diff options
Diffstat (limited to 'includes/loggedin.php')
| -rw-r--r-- | includes/loggedin.php | 79 |
1 files changed, 32 insertions, 47 deletions
diff --git a/includes/loggedin.php b/includes/loggedin.php index 4f9b8e8..c14f8c2 100644 --- a/includes/loggedin.php +++ b/includes/loggedin.php @@ -19,6 +19,7 @@ include_once("../includes/lib/general.php"); require_once("../includes/lib/l10n.php"); include_once("../includes/mysql.php"); + require_once('../includes/notary.inc.php'); if(!isset($_SESSION['profile']) || !is_array($_SESSION['profile'])) { $_SESSION['profile'] = array( 'id' => 0, 'loggedin' => 0 ); @@ -38,18 +39,18 @@ if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5)) continue; if(is_int($key) || is_string($key)) - unset($_SESSION[$key]); - unset($$key); - //session_unregister($key); + unset($_SESSION[$key]); + unset($$key); + //session_unregister($key); } - $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$uid'")); + $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($uid)."'")); if($_SESSION['profile']['locked'] == 0) $_SESSION['profile']['loggedin'] = 1; else unset($_SESSION['profile']); } - + if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && ($_SESSION['profile']['id'] == 0 || $_SESSION['profile']['loggedin'] == 0)) { $user_id = get_user_id_from_cert($_SERVER['SSL_CLIENT_M_SERIAL'], @@ -64,13 +65,13 @@ if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5)) continue; if(is_int($key) || is_string($key)) - unset($_SESSION[$key]); - unset($$key); - //session_unregister($key); + unset($_SESSION[$key]); + unset($$key); + //session_unregister($key); } $_SESSION['profile'] = mysql_fetch_assoc(mysql_query( - "select * from `users` where `id`='".$user_id."'")); + "select * from `users` where `id`='".intval($user_id)."'")); if($_SESSION['profile']['locked'] == 0) $_SESSION['profile']['loggedin'] = 1; else @@ -82,38 +83,26 @@ { if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5)) continue; - unset($_SESSION[$key]); - unset($$key); - //session_unregister($key); + unset($_SESSION[$key]); + unset($$key); + //session_unregister($key); } - $_SESSION['_config']['oldlocation'] = ''; - - foreach($_GET as $key => $val) - { - if($_SESSION['_config']['oldlocation']) - $_SESSION['_config']['oldlocation'] .= "&"; - - $key = str_replace(array("\n", "\r"), '', $key); - $val = str_replace(array("\n", "\r"), '', $val); - $_SESSION['_config']['oldlocation'] .= "$key=$val"; - } - $_SESSION['_config']['oldlocation'] = substr($_SERVER['SCRIPT_NAME'], 1)."?".$_SESSION['_config']['oldlocation']; - - header("location: https://".$_SESSION['_config']['securehostname']."/index.php?id=4"); + $_SESSION['_config']['oldlocation'] = $_SERVER['REQUEST_URI']; + header("Location: https://{$_SESSION['_config']['securehostname']}/index.php?id=4"); exit; } } if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && ($_SESSION['profile']['id'] <= 0 || $_SESSION['profile']['loggedin'] == 0)) { - header("location: https://".$_SESSION['_config']['normalhostname']); + header("Location: https://{$_SESSION['_config']['normalhostname']}"); exit; } if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] > 0) { - $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`"; + $query = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted` = 0 group by `to`"; $res = mysql_query($query); $row = mysql_fetch_assoc($res); $_SESSION['profile']['points'] = $row['total']; @@ -121,7 +110,7 @@ if($_SESSION['profile']['language'] == "") { $query = "update `users` set `language`='".L10n::get_translation()."' - where `id`='".$_SESSION['profile']['id']."'"; + where `id`='".intval($_SESSION['profile']['id'])."'"; mysql_query($query); } else { L10n::set_translation($_SESSION['profile']['language']); @@ -136,32 +125,28 @@ $_SESSION['profile'] = ""; foreach($_SESSION as $key => $value) { - unset($_SESSION[$key]); - unset($$key); - //session_unregister($key); + unset($_SESSION[$key]); + unset($$key); + //session_unregister($key); } - header("location: https://".$normalhost."/index.php"); + header("Location: https://{$normalhost}/index.php"); exit; } if($_SESSION['profile']['loggedin'] < 1) { - $_SESSION['_config']['oldlocation'] = ''; - - foreach($_REQUEST as $key => $val) - { - if('' != $_SESSION['_config']['oldlocation']) - $_SESSION['_config']['oldlocation'] .= "&"; + $_SESSION['_config']['oldlocation'] = $_SERVER['REQUEST_URI']; + header("Location: https://{$_SERVER['HTTP_HOST']}/index.php?id=4"); + exit; + } - $key = str_replace(array("\n", "\r"), '', $key); - $val = str_replace(array("\n", "\r"), '', $val); - $_SESSION['_config']['oldlocation'] .= "$key=$val"; + if (!isset($_SESSION['profile']['ccaagreement']) || !$_SESSION['profile']['ccaagreement']) { + $_SESSION['profile']['ccaagreement']=get_user_agreement_status($_SESSION['profile']['id'],'CCA'); + if (!$_SESSION['profile']['ccaagreement']) { + $_SESSION['_config']['oldlocation'] = $_SERVER['REQUEST_URI']; + header("Location: https://{$_SERVER['HTTP_HOST']}/index.php?id=52"); + exit; } - $_SESSION['_config']['oldlocation'] = substr($_SERVER['SCRIPT_NAME'], 1)."?".$_SESSION['_config']['oldlocation']; - $hostname=$_SERVER['HTTP_HOST']; - $hostname = str_replace(array("\n", "\r"), '', $hostname); - header("location: https://".$hostname."/index.php?id=4"); - exit; } ?> |