cacert-webdb/includes/loggedin.php

<? /*
    Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>

    This file is part of CAcert.

    CAcert has been released under a CAcert Source license
    which can be found included with these source files or can
    be downloaded from the internet from the following address:
    http://www.cacert.org/src-lic.php

    CAcert is distributed WITHOUT ANY WARRANTY; without even
    the implied warranty of MERCHANTABILITY or FITNESS FOR A
    PARTICULAR PURPOSE.  See the License for more details.
*/

	if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] != 0)
	{
		$uid = $_SESSION['profile']['id'];
		$_SESSION['profile']['loggedin'] = 0;
		$_SESSION['profile'] = "";
		foreach($_SESSION as $key)
		{
			if($key == '_config')
				continue;
			if(is_int($key) || is_string($key))
		                unset($_SESSION[$key]);
	                unset($$key);
        	        session_unregister($key);
		}

		$_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$uid'"));
		if($_SESSION['profile']['locked'] == 0)
			$_SESSION['profile']['loggedin'] = 1;
		else
			unset($_SESSION['profile']);
	}
  
	if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && ($_SESSION['profile']['id'] == 0 || $_SESSION['profile']['loggedin'] == 0))
	{
		$query = "select * from `emailcerts` where `serial`='${_SERVER['SSL_CLIENT_M_SERIAL']}' and `revoked`=0 and
				UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() > 0";
		$res = mysql_query($query);
		if(mysql_num_rows($res) > 0)
		{
			$row = mysql_fetch_assoc($res);

			$_SESSION['profile']['loggedin'] = 0;
			$_SESSION['profile'] = "";
			foreach($_SESSION as $key)
			{
				if($key == '_config')
					continue;
				if(is_int($key) || is_string($key))
			                unset($_SESSION[$key]);
                		unset($$key);
       			        session_unregister($key);
			}

			$_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$row['memid']."'"));
			if($_SESSION['profile']['locked'] == 0)
				$_SESSION['profile']['loggedin'] = 1;
			else
				unset($_SESSION['profile']);
		} else {
			$_SESSION['profile']['loggedin'] = 0;
			$_SESSION['profile'] = "";
			foreach($_SESSION as $key)
			{
				if($key == '_config')
					continue;
		                unset($_SESSION[$key]);
	                	unset($$key);
        		        session_unregister($key);
			}

			unset($_SESSION['_config']['oldlocation']);

			foreach($_GET as $key => $val)
			{
				if($_SESSION['_config']['oldlocation'])
					$_SESSION['_config']['oldlocation'] .= "&";

				$_SESSION['_config']['oldlocation'] .= "$key=$val";
 			}
			$_SESSION['_config']['oldlocation'] = substr($_SERVER['SCRIPT_NAME'], 1)."?".$_SESSION['_config']['oldlocation'];

			header("location: https://".$_SERVER['HTTP_HOST']."/index.php?id=4");
			exit;
		}
	}

	if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && ($_SESSION['profile']['id'] <= 0 || $_SESSION['profile']['loggedin'] == 0))
	{
		header("location: https://".$_SESSION['_config']['normalhostname']);
		exit;
	}

	if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] > 0)
	{
		$query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
		$res = mysql_query($query);
		$row = mysql_fetch_assoc($res);
		$_SESSION['profile']['points'] = $row['total'];

		if($_SESSION['profile']['language'] == "")
		{
			$query = "update `users` set `language`='".$_SESSION['_config']['language']."'
							where `id`='".$_SESSION['profile']['id']."'";
			mysql_query($query);
		} else {
			$_SESSION['_config']['language'] = $_SESSION['profile']['language'];

			putenv("LANG=".$_SESSION['_config']['language']);
			setlocale(LC_ALL, $_SESSION['_config']['language']);

			$domain = 'messages';
			bindtextdomain("$domain", $_SESSION['_config']['filepath']."/locale");
			textdomain("$domain");
		}
	}

	if($_REQUEST['id'] == "logout")
	{
		$_SESSION['profile']['loggedin'] = 0;
		$_SESSION['profile'] = "";
		foreach($_SESSION as $key)
		{
	                unset($_SESSION[$key]);
	                unset($$key);
        	        session_unregister($key);
		}
                unset($_SESSION);

		header("location: https://".$_SERVER['HTTP_HOST']."/index.php");
		exit;
	}

	if($_SESSION['profile']['loggedin'] < 1)
	{
		unset($_SESSION['_config']['oldlocation']);

		foreach($_REQUEST as $key => $val)
		{
			if($_SESSION['_config']['oldlocation'])
				$_SESSION['_config']['oldlocation'] .= "&";

			$_SESSION['_config']['oldlocation'] .= "$key=$val";
		}
		$_SESSION['_config']['oldlocation'] = substr($_SERVER['SCRIPT_NAME'], 1)."?".$_SESSION['_config']['oldlocation'];

		header("location: https://".$_SERVER['HTTP_HOST']."/index.php?id=4");
		exit;
	}
?>
some gpg code added + bug fixes etc 2004-11-10 06:12:43 +00:00			`<? /*`
			`Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>`

			`This file is part of CAcert.`

			`CAcert has been released under a CAcert Source license`
			`which can be found included with these source files or can`
			`be downloaded from the internet from the following address:`
			`http://www.cacert.org/src-lic.php`

			`CAcert is distributed WITHOUT ANY WARRANTY; without even`
			`the implied warranty of MERCHANTABILITY or FITNESS FOR A`
			`PARTICULAR PURPOSE. See the License for more details.`
			`*/`

updates 2005-07-14 19:56:28 +00:00			`if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] != 0)`
added sql schema + bug fixes 2004-12-06 14:02:02 +00:00			`{`
bug fixes 2006-08-03 13:20:55 +00:00			`$uid = $_SESSION['profile']['id'];`
			`$_SESSION['profile']['loggedin'] = 0;`
			`$_SESSION['profile'] = "";`
			`foreach($_SESSION as $key)`
			`{`
bug fixes 2006-08-04 22:05:11 +00:00			`if($key == '_config')`
			`continue;`
			`if(is_int($key) \|\| is_string($key))`
			`unset($_SESSION[$key]);`
bug fixes 2006-08-03 13:20:55 +00:00			`unset($$key);`
			`session_unregister($key);`
			`}`

			$_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$uid'"));
bug #80 2006-08-16 05:56:39 +00:00			`if($_SESSION['profile']['locked'] == 0)`
			`$_SESSION['profile']['loggedin'] = 1;`
			`else`
			`unset($_SESSION['profile']);`
added sql schema + bug fixes 2004-12-06 14:02:02 +00:00			`}`

updates 2005-07-14 19:56:28 +00:00			`if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && ($_SESSION['profile']['id'] == 0 \|\| $_SESSION['profile']['loggedin'] == 0))`
some gpg code added + bug fixes etc 2004-11-10 06:12:43 +00:00			`{`
bug #80 2006-08-16 05:56:39 +00:00			$query = "select * from `emailcerts` where `serial`='${_SERVER['SSL_CLIENT_M_SERIAL']}' and `revoked`=0 and
some gpg code added + bug fixes etc 2004-11-10 06:12:43 +00:00			UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() > 0";
			`$res = mysql_query($query);`
			`if(mysql_num_rows($res) > 0)`
			`{`
			`$row = mysql_fetch_assoc($res);`

bug fixes 2006-08-03 13:20:55 +00:00			`$_SESSION['profile']['loggedin'] = 0;`
			`$_SESSION['profile'] = "";`
			`foreach($_SESSION as $key)`
			`{`
bug fixes 2006-08-04 22:05:11 +00:00			`if($key == '_config')`
			`continue;`
			`if(is_int($key) \|\| is_string($key))`
			`unset($_SESSION[$key]);`
			`unset($$key);`
			`session_unregister($key);`
bug fixes 2006-08-03 13:20:55 +00:00			`}`

some gpg code added + bug fixes etc 2004-11-10 06:12:43 +00:00			$_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$row['memid']."'"));
bug #80 2006-08-16 05:56:39 +00:00			`if($_SESSION['profile']['locked'] == 0)`
			`$_SESSION['profile']['loggedin'] = 1;`
			`else`
			`unset($_SESSION['profile']);`
some gpg code added + bug fixes etc 2004-11-10 06:12:43 +00:00			`} else {`
			`$_SESSION['profile']['loggedin'] = 0;`
bug fixes 2006-08-03 13:20:55 +00:00			`$_SESSION['profile'] = "";`
			`foreach($_SESSION as $key)`
			`{`
bug fixes 2006-08-04 22:05:11 +00:00			`if($key == '_config')`
			`continue;`
bug fixes 2006-08-03 13:20:55 +00:00			`unset($_SESSION[$key]);`
			`unset($$key);`
			`session_unregister($key);`
			`}`
some gpg code added + bug fixes etc 2004-11-10 06:12:43 +00:00
			`unset($_SESSION['_config']['oldlocation']);`

			`foreach($_GET as $key => $val)`
			`{`
			`if($_SESSION['_config']['oldlocation'])`
			`$_SESSION['_config']['oldlocation'] .= "&";`

			`$_SESSION['_config']['oldlocation'] .= "$key=$val";`
			`}`
updates 2005-12-04 21:04:05 +00:00			`$_SESSION['_config']['oldlocation'] = substr($_SERVER['SCRIPT_NAME'], 1)."?".$_SESSION['_config']['oldlocation'];`
some gpg code added + bug fixes etc 2004-11-10 06:12:43 +00:00
			`header("location: https://".$_SERVER['HTTP_HOST']."/index.php?id=4");`
			`exit;`
			`}`
			`}`

removed hard path configs 2004-12-06 21:53:35 +00:00			`if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && ($_SESSION['profile']['id'] <= 0 \|\| $_SESSION['profile']['loggedin'] == 0))`
some gpg code added + bug fixes etc 2004-11-10 06:12:43 +00:00			`{`
removed hard path configs 2004-12-06 21:53:35 +00:00			`header("location: https://".$_SESSION['_config']['normalhostname']);`
some gpg code added + bug fixes etc 2004-11-10 06:12:43 +00:00			`exit;`
			`}`

updates 2005-07-14 19:56:28 +00:00			`if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] > 0)`
some gpg code added + bug fixes etc 2004-11-10 06:12:43 +00:00			`{`
			$query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
			`$res = mysql_query($query);`
			`$row = mysql_fetch_assoc($res);`
			`$_SESSION['profile']['points'] = $row['total'];`

			`if($_SESSION['profile']['language'] == "")`
			`{`
			$query = "update `users` set `language`='".$_SESSION['_config']['language']."'
			where `id`='".$_SESSION['profile']['id']."'";
			`mysql_query($query);`
			`} else {`
			`$_SESSION['_config']['language'] = $_SESSION['profile']['language'];`

			`putenv("LANG=".$_SESSION['_config']['language']);`
			`setlocale(LC_ALL, $_SESSION['_config']['language']);`

			`$domain = 'messages';`
removed hard path configs 2004-12-06 21:53:35 +00:00			`bindtextdomain("$domain", $_SESSION['_config']['filepath']."/locale");`
some gpg code added + bug fixes etc 2004-11-10 06:12:43 +00:00			`textdomain("$domain");`
			`}`
			`}`

update 2006-02-03 18:45:23 +00:00			`if($_REQUEST['id'] == "logout")`
some gpg code added + bug fixes etc 2004-11-10 06:12:43 +00:00			`{`
			`$_SESSION['profile']['loggedin'] = 0;`
update 2006-02-03 18:45:23 +00:00			`$_SESSION['profile'] = "";`
			`foreach($_SESSION as $key)`
			`{`
			`unset($_SESSION[$key]);`
			`unset($$key);`
			`session_unregister($key);`
			`}`
			`unset($_SESSION);`
new code + updates and bug fixes 2005-03-12 19:40:24 +00:00
some gpg code added + bug fixes etc 2004-11-10 06:12:43 +00:00			`header("location: https://".$_SERVER['HTTP_HOST']."/index.php");`
			`exit;`
			`}`

			`if($_SESSION['profile']['loggedin'] < 1)`
			`{`
			`unset($_SESSION['_config']['oldlocation']);`

update 2006-02-03 18:45:23 +00:00			`foreach($_REQUEST as $key => $val)`
some gpg code added + bug fixes etc 2004-11-10 06:12:43 +00:00			`{`
			`if($_SESSION['_config']['oldlocation'])`
			`$_SESSION['_config']['oldlocation'] .= "&";`

			`$_SESSION['_config']['oldlocation'] .= "$key=$val";`
			`}`
updates 2005-12-04 21:04:05 +00:00			`$_SESSION['_config']['oldlocation'] = substr($_SERVER['SCRIPT_NAME'], 1)."?".$_SESSION['_config']['oldlocation'];`
some gpg code added + bug fixes etc 2004-11-10 06:12:43 +00:00
			`header("location: https://".$_SERVER['HTTP_HOST']."/index.php?id=4");`
			`exit;`
			`}`
			`?>`