cacert
/
cacert-webdb
8
0
Fork 0
Code Issues Pull Requests 2 Projects Releases Wiki Activity

Fix for https://bugs.cacert.org/view.php?id=1192

Browse Source 
"Check on log into the account if user aggreed to CCA, if not prompt him an acception form"
pull/1/head
Wytze van der Raay 10 years ago
parent 8be54e45e9
commit ca2fe0bc16
3 changed files with 91 additions and 34 deletions
Show Stats Download Patch File Download Diff File

45
includes/loggedin.php
Unescape Escape View File

@ -19,6 +19,7 @@
include_once("../includes/lib/general.php");
require_once("../includes/lib/l10n.php");
include_once("../includes/mysql.php");
require_once('../includes/notary.inc.php');
if(!isset($_SESSION['profile']) || !is_array($_SESSION['profile'])) {
$_SESSION['profile'] = array( 'id' => 0, 'loggedin' => 0 );
@ -87,27 +88,15 @@
//session_unregister($key);
}
$_SESSION['_config']['oldlocation'] = '';
foreach($_GET as $key => $val)
{
if($_SESSION['_config']['oldlocation'])
$_SESSION['_config']['oldlocation'] .= "&";
$key = str_replace(array("\n", "\r"), '', $key);
$val = str_replace(array("\n", "\r"), '', $val);
$_SESSION['_config']['oldlocation'] .= "$key=$val";
}
$_SESSION['_config']['oldlocation'] = substr($_SERVER['SCRIPT_NAME'], 1)."?".$_SESSION['_config']['oldlocation'];
header("location: https://".$_SESSION['_config']['securehostname']."/index.php?id=4");
$_SESSION['_config']['oldlocation'] = $_SERVER['REQUEST_URI'];
header("Location: https://{$_SESSION['_config']['securehostname']}/index.php?id=4");
exit;
}
}
if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && ($_SESSION['profile']['id'] <= 0 || $_SESSION['profile']['loggedin'] == 0))
{
header("location: https://".$_SESSION['_config']['normalhostname']);
header("Location: https://{$_SESSION['_config']['normalhostname']}");
exit;
}
@ -141,27 +130,23 @@
//session_unregister($key);
}
header("location: https://".$normalhost."/index.php");
header("Location: https://{$normalhost}/index.php");
exit;
}
if($_SESSION['profile']['loggedin'] < 1)
{
$_SESSION['_config']['oldlocation'] = '';
foreach($_REQUEST as $key => $val)
{
if('' != $_SESSION['_config']['oldlocation'])
$_SESSION['_config']['oldlocation'] .= "&";
$_SESSION['_config']['oldlocation'] = $_SERVER['REQUEST_URI'];
header("Location: https://{$_SERVER['HTTP_HOST']}/index.php?id=4");
exit;
}
$key = str_replace(array("\n", "\r"), '', $key);
$val = str_replace(array("\n", "\r"), '', $val);
$_SESSION['_config']['oldlocation'] .= "$key=$val";
if (!isset($_SESSION['profile']['ccaagreement']) || !$_SESSION['profile']['ccaagreement']) {
$_SESSION['profile']['ccaagreement']=get_user_agreement_status($_SESSION['profile']['id'],'CCA');
if (!$_SESSION['profile']['ccaagreement']) {
$_SESSION['_config']['oldlocation'] = $_SERVER['REQUEST_URI'];
header("Location: https://{$_SERVER['HTTP_HOST']}/index.php?id=52");
exit;
}
$_SESSION['_config']['oldlocation'] = substr($_SERVER['SCRIPT_NAME'], 1)."?".$_SESSION['_config']['oldlocation'];
$hostname=$_SERVER['HTTP_HOST'];
$hostname = str_replace(array("\n", "\r"), '', $hostname);
header("location: https://".$hostname."/index.php?id=4");
exit;
}
?>

33
pages/index/52.php
Unescape Escape View File

@ -0,0 +1,33 @@
<?/*
LibreSSL - CAcert web application
Copyright (C) 2004-2008 CAcert Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
?>
<div style="text-align: center;">
<h1><?=_('CAcert Community Agreement Acceptance')?></h1>
<p><?=sprintf(_('To get access to your account your agreement to the %s CAcert Community Agreement %s (CCA) is required.'),'<a href="/policy/CAcertCommunityAgreement.php">', '</a>')?></p>
<p><?=_('Every member, who has agreed to the CCA, should be able to rely on the fact that every other user of CAcert has also agreed to the CCA and that the same rules apply to everybody. Moreover it is a basic requirement for the audit to be able to tell who has accepted our rules.')?></p>
<p><?=_('Originally the acceptance was not recorded. Up until now, we do not have your agreement on record. Once you have accepted the CCA (again) your agreement is recorded and you will not need to do this step again.')?></p>
<p><?=sprintf(_('If you do not wish to accept the CCA you should consider to ask for the closing of your account as you will not be able to access our system. In this case please send an email to support (%s).'),'<a href="mailto:support@cacert.org">support@cacert.org</a>')?></p>
<p><?=_('If you do not want to decide about the acceptance of the CCA now, you can come back at any time.')?></p>
<form method="post" action="index.php">
<input type="submit" name="agree" value="<?=_('I agree to the CCA')?>">
<input type="submit" name="disagree" value="<?=_('I do not want to accept the CCA')?>">
<input type="hidden" name="oldid" value="<?=$id?>">
</form>
</div>

47
www/index.php
Unescape Escape View File

@ -17,7 +17,7 @@
*/
require_once('../includes/lib/l10n.php');
require_once('../includes/notary.inc.php');
$id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']);
$oldid = 0; if(array_key_exists("oldid",$_REQUEST)) $oldid=intval($_REQUEST['oldid']);
@ -148,6 +148,7 @@ require_once('../includes/lib/l10n.php');
}
}
//client login
if($id == 4 && $_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'])
{
include_once("../includes/lib/general.php");
@ -171,6 +172,7 @@ require_once('../includes/lib/l10n.php');
}
}
if($id == 4 && array_key_exists('profile',$_SESSION) && array_key_exists('loggedin',array($_SESSION['profile'])) && $_SESSION['profile']['loggedin'] == 1)
{
header("location: https://".$_SERVER['HTTP_HOST']."/account.php");
@ -218,12 +220,16 @@ require_once('../includes/lib/l10n.php');
$_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."<br>";
$_SESSION['_config']['oldlocation'] = "account.php?id=13";
}
if (!isset($_SESSION['_config']['oldlocation'])){
$_SESSION['_config']['oldlocation']='';
}
if (checkpwlight($pword) < 3)
$_SESSION['_config']['oldlocation'] = "account.php?id=14&force=1";
if($_SESSION['_config']['oldlocation'] != "")
if($_SESSION['_config']['oldlocation'] != ""){
header("location: https://".$_SERVER['HTTP_HOST']."/".$_SESSION['_config']['oldlocation']);
else
}else{
header("location: https://".$_SERVER['HTTP_HOST']."/account.php");
}
exit;
}
@ -238,6 +244,40 @@ require_once('../includes/lib/l10n.php');
}
}
// check for CCA acceptance prior to login
if ($oldid == 52 )
{
// Check if the user is already authenticated
if (!array_key_exists('profile',$_SESSION)
|| !array_key_exists('loggedin',$_SESSION['profile'])
|| $_SESSION['profile']['loggedin'] != 1)
{
header("Location: https://{$_SERVER['HTTP_HOST']}/index.php?id=4");
exit;
}
if (array_key_exists('agree',$_REQUEST) && $_REQUEST['agree'] != "")
{
write_user_agreement($_SESSION['profile']['id'], "CCA", "Login acception", "", 1);
$_SESSION['profile']['ccaagreement']=get_user_agreement_status($_SESSION['profile']['id'],'CCA');
if (array_key_exists("oldlocation",$_SESSION['_config'])
&& $_SESSION['_config']['oldlocation']!="")
{
header("Location: https://{$_SERVER['HTTP_HOST']}/{$_SESSION['_config']['oldlocation']}");
exit;
} else {
header("Location: https://{$_SERVER['HTTP_HOST']}/account.php");
exit;
}
}
// User didn't agree
header("Location: https://{$_SERVER['HTTP_HOST']}/index.php?id=4");
exit;
}
if($process && $oldid == 1)
{
$id = 2;
@ -432,7 +472,6 @@ require_once('../includes/lib/l10n.php');
`regional`='".$_SESSION['signup']['regional']."',
`radius`='".$_SESSION['signup']['radius']."'";
mysql_query($query);
include_once("../includes/notary.inc.php");
write_user_agreement($memid, "CCA", "account creation", "", 1);
$body = _("Thanks for signing up with CAcert.org, below is the link you need to open to verify your account. Once your account is verified you will be able to start issuing certificates till your hearts' content!")."\n\n";

Write Preview
Loading…
Cancel
Save