Merge branch 'bug-1186' into release
[cacert-devel.git] / includes / loggedin.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */
18
19 include_once("../includes/lib/general.php");
20 require_once("../includes/lib/l10n.php");
21 include_once("../includes/mysql.php");
22
23 if(!isset($_SESSION['profile']) || !is_array($_SESSION['profile'])) {
24 $_SESSION['profile'] = array( 'id' => 0, 'loggedin' => 0 );
25 }
26 if(!isset($_SESSION['profile']['id']) || !isset($_SESSION['profile']['loggedin'])) {
27 $_SESSION['profile']['id'] = 0;
28 $_SESSION['profile']['loggedin'] = 0;
29 }
30
31 if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] != 0)
32 {
33 $uid = $_SESSION['profile']['id'];
34 $_SESSION['profile']['loggedin'] = 0;
35 $_SESSION['profile'] = "";
36 foreach($_SESSION as $key => $value)
37 {
38 if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5))
39 continue;
40 if(is_int($key) || is_string($key))
41 unset($_SESSION[$key]);
42 unset($$key);
43 //session_unregister($key);
44 }
45
46 $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$uid'"));
47 if($_SESSION['profile']['locked'] == 0)
48 $_SESSION['profile']['loggedin'] = 1;
49 else
50 unset($_SESSION['profile']);
51 }
52
53 if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && ($_SESSION['profile']['id'] == 0 || $_SESSION['profile']['loggedin'] == 0))
54 {
55 $user_id = get_user_id_from_cert($_SERVER['SSL_CLIENT_M_SERIAL'],
56 $_SERVER['SSL_CLIENT_I_DN_CN']);
57
58 if($user_id >= 0)
59 {
60 $_SESSION['profile']['loggedin'] = 0;
61 $_SESSION['profile'] = "";
62 foreach($_SESSION as $key => $value)
63 {
64 if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5))
65 continue;
66 if(is_int($key) || is_string($key))
67 unset($_SESSION[$key]);
68 unset($$key);
69 //session_unregister($key);
70 }
71
72 $_SESSION['profile'] = mysql_fetch_assoc(mysql_query(
73 "select * from `users` where `id`='".$user_id."'"));
74 if($_SESSION['profile']['locked'] == 0)
75 $_SESSION['profile']['loggedin'] = 1;
76 else
77 unset($_SESSION['profile']);
78 } else {
79 $_SESSION['profile']['loggedin'] = 0;
80 $_SESSION['profile'] = "";
81 foreach($_SESSION as $key => $value)
82 {
83 if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5))
84 continue;
85 unset($_SESSION[$key]);
86 unset($$key);
87 //session_unregister($key);
88 }
89
90 $_SESSION['_config']['oldlocation'] = '';
91
92 foreach($_GET as $key => $val)
93 {
94 if($_SESSION['_config']['oldlocation'])
95 $_SESSION['_config']['oldlocation'] .= "&";
96
97 $key = str_replace(array("\n", "\r"), '', $key);
98 $val = str_replace(array("\n", "\r"), '', $val);
99 $_SESSION['_config']['oldlocation'] .= "$key=$val";
100 }
101 $_SESSION['_config']['oldlocation'] = substr($_SERVER['SCRIPT_NAME'], 1)."?".$_SESSION['_config']['oldlocation'];
102
103 header("location: https://".$_SESSION['_config']['securehostname']."/index.php?id=4");
104 exit;
105 }
106 }
107
108 if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && ($_SESSION['profile']['id'] <= 0 || $_SESSION['profile']['loggedin'] == 0))
109 {
110 header("location: https://".$_SESSION['_config']['normalhostname']);
111 exit;
112 }
113
114 if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] > 0)
115 {
116 $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
117 $res = mysql_query($query);
118 $row = mysql_fetch_assoc($res);
119 $_SESSION['profile']['points'] = $row['total'];
120
121 if($_SESSION['profile']['language'] == "")
122 {
123 $query = "update `users` set `language`='".L10n::get_translation()."'
124 where `id`='".$_SESSION['profile']['id']."'";
125 mysql_query($query);
126 } else {
127 L10n::set_translation($_SESSION['profile']['language']);
128 L10n::init_gettext();
129 }
130 }
131
132 if(array_key_exists("id",$_REQUEST) && $_REQUEST['id'] == "logout")
133 {
134 $normalhost=$_SESSION['_config']['normalhostname'];
135 $_SESSION['profile']['loggedin'] = 0;
136 $_SESSION['profile'] = "";
137 foreach($_SESSION as $key => $value)
138 {
139 unset($_SESSION[$key]);
140 unset($$key);
141 //session_unregister($key);
142 }
143
144 header("location: https://".$normalhost."/index.php");
145 exit;
146 }
147
148 if($_SESSION['profile']['loggedin'] < 1)
149 {
150 $_SESSION['_config']['oldlocation'] = '';
151
152 foreach($_REQUEST as $key => $val)
153 {
154 if('' != $_SESSION['_config']['oldlocation'])
155 $_SESSION['_config']['oldlocation'] .= "&";
156
157 $key = str_replace(array("\n", "\r"), '', $key);
158 $val = str_replace(array("\n", "\r"), '', $val);
159 $_SESSION['_config']['oldlocation'] .= "$key=$val";
160 }
161 $_SESSION['_config']['oldlocation'] = substr($_SERVER['SCRIPT_NAME'], 1)."?".$_SESSION['_config']['oldlocation'];
162 $hostname=$_SERVER['HTTP_HOST'];
163 $hostname = str_replace(array("\n", "\r"), '', $hostname);
164 header("location: https://".$hostname."/index.php?id=4");
165 exit;
166 }
167 ?>