bug 1192: moved the CCA check to the loggedin.php file
[cacert-devel.git] / includes / loggedin.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */
18
19 include_once("../includes/lib/general.php");
20 require_once("../includes/lib/l10n.php");
21 include_once("../includes/mysql.php");
22 require_once('../includes/notary.inc.php');
23
24 if(!isset($_SESSION['profile']) || !is_array($_SESSION['profile'])) {
25 $_SESSION['profile'] = array( 'id' => 0, 'loggedin' => 0 );
26 }
27 if(!isset($_SESSION['profile']['id']) || !isset($_SESSION['profile']['loggedin'])) {
28 $_SESSION['profile']['id'] = 0;
29 $_SESSION['profile']['loggedin'] = 0;
30 }
31
32 if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] != 0)
33 {
34 $uid = $_SESSION['profile']['id'];
35 $_SESSION['profile']['loggedin'] = 0;
36 $_SESSION['profile'] = "";
37 foreach($_SESSION as $key => $value)
38 {
39 if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5))
40 continue;
41 if(is_int($key) || is_string($key))
42 unset($_SESSION[$key]);
43 unset($$key);
44 //session_unregister($key);
45 }
46
47 $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$uid'"));
48 if($_SESSION['profile']['locked'] == 0)
49 $_SESSION['profile']['loggedin'] = 1;
50 else
51 unset($_SESSION['profile']);
52 }
53
54 if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && ($_SESSION['profile']['id'] == 0 || $_SESSION['profile']['loggedin'] == 0))
55 {
56 $user_id = get_user_id_from_cert($_SERVER['SSL_CLIENT_M_SERIAL'],
57 $_SERVER['SSL_CLIENT_I_DN_CN']);
58
59 if($user_id >= 0)
60 {
61 $_SESSION['profile']['loggedin'] = 0;
62 $_SESSION['profile'] = "";
63 foreach($_SESSION as $key => $value)
64 {
65 if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5))
66 continue;
67 if(is_int($key) || is_string($key))
68 unset($_SESSION[$key]);
69 unset($$key);
70 //session_unregister($key);
71 }
72
73 $_SESSION['profile'] = mysql_fetch_assoc(mysql_query(
74 "select * from `users` where `id`='".$user_id."'"));
75 if($_SESSION['profile']['locked'] == 0)
76 $_SESSION['profile']['loggedin'] = 1;
77 else
78 unset($_SESSION['profile']);
79 } else {
80 $_SESSION['profile']['loggedin'] = 0;
81 $_SESSION['profile'] = "";
82 foreach($_SESSION as $key => $value)
83 {
84 if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5))
85 continue;
86 unset($_SESSION[$key]);
87 unset($$key);
88 //session_unregister($key);
89 }
90
91 $_SESSION['_config']['oldlocation'] = '';
92
93 foreach($_GET as $key => $val)
94 {
95 if($_SESSION['_config']['oldlocation'])
96 $_SESSION['_config']['oldlocation'] .= "&";
97
98 $key = str_replace(array("\n", "\r"), '', $key);
99 $val = str_replace(array("\n", "\r"), '', $val);
100 $_SESSION['_config']['oldlocation'] .= "$key=$val";
101 }
102 $_SESSION['_config']['oldlocation'] = substr($_SERVER['SCRIPT_NAME'], 1)."?".$_SESSION['_config']['oldlocation'];
103
104 header("location: https://".$_SESSION['_config']['securehostname']."/index.php?id=4");
105 exit;
106 }
107 }
108
109 if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && ($_SESSION['profile']['id'] <= 0 || $_SESSION['profile']['loggedin'] == 0))
110 {
111 header("location: https://".$_SESSION['_config']['normalhostname']);
112 exit;
113 }
114
115 if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] > 0)
116 {
117 $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
118 $res = mysql_query($query);
119 $row = mysql_fetch_assoc($res);
120 $_SESSION['profile']['points'] = $row['total'];
121
122 if($_SESSION['profile']['language'] == "")
123 {
124 $query = "update `users` set `language`='".L10n::get_translation()."'
125 where `id`='".$_SESSION['profile']['id']."'";
126 mysql_query($query);
127 } else {
128 L10n::set_translation($_SESSION['profile']['language']);
129 L10n::init_gettext();
130 }
131 }
132
133 if(array_key_exists("id",$_REQUEST) && $_REQUEST['id'] == "logout")
134 {
135 $normalhost=$_SESSION['_config']['normalhostname'];
136 $_SESSION['profile']['loggedin'] = 0;
137 $_SESSION['profile'] = "";
138 foreach($_SESSION as $key => $value)
139 {
140 unset($_SESSION[$key]);
141 unset($$key);
142 //session_unregister($key);
143 }
144
145 header("location: https://".$normalhost."/index.php");
146 exit;
147 }
148
149 if($_SESSION['profile']['loggedin'] < 1)
150 {
151 $_SESSION['_config']['oldlocation'] = '';
152
153 foreach($_REQUEST as $key => $val)
154 {
155 if('' != $_SESSION['_config']['oldlocation'])
156 $_SESSION['_config']['oldlocation'] .= "&";
157
158 $key = str_replace(array("\n", "\r"), '', $key);
159 $val = str_replace(array("\n", "\r"), '', $val);
160 $_SESSION['_config']['oldlocation'] .= "$key=$val";
161 }
162 $_SESSION['_config']['oldlocation'] = substr($_SERVER['SCRIPT_NAME'], 1)."?".$_SESSION['_config']['oldlocation'];
163 $hostname=$_SERVER['HTTP_HOST'];
164 $hostname = str_replace(array("\n", "\r"), '', $hostname);
165 header("location: https://".$hostname."/index.php?id=4");
166 exit;
167 }
168
169 if (!isset($_SESSION['profile']['ccaagreement']) || !$_SESSION['profile']['ccaagreement'] == True) {
170 $_SESSION['profile']['ccaagreement']=get_user_agreement_status($_SESSION['profile']['id'],'CCA');
171 if ($_SESSION['profile']['ccaagreement'] == FALSE) {
172 header("location: https://".$_SERVER['HTTP_HOST']."/index.php?id=52");
173 exit;
174 }
175 }
176 ?>