2004-11-10 06:12:43 +00:00
|
|
|
<? /*
|
2008-04-06 19:45:09 +00:00
|
|
|
LibreSSL - CAcert web application
|
|
|
|
Copyright (C) 2004-2008 CAcert Inc.
|
2004-11-10 06:12:43 +00:00
|
|
|
|
2008-04-06 19:45:09 +00:00
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
|
|
it under the terms of the GNU General Public License as published by
|
|
|
|
the Free Software Foundation; version 2 of the License.
|
2004-11-10 06:12:43 +00:00
|
|
|
|
2008-04-06 19:45:09 +00:00
|
|
|
This program is distributed in the hope that it will be useful,
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
GNU General Public License for more details.
|
2004-11-10 06:12:43 +00:00
|
|
|
|
2008-04-06 19:45:09 +00:00
|
|
|
You should have received a copy of the GNU General Public License
|
|
|
|
along with this program; if not, write to the Free Software
|
|
|
|
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
2004-11-10 06:12:43 +00:00
|
|
|
*/
|
|
|
|
|
2011-09-07 10:30:32 +00:00
|
|
|
include_once("../includes/lib/general.php");
|
2012-01-24 14:26:05 +00:00
|
|
|
require_once("../includes/lib/l10n.php");
|
2013-07-15 08:32:06 +00:00
|
|
|
include_once("../includes/mysql.php");
|
2014-11-24 09:54:09 +00:00
|
|
|
require_once('../includes/notary.inc.php');
|
2013-07-15 08:32:06 +00:00
|
|
|
|
|
|
|
if(!isset($_SESSION['profile']) || !is_array($_SESSION['profile'])) {
|
|
|
|
$_SESSION['profile'] = array( 'id' => 0, 'loggedin' => 0 );
|
|
|
|
}
|
|
|
|
if(!isset($_SESSION['profile']['id']) || !isset($_SESSION['profile']['loggedin'])) {
|
|
|
|
$_SESSION['profile']['id'] = 0;
|
|
|
|
$_SESSION['profile']['loggedin'] = 0;
|
|
|
|
}
|
2008-02-19 23:09:11 +00:00
|
|
|
|
2005-07-14 19:56:28 +00:00
|
|
|
if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] != 0)
|
2004-12-06 14:02:02 +00:00
|
|
|
{
|
2006-08-03 13:20:55 +00:00
|
|
|
$uid = $_SESSION['profile']['id'];
|
|
|
|
$_SESSION['profile']['loggedin'] = 0;
|
|
|
|
$_SESSION['profile'] = "";
|
2013-07-15 08:32:06 +00:00
|
|
|
foreach($_SESSION as $key => $value)
|
2006-08-03 13:20:55 +00:00
|
|
|
{
|
2013-07-15 08:32:06 +00:00
|
|
|
if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5))
|
2006-08-04 22:05:11 +00:00
|
|
|
continue;
|
|
|
|
if(is_int($key) || is_string($key))
|
2014-06-07 09:16:26 +00:00
|
|
|
unset($_SESSION[$key]);
|
|
|
|
unset($$key);
|
|
|
|
//session_unregister($key);
|
2006-08-03 13:20:55 +00:00
|
|
|
}
|
|
|
|
|
2014-06-07 09:16:26 +00:00
|
|
|
$_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($uid)."'"));
|
2006-08-16 05:56:39 +00:00
|
|
|
if($_SESSION['profile']['locked'] == 0)
|
|
|
|
$_SESSION['profile']['loggedin'] = 1;
|
|
|
|
else
|
|
|
|
unset($_SESSION['profile']);
|
2004-12-06 14:02:02 +00:00
|
|
|
}
|
2014-06-07 09:16:26 +00:00
|
|
|
|
2005-07-14 19:56:28 +00:00
|
|
|
if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && ($_SESSION['profile']['id'] == 0 || $_SESSION['profile']['loggedin'] == 0))
|
2004-11-10 06:12:43 +00:00
|
|
|
{
|
2011-09-07 10:30:32 +00:00
|
|
|
$user_id = get_user_id_from_cert($_SERVER['SSL_CLIENT_M_SERIAL'],
|
|
|
|
$_SERVER['SSL_CLIENT_I_DN_CN']);
|
2008-02-19 23:09:11 +00:00
|
|
|
|
2011-09-07 10:30:32 +00:00
|
|
|
if($user_id >= 0)
|
2004-11-10 06:12:43 +00:00
|
|
|
{
|
2006-08-03 13:20:55 +00:00
|
|
|
$_SESSION['profile']['loggedin'] = 0;
|
|
|
|
$_SESSION['profile'] = "";
|
2013-07-15 08:32:06 +00:00
|
|
|
foreach($_SESSION as $key => $value)
|
2006-08-03 13:20:55 +00:00
|
|
|
{
|
2013-07-15 08:32:06 +00:00
|
|
|
if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5))
|
2006-08-04 22:05:11 +00:00
|
|
|
continue;
|
|
|
|
if(is_int($key) || is_string($key))
|
2014-06-07 09:16:26 +00:00
|
|
|
unset($_SESSION[$key]);
|
|
|
|
unset($$key);
|
|
|
|
//session_unregister($key);
|
2006-08-03 13:20:55 +00:00
|
|
|
}
|
|
|
|
|
2011-09-07 10:30:32 +00:00
|
|
|
$_SESSION['profile'] = mysql_fetch_assoc(mysql_query(
|
2014-06-07 09:16:26 +00:00
|
|
|
"select * from `users` where `id`='".intval($user_id)."'"));
|
2006-08-16 05:56:39 +00:00
|
|
|
if($_SESSION['profile']['locked'] == 0)
|
|
|
|
$_SESSION['profile']['loggedin'] = 1;
|
|
|
|
else
|
|
|
|
unset($_SESSION['profile']);
|
2004-11-10 06:12:43 +00:00
|
|
|
} else {
|
|
|
|
$_SESSION['profile']['loggedin'] = 0;
|
2006-08-03 13:20:55 +00:00
|
|
|
$_SESSION['profile'] = "";
|
2013-07-15 08:32:06 +00:00
|
|
|
foreach($_SESSION as $key => $value)
|
2006-08-03 13:20:55 +00:00
|
|
|
{
|
2013-07-15 08:32:06 +00:00
|
|
|
if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5))
|
2006-08-04 22:05:11 +00:00
|
|
|
continue;
|
2014-06-07 09:16:26 +00:00
|
|
|
unset($_SESSION[$key]);
|
|
|
|
unset($$key);
|
|
|
|
//session_unregister($key);
|
2006-08-03 13:20:55 +00:00
|
|
|
}
|
2004-11-10 06:12:43 +00:00
|
|
|
|
2014-11-24 09:54:09 +00:00
|
|
|
$_SESSION['_config']['oldlocation'] = $_SERVER['REQUEST_URI'];
|
|
|
|
header("Location: https://{$_SESSION['_config']['securehostname']}/index.php?id=4");
|
2004-11-10 06:12:43 +00:00
|
|
|
exit;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2004-12-06 21:53:35 +00:00
|
|
|
if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && ($_SESSION['profile']['id'] <= 0 || $_SESSION['profile']['loggedin'] == 0))
|
2004-11-10 06:12:43 +00:00
|
|
|
{
|
2014-11-24 09:54:09 +00:00
|
|
|
header("Location: https://{$_SESSION['_config']['normalhostname']}");
|
2004-11-10 06:12:43 +00:00
|
|
|
exit;
|
|
|
|
}
|
|
|
|
|
2005-07-14 19:56:28 +00:00
|
|
|
if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] > 0)
|
2004-11-10 06:12:43 +00:00
|
|
|
{
|
2014-06-07 09:16:26 +00:00
|
|
|
$query = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted` = 0 group by `to`";
|
2004-11-10 06:12:43 +00:00
|
|
|
$res = mysql_query($query);
|
|
|
|
$row = mysql_fetch_assoc($res);
|
|
|
|
$_SESSION['profile']['points'] = $row['total'];
|
|
|
|
|
|
|
|
if($_SESSION['profile']['language'] == "")
|
|
|
|
{
|
2012-01-24 14:26:05 +00:00
|
|
|
$query = "update `users` set `language`='".L10n::get_translation()."'
|
2014-06-07 09:16:26 +00:00
|
|
|
where `id`='".intval($_SESSION['profile']['id'])."'";
|
2004-11-10 06:12:43 +00:00
|
|
|
mysql_query($query);
|
|
|
|
} else {
|
2012-01-24 14:26:05 +00:00
|
|
|
L10n::set_translation($_SESSION['profile']['language']);
|
|
|
|
L10n::init_gettext();
|
2004-11-10 06:12:43 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2008-08-17 23:25:30 +00:00
|
|
|
if(array_key_exists("id",$_REQUEST) && $_REQUEST['id'] == "logout")
|
2004-11-10 06:12:43 +00:00
|
|
|
{
|
2008-06-09 09:48:51 +00:00
|
|
|
$normalhost=$_SESSION['_config']['normalhostname'];
|
2004-11-10 06:12:43 +00:00
|
|
|
$_SESSION['profile']['loggedin'] = 0;
|
2006-02-03 18:45:23 +00:00
|
|
|
$_SESSION['profile'] = "";
|
2011-08-03 10:11:39 +00:00
|
|
|
foreach($_SESSION as $key => $value)
|
2006-02-03 18:45:23 +00:00
|
|
|
{
|
2014-06-07 09:16:26 +00:00
|
|
|
unset($_SESSION[$key]);
|
|
|
|
unset($$key);
|
|
|
|
//session_unregister($key);
|
2006-02-03 18:45:23 +00:00
|
|
|
}
|
2005-03-12 19:40:24 +00:00
|
|
|
|
2014-11-24 09:54:09 +00:00
|
|
|
header("Location: https://{$normalhost}/index.php");
|
2004-11-10 06:12:43 +00:00
|
|
|
exit;
|
|
|
|
}
|
|
|
|
|
|
|
|
if($_SESSION['profile']['loggedin'] < 1)
|
|
|
|
{
|
2014-11-24 09:54:09 +00:00
|
|
|
$_SESSION['_config']['oldlocation'] = $_SERVER['REQUEST_URI'];
|
|
|
|
header("Location: https://{$_SERVER['HTTP_HOST']}/index.php?id=4");
|
|
|
|
exit;
|
|
|
|
}
|
2004-11-10 06:12:43 +00:00
|
|
|
|
2014-11-24 09:54:09 +00:00
|
|
|
if (!isset($_SESSION['profile']['ccaagreement']) || !$_SESSION['profile']['ccaagreement']) {
|
|
|
|
$_SESSION['profile']['ccaagreement']=get_user_agreement_status($_SESSION['profile']['id'],'CCA');
|
|
|
|
if (!$_SESSION['profile']['ccaagreement']) {
|
|
|
|
$_SESSION['_config']['oldlocation'] = $_SERVER['REQUEST_URI'];
|
|
|
|
header("Location: https://{$_SERVER['HTTP_HOST']}/index.php?id=52");
|
|
|
|
exit;
|
2004-11-10 06:12:43 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
?>
|