id']) > 0)
|
|
$id = intval($_POST['id']);
|
|
|
|
if($id == 1)
|
|
{
|
|
$nofile = 1;
|
|
$filename = "";
|
|
$photoid = $_FILES['photoid'];
|
|
if($photoid['error'] == 0 && $_POST["notaryURL"] != "")
|
|
{
|
|
$filename = $photoid['tmp_name'];
|
|
$do = trim(`file -b -i $filename`);
|
|
$type = strtolower($do);
|
|
switch($type)
|
|
{
|
|
case 'image/gif': $ext = "gif"; $nofile = 0; break;
|
|
case 'image/jpeg': $ext = "jpg"; $nofile = 0; break;
|
|
case 'image/jpg': $ext = "jpg"; $nofile = 0; break;
|
|
case 'image/png': $ext = "png"; $nofile = 0; break;
|
|
default:
|
|
$id = 0;
|
|
$_SESSION['_config']['errmsg'] = _("Only jpg, gif and png file types are acceptable, your browser sent a file of type: ").$type;
|
|
}
|
|
}
|
|
}
|
|
|
|
if($id == 1)
|
|
{
|
|
$email = mysql_escape_string($_POST["email"]);
|
|
$password = mysql_escape_string($_POST["pword"]);
|
|
$URL = mysql_escape_string($_POST["notaryURL"]);
|
|
$CN = mysql_escape_string($_SESSION['_config']['CN']);
|
|
$memid = mysql_escape_string($_SESSION['_config']['uid']);
|
|
$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$memid'"));
|
|
$tmp = mysql_fetch_assoc(mysql_query("select sum(`points`) as `points` from `notary` where `to`='$memid'"));
|
|
|
|
if($URL != "" && $nofile == 0)
|
|
$max = 150;
|
|
else if($URL != "")
|
|
$max = 90;
|
|
else
|
|
$max = 50;
|
|
|
|
if($tmp['points'] >= $max)
|
|
{
|
|
showheader(_("Thawte Points Transfer"));
|
|
echo _("Your request would not gain you any more points and will not be taken any further.").sprintf(_("You have %s points already and you would have been issued up to %s points."), $tmp['points'], $max);
|
|
showfooter();
|
|
exit;
|
|
}
|
|
}
|
|
|
|
if($id == 1)
|
|
{
|
|
$query = "select * from `users` where `id`='$memid' and `email`='$email' and `password`=password('$password')";
|
|
if(mysql_num_rows(mysql_query($query)) <= 0)
|
|
{
|
|
$_SESSION['_config']['errmsg'] = _("I'm sorry, I couldn't match your login details to your certificate to an account on this system.");
|
|
$id = 0;
|
|
} else {
|
|
$query = "insert into `tverify` set `memid`='$memid', `URL`='$URL', `CN`='$CN', `created`=NOW()";
|
|
mysql_query($query);
|
|
$tverify = mysql_insert_id();
|
|
if($nofile == 0)
|
|
{
|
|
$filename = $photoid['tmp_name'];
|
|
$newfile = mysql_escape_string('/www/photoid/'.$tverify.".".$ext);
|
|
move_uploaded_file($filename, $newfile);
|
|
$query = "update `tverify` set `photoid`='$newfile' where `id`='$tverify'";
|
|
mysql_query($query);
|
|
}
|
|
}
|
|
}
|
|
|
|
if($id == 1)
|
|
{
|
|
$points = 0;
|
|
if($URL != "" && $newfile != "")
|
|
$points = 150 - intval($tmp['points']);
|
|
else if($URL != "")
|
|
$points = 90 - intval($tmp['points']);
|
|
else
|
|
$points = 50 - intval($tmp['points']);
|
|
|
|
if($points < 0)
|
|
$points = 0;
|
|
}
|
|
|
|
if($id == 1 && $max == 50)
|
|
{
|
|
if($points > 0)
|
|
{
|
|
mysql_query("insert into `notary` set `from`='0', `to`='$memid', `points`='$points',
|
|
`method`='Thawte Points Transfer', `when`=NOW()");
|
|
}
|
|
$totalpoints = intval($tmp['points']) + $points;
|
|
mysql_query("update `tverify` set `modified`=NOW() where `id`='$tverify'");
|
|
|
|
$body = _("Your request to have points transfered was sucessful. You were issued $points points as a result, and you now have $totalpoints in total")."\n\n";
|
|
|
|
$body .= _("Best regards")."\n";
|
|
$body .= _("CAcert Support Team");
|
|
sendmail($user['email'], "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "returns@cacert.org", "", "CAcert Tverify");
|
|
} else if($id == 1) {
|
|
$body = "There is a new valid request for thawte points tranfer, details as follows:\n\n";
|
|
$body .= "Primary email address: $email ($memid)\n";
|
|
$body .= "Certificate Subject: $CN\n";
|
|
if($URL != "")
|
|
$body .= "Notary URL: $URL\n";
|
|
if($URL != "" && $nofile == 0)
|
|
$body .= "PhotoID URL: https://www.cacert.org/account.php?id=51&photoid=$tverify\n";
|
|
|
|
$body .= "\nCurrent Points: ".$tmp['points']."\n\n";
|
|
|
|
$body .= "\nTo vote on this application, go to: https://www.cacert.org/account.php?id=52&uid=$tverify\n\n";
|
|
|
|
$body .= "Best regards"."\n";
|
|
$body .= "CAcert Support Team";
|
|
|
|
sendmail("cacert-tverify@lists.cacert.org", "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "returns@cacert.org", "", "CAcert Tverify");
|
|
}
|
|
|
|
showheader(_("Thawte Points Transfer"));
|
|
includeit($id, "tverify");
|
|
showfooter();
|
|
?>
|