diff options
| author | Michael Tänzer <neo@nhng.de> | 2014-02-26 04:45:14 +0100 |
|---|---|---|
| committer | Michael Tänzer <neo@nhng.de> | 2014-02-26 04:45:14 +0100 |
| commit | 942f0c74831dfbe17fe0afa27e8c8e2f9134a5b1 (patch) | |
| tree | 3a4adcb358dc9cc18c8f1fbe257841ff5e79bff5 | |
| parent | f8ce545d2ccc6da0189cff5415466254b6a73385 (diff) | |
| download | cacert-devel-942f0c74831dfbe17fe0afa27e8c8e2f9134a5b1.tar.gz cacert-devel-942f0c74831dfbe17fe0afa27e8c8e2f9134a5b1.tar.xz cacert-devel-942f0c74831dfbe17fe0afa27e8c8e2f9134a5b1.zip | |
bug 1192: Authentication is done in the previous step so don't set
$_SESSION['profile']['loggedin'] at all, only check it
Also if there was an oldlocation set redirect to it
Signed-off-by: Michael Tänzer <neo@nhng.de>
| -rw-r--r-- | pages/index/52.php | 1 | ||||
| -rw-r--r-- | www/index.php | 40 |
2 files changed, 26 insertions, 15 deletions
diff --git a/pages/index/52.php b/pages/index/52.php index e2b205c..9132b8b 100644 --- a/pages/index/52.php +++ b/pages/index/52.php @@ -27,7 +27,6 @@ <input type="submit" name="agree" value="<?=_('I agree CCA')?>"> <input type="submit" name="disagree" value="<?=_('I do not want to accept the CCA')?>"> - <input type="hidden" name="id" value="52"> <input type="hidden" name="oldid" value="<?=$id?>"> </form> </div> diff --git a/www/index.php b/www/index.php index 5f1680a..780b40b 100644 --- a/www/index.php +++ b/www/index.php @@ -358,24 +358,36 @@ require_once('../includes/notary.inc.php'); } // check for CCA acceptance prior to login -if ($id == 52 ) +if ($oldid == 52 ) { - $agree = ""; if(array_key_exists('agree',$_REQUEST)) $agree=$_REQUEST['agree']; - if (!$agree) { - $_SESSION['profile']['loggedin'] = 0; - }else{ - write_user_agreement($_SESSION['profile']['id'], "CCA", "Login acception", "", 1); - $_SESSION['profile']['ccaagreement']=get_user_agreement_status($_SESSION['profile']['id'],'CCA'); - $_SESSION['profile']['loggedin'] = 1; - header("location: https://".$_SERVER['HTTP_HOST']."/account.php"); + // Check if the user is already authenticated + if (!array_key_exists('profile',$_SESSION) + || !array_key_exists('loggedin',$_SESSION['profile']) + || $_SESSION['profile']['loggedin'] != 1) + { + header("Location: https://{$_SERVER['HTTP_HOST']}/index.php?id=4"); exit; } - $disagree = ""; if(array_key_exists('disagree',$_REQUEST)) $disagree=$_REQUEST['disagree']; - if ($disagree) { - $_SESSION['profile']['loggedin'] = 0; - header("location: https://".$_SERVER['HTTP_HOST']."/index.php?id=4"); - exit; + + if (array_key_exists('agree',$_REQUEST) && $_REQUEST['agree'] != "") + { + write_user_agreement($_SESSION['profile']['id'], "CCA", "Login acception", "", 1); + $_SESSION['profile']['ccaagreement']=get_user_agreement_status($_SESSION['profile']['id'],'CCA'); + + if (array_key_exists("oldlocation",$_SESSION['_config']) + && $_SESSION['_config']['oldlocation']!="") + { + header("Location: https://{$_SERVER['HTTP_HOST']}/{$_SESSION['_config']['oldlocation']}"); + exit; + } else { + header("Location: https://{$_SERVER['HTTP_HOST']}/account.php"); + exit; + } } + + // User didn't agree + header("Location: https://{$_SERVER['HTTP_HOST']}/index.php?id=4"); + exit; } |