cacert-webdb/includes/loggedin.php

166 lines
5.5 KiB
PHP
Raw Normal View History

2004-11-10 06:12:43 +00:00
<? /*
2008-04-06 19:45:09 +00:00
LibreSSL - CAcert web application
Copyright (C) 2004-2008 CAcert Inc.
2004-11-10 06:12:43 +00:00
2008-04-06 19:45:09 +00:00
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
2004-11-10 06:12:43 +00:00
2008-04-06 19:45:09 +00:00
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
2004-11-10 06:12:43 +00:00
2008-04-06 19:45:09 +00:00
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
2004-11-10 06:12:43 +00:00
*/
2005-07-14 19:56:28 +00:00
if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] != 0)
2004-12-06 14:02:02 +00:00
{
2006-08-03 13:20:55 +00:00
$uid = $_SESSION['profile']['id'];
$_SESSION['profile']['loggedin'] = 0;
$_SESSION['profile'] = "";
foreach($_SESSION as $key)
{
2006-08-04 22:05:11 +00:00
if($key == '_config')
continue;
if(is_int($key) || is_string($key))
unset($_SESSION[$key]);
2006-08-03 13:20:55 +00:00
unset($$key);
session_unregister($key);
}
$_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$uid'"));
2006-08-16 05:56:39 +00:00
if($_SESSION['profile']['locked'] == 0)
$_SESSION['profile']['loggedin'] = 1;
else
unset($_SESSION['profile']);
2004-12-06 14:02:02 +00:00
}
2005-07-14 19:56:28 +00:00
if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && ($_SESSION['profile']['id'] == 0 || $_SESSION['profile']['loggedin'] == 0))
2004-11-10 06:12:43 +00:00
{
$query = "select * from `emailcerts` where `serial`='${_SERVER['SSL_CLIENT_M_SERIAL']}' and `revoked`=0 and disablelogin=0 and
2004-11-10 06:12:43 +00:00
UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() > 0";
$res = mysql_query($query);
2004-11-10 06:12:43 +00:00
if(mysql_num_rows($res) > 0)
{
$row = mysql_fetch_assoc($res);
2006-08-03 13:20:55 +00:00
$_SESSION['profile']['loggedin'] = 0;
$_SESSION['profile'] = "";
foreach($_SESSION as $key)
{
2006-08-04 22:05:11 +00:00
if($key == '_config')
continue;
if(is_int($key) || is_string($key))
unset($_SESSION[$key]);
unset($$key);
session_unregister($key);
2006-08-03 13:20:55 +00:00
}
2004-11-10 06:12:43 +00:00
$_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$row['memid']."'"));
2006-08-16 05:56:39 +00:00
if($_SESSION['profile']['locked'] == 0)
$_SESSION['profile']['loggedin'] = 1;
else
unset($_SESSION['profile']);
2004-11-10 06:12:43 +00:00
} else {
$_SESSION['profile']['loggedin'] = 0;
2006-08-03 13:20:55 +00:00
$_SESSION['profile'] = "";
foreach($_SESSION as $key)
{
2006-08-04 22:05:11 +00:00
if($key == '_config')
continue;
2006-08-03 13:20:55 +00:00
unset($_SESSION[$key]);
unset($$key);
session_unregister($key);
}
2004-11-10 06:12:43 +00:00
unset($_SESSION['_config']['oldlocation']);
foreach($_GET as $key => $val)
{
if($_SESSION['_config']['oldlocation'])
$_SESSION['_config']['oldlocation'] .= "&";
2007-08-21 16:32:23 +00:00
$key = str_replace(array("\n", "\r"), '', $key);
$val = str_replace(array("\n", "\r"), '', $val);
2004-11-10 06:12:43 +00:00
$_SESSION['_config']['oldlocation'] .= "$key=$val";
}
2005-12-04 21:04:05 +00:00
$_SESSION['_config']['oldlocation'] = substr($_SERVER['SCRIPT_NAME'], 1)."?".$_SESSION['_config']['oldlocation'];
2004-11-10 06:12:43 +00:00
2008-11-23 04:21:14 +00:00
header("location: https://".$_SESSION['_config']['securehostname']."/index.php?id=4");
2004-11-10 06:12:43 +00:00
exit;
}
}
2004-12-06 21:53:35 +00:00
if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && ($_SESSION['profile']['id'] <= 0 || $_SESSION['profile']['loggedin'] == 0))
2004-11-10 06:12:43 +00:00
{
2004-12-06 21:53:35 +00:00
header("location: https://".$_SESSION['_config']['normalhostname']);
2004-11-10 06:12:43 +00:00
exit;
}
2005-07-14 19:56:28 +00:00
if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] > 0)
2004-11-10 06:12:43 +00:00
{
$query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
$res = mysql_query($query);
$row = mysql_fetch_assoc($res);
$_SESSION['profile']['points'] = $row['total'];
if($_SESSION['profile']['language'] == "")
{
$query = "update `users` set `language`='".$_SESSION['_config']['language']."'
where `id`='".$_SESSION['profile']['id']."'";
mysql_query($query);
} else {
$_SESSION['_config']['language'] = $_SESSION['profile']['language'];
putenv("LANG=".$_SESSION['_config']['language']);
setlocale(LC_ALL, $_SESSION['_config']['language']);
$domain = 'messages';
2004-12-06 21:53:35 +00:00
bindtextdomain("$domain", $_SESSION['_config']['filepath']."/locale");
2004-11-10 06:12:43 +00:00
textdomain("$domain");
}
}
2008-08-17 23:25:30 +00:00
if(array_key_exists("id",$_REQUEST) && $_REQUEST['id'] == "logout")
2004-11-10 06:12:43 +00:00
{
2008-06-09 09:48:51 +00:00
$normalhost=$_SESSION['_config']['normalhostname'];
2004-11-10 06:12:43 +00:00
$_SESSION['profile']['loggedin'] = 0;
2006-02-03 18:45:23 +00:00
$_SESSION['profile'] = "";
foreach($_SESSION as $key)
{
unset($_SESSION[$key]);
unset($$key);
session_unregister($key);
}
unset($_SESSION);
2005-03-12 19:40:24 +00:00
2008-06-09 09:48:51 +00:00
header("location: https://".$normalhost."/index.php");
2004-11-10 06:12:43 +00:00
exit;
}
if($_SESSION['profile']['loggedin'] < 1)
{
unset($_SESSION['_config']['oldlocation']);
2006-02-03 18:45:23 +00:00
foreach($_REQUEST as $key => $val)
2004-11-10 06:12:43 +00:00
{
if($_SESSION['_config']['oldlocation'])
$_SESSION['_config']['oldlocation'] .= "&";
2007-08-21 16:32:23 +00:00
$key = str_replace(array("\n", "\r"), '', $key);
$val = str_replace(array("\n", "\r"), '', $val);
2004-11-10 06:12:43 +00:00
$_SESSION['_config']['oldlocation'] .= "$key=$val";
}
2005-12-04 21:04:05 +00:00
$_SESSION['_config']['oldlocation'] = substr($_SERVER['SCRIPT_NAME'], 1)."?".$_SESSION['_config']['oldlocation'];
2008-11-23 04:21:14 +00:00
$hostname=$_SERVER['HTTP_HOST'];
$hostname = str_replace(array("\n", "\r"), '', $hostname);
header("location: https://".$hostname."/index.php?id=4");
2004-11-10 06:12:43 +00:00
exit;
}
?>