From ca2fe0bc16f45869c2d9ff2e58ed3c060b1dd91a Mon Sep 17 00:00:00 2001
From: Wytze van der Raay <wytze@cacert.org>
Date: Mon, 24 Nov 2014 09:54:09 +0000
Subject: [PATCH] Fix for https://bugs.cacert.org/view.php?id=1192 "Check on
 log into the account if user aggreed to CCA, if not prompt him an acception
 form"

---
 includes/loggedin.php | 45 ++++++++++++++---------------------------
 pages/index/52.php    | 33 ++++++++++++++++++++++++++++++
 www/index.php         | 47 +++++++++++++++++++++++++++++++++++++++----
 3 files changed, 91 insertions(+), 34 deletions(-)
 create mode 100644 pages/index/52.php

diff --git a/includes/loggedin.php b/includes/loggedin.php
index 70c9674..c14f8c2 100644
--- a/includes/loggedin.php
+++ b/includes/loggedin.php
@@ -19,6 +19,7 @@
 	include_once("../includes/lib/general.php");
 	require_once("../includes/lib/l10n.php");
 	include_once("../includes/mysql.php");
+	require_once('../includes/notary.inc.php');
 
 	if(!isset($_SESSION['profile']) || !is_array($_SESSION['profile'])) {
 		$_SESSION['profile'] = array( 'id' => 0, 'loggedin' => 0 );
@@ -87,27 +88,15 @@
 				//session_unregister($key);
 			}
 
-			$_SESSION['_config']['oldlocation'] = '';
-
-			foreach($_GET as $key => $val)
-			{
-				if($_SESSION['_config']['oldlocation'])
-					$_SESSION['_config']['oldlocation'] .= "&";
-
-				$key = str_replace(array("\n", "\r"), '', $key);
-				$val = str_replace(array("\n", "\r"), '', $val);
-				$_SESSION['_config']['oldlocation'] .= "$key=$val";
- 			}
-			$_SESSION['_config']['oldlocation'] = substr($_SERVER['SCRIPT_NAME'], 1)."?".$_SESSION['_config']['oldlocation'];
-
-			header("location: https://".$_SESSION['_config']['securehostname']."/index.php?id=4");
+			$_SESSION['_config']['oldlocation'] = $_SERVER['REQUEST_URI'];
+			header("Location: https://{$_SESSION['_config']['securehostname']}/index.php?id=4");
 			exit;
 		}
 	}
 
 	if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && ($_SESSION['profile']['id'] <= 0 || $_SESSION['profile']['loggedin'] == 0))
 	{
-		header("location: https://".$_SESSION['_config']['normalhostname']);
+		header("Location: https://{$_SESSION['_config']['normalhostname']}");
 		exit;
 	}
 
@@ -141,27 +130,23 @@
 			//session_unregister($key);
 		}
 
-		header("location: https://".$normalhost."/index.php");
+		header("Location: https://{$normalhost}/index.php");
 		exit;
 	}
 
 	if($_SESSION['profile']['loggedin'] < 1)
 	{
-		$_SESSION['_config']['oldlocation'] = '';
-
-		foreach($_REQUEST as $key => $val)
-		{
-			if('' != $_SESSION['_config']['oldlocation'])
-				$_SESSION['_config']['oldlocation'] .= "&";
+		$_SESSION['_config']['oldlocation'] = $_SERVER['REQUEST_URI'];
+		header("Location: https://{$_SERVER['HTTP_HOST']}/index.php?id=4");
+		exit;
+	}
 
-			$key = str_replace(array("\n", "\r"), '', $key);
-			$val = str_replace(array("\n", "\r"), '', $val);
-			$_SESSION['_config']['oldlocation'] .= "$key=$val";
+	if (!isset($_SESSION['profile']['ccaagreement']) || !$_SESSION['profile']['ccaagreement']) {
+		$_SESSION['profile']['ccaagreement']=get_user_agreement_status($_SESSION['profile']['id'],'CCA');
+		if (!$_SESSION['profile']['ccaagreement']) {
+			$_SESSION['_config']['oldlocation'] = $_SERVER['REQUEST_URI'];
+			header("Location: https://{$_SERVER['HTTP_HOST']}/index.php?id=52");
+			exit;
 		}
-		$_SESSION['_config']['oldlocation'] = substr($_SERVER['SCRIPT_NAME'], 1)."?".$_SESSION['_config']['oldlocation'];
-		$hostname=$_SERVER['HTTP_HOST'];
-		$hostname = str_replace(array("\n", "\r"), '', $hostname);
-		header("location: https://".$hostname."/index.php?id=4");
-		exit;
 	}
 ?>
diff --git a/pages/index/52.php b/pages/index/52.php
new file mode 100644
index 0000000..0926780
--- /dev/null
+++ b/pages/index/52.php
@@ -0,0 +1,33 @@
+<?/*
+	LibreSSL - CAcert web application
+	Copyright (C) 2004-2008  CAcert Inc.
+
+	This program is free software; you can redistribute it and/or modify
+	it under the terms of the GNU General Public License as published by
+	the Free Software Foundation; version 2 of the License.
+
+	This program is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU General Public License for more details.
+
+	You should have received a copy of the GNU General Public License
+	along with this program; if not, write to the Free Software
+	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+*/
+
+?>
+
+<div style="text-align: center;">
+	<h1><?=_('CAcert Community Agreement Acceptance')?></h1>
+	<p><?=sprintf(_('To get access to your account your agreement to the %s CAcert Community Agreement %s (CCA) is required.'),'<a href="/policy/CAcertCommunityAgreement.php">', '</a>')?></p>
+	<p><?=_('Every member, who has agreed to the CCA, should be able to rely on the fact that every other user of CAcert has also agreed to the CCA and that the same rules apply to everybody. Moreover it is a basic requirement for the audit to be able to tell who has accepted our rules.')?></p>
+	<p><?=_('Originally the acceptance was not recorded. Up until now, we do not have your agreement on record. Once you have accepted the CCA (again) your agreement is recorded and you will not need to do this step again.')?></p>
+	<p><?=sprintf(_('If you do not wish to accept the CCA you should consider to ask for the closing of your account as you will not be able to access our system. In this case please send an email to support (%s).'),'<a href="mailto:support@cacert.org">support@cacert.org</a>')?></p>
+	<p><?=_('If you do not want to decide about the acceptance of the CCA now, you can come back at any time.')?></p>
+	<form method="post" action="index.php">
+		<input type="submit" name="agree" value="<?=_('I agree to the CCA')?>">
+		<input type="submit" name="disagree" value="<?=_('I do not want to accept the CCA')?>">
+		<input type="hidden" name="oldid" value="<?=$id?>">
+	</form>
+</div>
diff --git a/www/index.php b/www/index.php
index 5a744fc..e6fc06a 100644
--- a/www/index.php
+++ b/www/index.php
@@ -17,7 +17,7 @@
 */
 
 require_once('../includes/lib/l10n.php');
-
+require_once('../includes/notary.inc.php');
 
         $id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']);
         $oldid = 0; if(array_key_exists("oldid",$_REQUEST)) $oldid=intval($_REQUEST['oldid']);
@@ -148,6 +148,7 @@ require_once('../includes/lib/l10n.php');
 		}
 	}
 
+	//client login
 	if($id == 4 && $_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'])
 	{
 		include_once("../includes/lib/general.php");
@@ -171,6 +172,7 @@ require_once('../includes/lib/l10n.php');
 		}
 	}
 
+
 	if($id == 4 && array_key_exists('profile',$_SESSION) && array_key_exists('loggedin',array($_SESSION['profile'])) && $_SESSION['profile']['loggedin'] == 1)
 	{
 		header("location: https://".$_SERVER['HTTP_HOST']."/account.php");
@@ -218,12 +220,16 @@ require_once('../includes/lib/l10n.php');
 				$_SESSION['_config']['errmsg'] .= _("For your own security you must enter 5 lost password questions and answers.")."<br>";
 				$_SESSION['_config']['oldlocation'] = "account.php?id=13";
 			}
+			if (!isset($_SESSION['_config']['oldlocation'])){
+				$_SESSION['_config']['oldlocation']='';
+			}
 			if (checkpwlight($pword) < 3)
 				$_SESSION['_config']['oldlocation'] = "account.php?id=14&force=1";
-			if($_SESSION['_config']['oldlocation'] != "")
+			if($_SESSION['_config']['oldlocation'] != ""){
 				header("location: https://".$_SERVER['HTTP_HOST']."/".$_SESSION['_config']['oldlocation']);
-			else
+			}else{
 				header("location: https://".$_SERVER['HTTP_HOST']."/account.php");
+			}
 			exit;
 		}
 
@@ -238,6 +244,40 @@ require_once('../includes/lib/l10n.php');
 		}
 	}
 
+// check for CCA acceptance prior to login
+if ($oldid == 52 )
+{
+	// Check if the user is already authenticated
+	if (!array_key_exists('profile',$_SESSION)
+			|| !array_key_exists('loggedin',$_SESSION['profile'])
+			|| $_SESSION['profile']['loggedin'] != 1)
+	{
+		header("Location: https://{$_SERVER['HTTP_HOST']}/index.php?id=4");
+		exit;
+	}
+
+	if (array_key_exists('agree',$_REQUEST) && $_REQUEST['agree'] != "")
+	{
+		write_user_agreement($_SESSION['profile']['id'], "CCA", "Login acception", "", 1);
+		$_SESSION['profile']['ccaagreement']=get_user_agreement_status($_SESSION['profile']['id'],'CCA');
+
+		if (array_key_exists("oldlocation",$_SESSION['_config'])
+				&& $_SESSION['_config']['oldlocation']!="")
+		{
+			header("Location: https://{$_SERVER['HTTP_HOST']}/{$_SESSION['_config']['oldlocation']}");
+			exit;
+		} else {
+			header("Location: https://{$_SERVER['HTTP_HOST']}/account.php");
+			exit;
+		}
+	}
+
+	// User didn't agree
+	header("Location: https://{$_SERVER['HTTP_HOST']}/index.php?id=4");
+	exit;
+}
+
+
 	if($process && $oldid == 1)
 	{
 		$id = 2;
@@ -432,7 +472,6 @@ require_once('../includes/lib/l10n.php');
 						`regional`='".$_SESSION['signup']['regional']."',
 						`radius`='".$_SESSION['signup']['radius']."'";
 			mysql_query($query);
-			include_once("../includes/notary.inc.php");
 			write_user_agreement($memid, "CCA", "account creation", "", 1);
 
 			$body = _("Thanks for signing up with CAcert.org, below is the link you need to open to verify your account. Once your account is verified you will be able to start issuing certificates till your hearts' content!")."\n\n";