diff options
Diffstat (limited to 'includes/lib')
-rw-r--r-- | includes/lib/account.php | 51 | ||||
-rw-r--r-- | includes/lib/general.php | 50 |
2 files changed, 101 insertions, 0 deletions
diff --git a/includes/lib/account.php b/includes/lib/account.php new file mode 100644 index 0000000..f7a24fa --- /dev/null +++ b/includes/lib/account.php @@ -0,0 +1,51 @@ +<?php +/* + LibreSSL - CAcert web application + Copyright (C) 2004-2008 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + +function fix_assurer_flag($userID) +{ + // Update Assurer-Flag on users table if 100 points. + // Should the number of points be SUM(points) or SUM(awarded)? + $query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 1 WHERE '. + '`u`.`id` = \''.(int)intval($userID).'\' AND '. + 'EXISTS(SELECT 1 FROM `cats_passed` AS `cp`, `cats_variant` AS `cv` '. + 'WHERE `cp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 AND '. + '`cp`.`user_id` = `u`.`id`) AND '. + '(SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` '. + 'AND (`n`.`expire` > now() OR `n`.`expire` IS NULL)) >= 100'); + // Challenge has been passed and non-expired points >= 100 + + if (!$query) { + return false; + } + + // Reset flag if requirements are not met + $query = mysql_query('UPDATE `users` AS `u` SET `assurer` = 0 WHERE '. + '`u`.`id` = \''.(int)intval($userID).'\' AND '. + '(NOT EXISTS(SELECT 1 FROM `cats_passed` AS `cp`, `cats_variant` AS '. + '`cv` WHERE `cp`.`variant_id` = `cv`.`id` AND `cv`.`type_id` = 1 '. + 'AND `cp`.`user_id` = `u`.`id`) OR '. + '(SELECT SUM(`points`) FROM `notary` AS `n` WHERE `n`.`to` = `u`.`id` '. + 'AND (`n`.`expire` > now() OR `n`.`expire` IS NULL)) < 100)'); + + if (!$query) { + return false; + } + + return true; +}
\ No newline at end of file diff --git a/includes/lib/general.php b/includes/lib/general.php new file mode 100644 index 0000000..25d2561 --- /dev/null +++ b/includes/lib/general.php @@ -0,0 +1,50 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2011 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + +/** + * Checks if the user may log in and retrieve the user id + * + * Usually called with $_SERVER['SSL_CLIENT_M_SERIAL'] and + * $_SERVER['SSL_CLIENT_I_DN_CN'] + * + * @param $serial string + * usually $_SERVER['SSL_CLIENT_M_SERIAL'] + * @param $issuer_cn string + * usually $_SERVER['SSL_CLIENT_I_DN_CN'] + * @return int + * the user id, -1 in case of error + */ +function get_user_id_from_cert($serial, $issuer_cn) +{ + $query = "select `memid` from `emailcerts` where + `serial`='".mysql_escape_string($serial)."' and + `rootcert`= (select `id` from `root_certs` where + `Cert_Text`='".mysql_escape_string($issuer_cn)."') and + `revoked`=0 and disablelogin=0 and + UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() > 0"; + $res = mysql_query($query); + if(mysql_num_rows($res) > 0) + { + $row = mysql_fetch_assoc($res); + return intval($row['memid']); + } + + return -1; +} + +?> |