summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Tänzer <neo@nhng.de>2014-02-26 04:45:14 +0100
committerMichael Tänzer <neo@nhng.de>2014-02-26 04:45:14 +0100
commit942f0c74831dfbe17fe0afa27e8c8e2f9134a5b1 (patch)
tree3a4adcb358dc9cc18c8f1fbe257841ff5e79bff5
parentf8ce545d2ccc6da0189cff5415466254b6a73385 (diff)
downloadcacert-devel-942f0c74831dfbe17fe0afa27e8c8e2f9134a5b1.tar.gz
cacert-devel-942f0c74831dfbe17fe0afa27e8c8e2f9134a5b1.tar.xz
cacert-devel-942f0c74831dfbe17fe0afa27e8c8e2f9134a5b1.zip
bug 1192: Authentication is done in the previous step so don't set
$_SESSION['profile']['loggedin'] at all, only check it Also if there was an oldlocation set redirect to it Signed-off-by: Michael Tänzer <neo@nhng.de>
-rw-r--r--pages/index/52.php1
-rw-r--r--www/index.php40
2 files changed, 26 insertions, 15 deletions
diff --git a/pages/index/52.php b/pages/index/52.php
index e2b205c..9132b8b 100644
--- a/pages/index/52.php
+++ b/pages/index/52.php
@@ -27,7 +27,6 @@
<input type="submit" name="agree" value="<?=_('I agree CCA')?>">
<input type="submit" name="disagree" value="<?=_('I do not want to accept the CCA')?>">
- <input type="hidden" name="id" value="52">
<input type="hidden" name="oldid" value="<?=$id?>">
</form>
</div>
diff --git a/www/index.php b/www/index.php
index 5f1680a..780b40b 100644
--- a/www/index.php
+++ b/www/index.php
@@ -358,24 +358,36 @@ require_once('../includes/notary.inc.php');
}
// check for CCA acceptance prior to login
-if ($id == 52 )
+if ($oldid == 52 )
{
- $agree = ""; if(array_key_exists('agree',$_REQUEST)) $agree=$_REQUEST['agree'];
- if (!$agree) {
- $_SESSION['profile']['loggedin'] = 0;
- }else{
- write_user_agreement($_SESSION['profile']['id'], "CCA", "Login acception", "", 1);
- $_SESSION['profile']['ccaagreement']=get_user_agreement_status($_SESSION['profile']['id'],'CCA');
- $_SESSION['profile']['loggedin'] = 1;
- header("location: https://".$_SERVER['HTTP_HOST']."/account.php");
+ // Check if the user is already authenticated
+ if (!array_key_exists('profile',$_SESSION)
+ || !array_key_exists('loggedin',$_SESSION['profile'])
+ || $_SESSION['profile']['loggedin'] != 1)
+ {
+ header("Location: https://{$_SERVER['HTTP_HOST']}/index.php?id=4");
exit;
}
- $disagree = ""; if(array_key_exists('disagree',$_REQUEST)) $disagree=$_REQUEST['disagree'];
- if ($disagree) {
- $_SESSION['profile']['loggedin'] = 0;
- header("location: https://".$_SERVER['HTTP_HOST']."/index.php?id=4");
- exit;
+
+ if (array_key_exists('agree',$_REQUEST) && $_REQUEST['agree'] != "")
+ {
+ write_user_agreement($_SESSION['profile']['id'], "CCA", "Login acception", "", 1);
+ $_SESSION['profile']['ccaagreement']=get_user_agreement_status($_SESSION['profile']['id'],'CCA');
+
+ if (array_key_exists("oldlocation",$_SESSION['_config'])
+ && $_SESSION['_config']['oldlocation']!="")
+ {
+ header("Location: https://{$_SERVER['HTTP_HOST']}/{$_SESSION['_config']['oldlocation']}");
+ exit;
+ } else {
+ header("Location: https://{$_SERVER['HTTP_HOST']}/account.php");
+ exit;
+ }
}
+
+ // User didn't agree
+ header("Location: https://{$_SERVER['HTTP_HOST']}/index.php?id=4");
+ exit;
}