Source code taken from cacert-20121211.tar.bz2
[cacert.git] / tverify / index.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */ ?>
18 <?
19 // phpinfo(); exit;
20 include_once("../includes/general.php");
21 loadem("tverify");
22
23 $id = intval($_GET['id']);
24 if(intval($_REQUEST['id']) > 0)
25 $id = intval($_REQUEST['id']);
26
27 if($id == 1)
28 {
29 $nofile = 1;
30 $filename = "";
31 $photoid = $_FILES['photoid'];
32 if($photoid['error'] == 0 && $_REQUEST["notaryURL"] != "")
33 {
34 $filename = $photoid['tmp_name'];
35 $do = trim(`file -b -i $filename`);
36 $type = strtolower($do);
37 switch($type)
38 {
39 case 'image/gif': $ext = "gif"; $nofile = 0; break;
40 case 'image/jpeg': $ext = "jpg"; $nofile = 0; break;
41 case 'image/jpg': $ext = "jpg"; $nofile = 0; break;
42 case 'image/png': $ext = "png"; $nofile = 0; break;
43 default:
44 $id = 0;
45 $_SESSION['_config']['errmsg'] = _("Only jpg, gif and png file types are acceptable, your browser sent a file of type: ").$type;
46 }
47 }
48 }
49
50 if($id == 1)
51 {
52 $email = mysql_escape_string(trim($_REQUEST["email"]));
53 $password = mysql_escape_string(stripslashes(trim($_REQUEST["pword"])));
54 $URL = mysql_escape_string(trim($_REQUEST["notaryURL"]));
55 $CN = mysql_escape_string($_SESSION['_config']['CN']);
56 $memid = intval($_SESSION['_config']['uid']);
57 $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$memid'"));
58 $tmp = mysql_fetch_assoc(mysql_query("select sum(`points`) as `points` from `notary` where `to`='$memid'"));
59
60 if($URL != "" && $nofile == 0)
61 $max = 150;
62 else if($URL != "")
63 $max = 90;
64 else
65 $max = 50;
66
67 if($URL != "")
68 if(!preg_match("/^https:\/\/www\.thawte\.com\/cgi\/personal\/wot\/directory\.exe\?(.*?&)?node=\d+(&.*)?$/",$URL))
69 {
70 showheader(_("Thawte Points Transfer"));
71 echo _("You failed to enter a valid Thawte Notary URL.");
72 showfooter();
73 exit;
74 }
75
76 if($tmp['points'] >= $max)
77 {
78 showheader(_("Thawte Points Transfer"));
79 echo _("Your request would not gain you any more points and will not be taken any further.").
80 sprintf(_("You have %s points already and you would have been issued up to %s points."), $tmp['points'], $max);
81 showfooter();
82 exit;
83 }
84
85 }
86
87 if($id == 1)
88 {
89 $query = "select * from `users`,`email` where `email`.`memid`='$memid' and `email`.`email`='$email' and `users`.`id`=`email`.`memid` and
90 (`password`=old_password('$password') or `password`=sha1('$password') or `password`=password('$password'))";
91 if(mysql_num_rows(mysql_query($query)) <= 0)
92 {
93 $_SESSION['_config']['errmsg'] = _("I'm sorry, I couldn't match your login details (password) to your certificate to an account on this system.");
94 $id = 0;
95 } else {
96 $query = "insert into `tverify` set `memid`='$memid', `URL`='$URL', `CN`='$CN', `created`=NOW()";
97 mysql_query($query);
98 $tverify = mysql_insert_id();
99 if($nofile == 0)
100 {
101 $filename = $photoid['tmp_name'];
102 $newfile = mysql_escape_string('/www/photoid/'.$tverify.".".$ext);
103 move_uploaded_file($filename, $newfile);
104 $query = "update `tverify` set `photoid`='$newfile' where `id`='$tverify'";
105 mysql_query($query);
106 }
107 }
108 }
109
110 if($id == 1)
111 {
112 $points = 0;
113 if($URL != "" && $newfile != "")
114 $points = 150 - intval($tmp['points']);
115 else if($URL != "")
116 $points = 90 - intval($tmp['points']);
117 else
118 $points = 50 - intval($tmp['points']);
119
120 if($points < 0)
121 $points = 0;
122 }
123
124 if($id == 1 && $max == 50)
125 {
126 if($points > 0)
127 {
128 mysql_query("insert into `notary` set `from`='0', `to`='$memid', `points`='$points',
129 `method`='Thawte Points Transfer', `when`=NOW()");
130 fix_assurer_flag($memid);
131 }
132 $totalpoints = intval($tmp['points']) + $points;
133 mysql_query("update `tverify` set `modified`=NOW() where `id`='$tverify'");
134
135 $body = _("Your request to have points transfered was sucessful. You were issued $points points as a result, and you now have $totalpoints in total")."\n\n";
136
137 $body .= _("Best regards")."\n";
138 $body .= _("CAcert Support Team");
139 sendmail($user['email'], "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "returns@cacert.org", "", "CAcert Tverify");
140 } else if($id == 1) {
141 $body = "There is a new valid request for thawte points tranfer, details as follows:\n\n";
142 $body .= "To vote on this application, go to: https://www.cacert.org/account.php?id=52&uid=$tverify\n\n";
143 $body .= "Or use the certificate login: https://secure.cacert.org/account.php?id=52&uid=$tverify\n\n";
144
145 $body .= "We know that by signing into https://tverify.cacert.org that\n";
146 $body .= "1. they have possession of a cert issued from Thawte\n";
147 $body .= "2. the person named in the cert has been verified by Thawte's Web of Trust\n";
148 $body .= "3. at least 1 of the emails listed as valid in that cert belongs to a\n";
149 $body .= "CAcert.org user\n\n";
150 $body .= "It's up to us as voting members to verify the details that can't be\n";
151 $body .= "programatically handled, that means checking the ID, and signing into\n";
152 $body .= "the Thawte site and validating their name is listed as a notary.\n\n";
153
154 $body .= "Best regards"."\n";
155 $body .= "CAcert Support Team";
156
157 sendmail("cacert-tverify@lists.cacert.org", "[CAcert.org] Thawte Notary Points Transfer", $body, "website-form@cacert.org", "returns@cacert.org", "", "CAcert Tverify");
158 }
159
160 showheader(_("Thawte Points Transfer"));
161 includeit($id, "tverify");
162 showfooter();
163 ?>