includes/loggedin.php

   1 <? /*
   2     LibreSSL - CAcert web application
   3     Copyright (C) 2004-2008  CAcert Inc.
   4
   5     This program is free software; you can redistribute it and/or modify
   6     it under the terms of the GNU General Public License as published by
   7     the Free Software Foundation; version 2 of the License.
   8
   9     This program is distributed in the hope that it will be useful,
  10     but WITHOUT ANY WARRANTY; without even the implied warranty of
  11     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12     GNU General Public License for more details.
  13
  14     You should have received a copy of the GNU General Public License
  15     along with this program; if not, write to the Free Software
  16     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
  17 */
  18
  19         include_once("../includes/lib/general.php");
  20         require_once("../includes/lib/l10n.php");
  21
  22         if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] != 0)
  23         {
  24                 $uid = $_SESSION['profile']['id'];
  25                 $_SESSION['profile']['loggedin'] = 0;
  26                 $_SESSION['profile'] = "";
  27                 foreach($_SESSION as $key)
  28                 {
  29                         if($key == '_config')
  30                                 continue;
  31                         if(is_int($key) || is_string($key))
  32                                 unset($_SESSION[$key]);
  33                         unset($$key);
  34                         session_unregister($key);
  35                 }
  36
  37                 $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$uid'"));
  38                 if($_SESSION['profile']['locked'] == 0)
  39                         $_SESSION['profile']['loggedin'] = 1;
  40                 else
  41                         unset($_SESSION['profile']);
  42         }
  43
  44         if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && ($_SESSION['profile']['id'] == 0 || $_SESSION['profile']['loggedin'] == 0))
  45         {
  46                 $user_id = get_user_id_from_cert($_SERVER['SSL_CLIENT_M_SERIAL'],
  47                                 $_SERVER['SSL_CLIENT_I_DN_CN']);
  48
  49                 if($user_id >= 0)
  50                 {
  51                         $_SESSION['profile']['loggedin'] = 0;
  52                         $_SESSION['profile'] = "";
  53                         foreach($_SESSION as $key)
  54                         {
  55                                 if($key == '_config')
  56                                         continue;
  57                                 if(is_int($key) || is_string($key))
  58                                         unset($_SESSION[$key]);
  59                                 unset($$key);
  60                                 session_unregister($key);
  61                         }
  62
  63                         $_SESSION['profile'] = mysql_fetch_assoc(mysql_query(
  64                                         "select * from `users` where `id`='".$user_id."'"));
  65                         if($_SESSION['profile']['locked'] == 0)
  66                                 $_SESSION['profile']['loggedin'] = 1;
  67                         else
  68                                 unset($_SESSION['profile']);
  69                 } else {
  70                         $_SESSION['profile']['loggedin'] = 0;
  71                         $_SESSION['profile'] = "";
  72                         foreach($_SESSION as $key)
  73                         {
  74                                 if($key == '_config')
  75                                         continue;
  76                                 unset($_SESSION[$key]);
  77                                 unset($$key);
  78                                 session_unregister($key);
  79                         }
  80
  81                         unset($_SESSION['_config']['oldlocation']);
  82
  83                         foreach($_GET as $key => $val)
  84                         {
  85                                 if($_SESSION['_config']['oldlocation'])
  86                                         $_SESSION['_config']['oldlocation'] .= "&";
  87
  88                                 $key = str_replace(array("\n", "\r"), '', $key);
  89                                 $val = str_replace(array("\n", "\r"), '', $val);
  90                                 $_SESSION['_config']['oldlocation'] .= "$key=$val";
  91                         }
  92                         $_SESSION['_config']['oldlocation'] = substr($_SERVER['SCRIPT_NAME'], 1)."?".$_SESSION['_config']['oldlocation'];
  93
  94                         header("location: https://".$_SESSION['_config']['securehostname']."/index.php?id=4");
  95                         exit;
  96                 }
  97         }
  98
  99         if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && ($_SESSION['profile']['id'] <= 0 || $_SESSION['profile']['loggedin'] == 0))
 100         {
 101                 header("location: https://".$_SESSION['_config']['normalhostname']);
 102                 exit;
 103         }
 104
 105         if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] > 0)
 106         {
 107                 $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
 108                 $res = mysql_query($query);
 109                 $row = mysql_fetch_assoc($res);
 110                 $_SESSION['profile']['points'] = $row['total'];
 111
 112                 if($_SESSION['profile']['language'] == "")
 113                 {
 114                         $query = "update `users` set `language`='".L10n::get_translation()."'
 115                                                         where `id`='".$_SESSION['profile']['id']."'";
 116                         mysql_query($query);
 117                 } else {
 118                         L10n::set_translation($_SESSION['profile']['language']);
 119                         L10n::init_gettext();
 120                 }
 121         }
 122
 123         if(array_key_exists("id",$_REQUEST) && $_REQUEST['id'] == "logout")
 124         {
 125                 $normalhost=$_SESSION['_config']['normalhostname'];
 126                 $_SESSION['profile']['loggedin'] = 0;
 127                 $_SESSION['profile'] = "";
 128                 foreach($_SESSION as $key => $value)
 129                 {
 130                         unset($_SESSION[$key]);
 131                         unset($$key);
 132                         session_unregister($key);
 133                 }
 134
 135                 header("location: https://".$normalhost."/index.php");
 136                 exit;
 137         }
 138
 139         if($_SESSION['profile']['loggedin'] < 1)
 140         {
 141                 unset($_SESSION['_config']['oldlocation']);
 142
 143                 foreach($_REQUEST as $key => $val)
 144                 {
 145                         if($_SESSION['_config']['oldlocation'])
 146                                 $_SESSION['_config']['oldlocation'] .= "&";
 147
 148                         $key = str_replace(array("\n", "\r"), '', $key);
 149                         $val = str_replace(array("\n", "\r"), '', $val);
 150                         $_SESSION['_config']['oldlocation'] .= "$key=$val";
 151                 }
 152                 $_SESSION['_config']['oldlocation'] = substr($_SERVER['SCRIPT_NAME'], 1)."?".$_SESSION['_config']['oldlocation'];
 153                 $hostname=$_SERVER['HTTP_HOST'];
 154                 $hostname = str_replace(array("\n", "\r"), '', $hostname);
 155                 header("location: https://".$hostname."/index.php?id=4");
 156                 exit;
 157         }
 158 ?>