bug 1176: Fix Syntax issue of last patch
[cacert-devel.git] / includes / loggedin.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */
18
19 include_once("../includes/lib/general.php");
20 require_once("../includes/lib/l10n.php");
21 include_once("../includes/mysql.php");
22
23 if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] != 0)
24 {
25 $uid = $_SESSION['profile']['id'];
26 $_SESSION['profile']['loggedin'] = 0;
27 $_SESSION['profile'] = "";
28 foreach($_SESSION as $key => $value)
29 {
30 if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5))
31 continue;
32 if(is_int($key) || is_string($key))
33 unset($_SESSION[$key]);
34 unset($$key);
35 //session_unregister($key);
36 }
37
38 $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$uid'"));
39 if($_SESSION['profile']['locked'] == 0)
40 $_SESSION['profile']['loggedin'] = 1;
41 else
42 unset($_SESSION['profile']);
43 }
44
45 if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && ($_SESSION['profile']['id'] == 0 || $_SESSION['profile']['loggedin'] == 0))
46 {
47 $user_id = get_user_id_from_cert($_SERVER['SSL_CLIENT_M_SERIAL'],
48 $_SERVER['SSL_CLIENT_I_DN_CN']);
49
50 if($user_id >= 0)
51 {
52 $_SESSION['profile']['loggedin'] = 0;
53 $_SESSION['profile'] = "";
54 foreach($_SESSION as $key => $value)
55 {
56 if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5))
57 continue;
58 if(is_int($key) || is_string($key))
59 unset($_SESSION[$key]);
60 unset($$key);
61 //session_unregister($key);
62 }
63
64 $_SESSION['profile'] = mysql_fetch_assoc(mysql_query(
65 "select * from `users` where `id`='".$user_id."'"));
66 if($_SESSION['profile']['locked'] == 0)
67 $_SESSION['profile']['loggedin'] = 1;
68 else
69 unset($_SESSION['profile']);
70 } else {
71 $_SESSION['profile']['loggedin'] = 0;
72 $_SESSION['profile'] = "";
73 foreach($_SESSION as $key => $value)
74 {
75 if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5))
76 continue;
77 unset($_SESSION[$key]);
78 unset($$key);
79 //session_unregister($key);
80 }
81
82 unset($_SESSION['_config']['oldlocation']);
83
84 foreach($_GET as $key => $val)
85 {
86 if($_SESSION['_config']['oldlocation'])
87 $_SESSION['_config']['oldlocation'] .= "&";
88
89 $key = str_replace(array("\n", "\r"), '', $key);
90 $val = str_replace(array("\n", "\r"), '', $val);
91 $_SESSION['_config']['oldlocation'] .= "$key=$val";
92 }
93 $_SESSION['_config']['oldlocation'] = substr($_SERVER['SCRIPT_NAME'], 1)."?".$_SESSION['_config']['oldlocation'];
94
95 header("location: https://".$_SESSION['_config']['securehostname']."/index.php?id=4");
96 exit;
97 }
98 }
99
100 if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && ($_SESSION['profile']['id'] <= 0 || $_SESSION['profile']['loggedin'] == 0))
101 {
102 header("location: https://".$_SESSION['_config']['normalhostname']);
103 exit;
104 }
105
106 if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] > 0)
107 {
108 $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
109 $res = mysql_query($query);
110 $row = mysql_fetch_assoc($res);
111 $_SESSION['profile']['points'] = $row['total'];
112
113 if($_SESSION['profile']['language'] == "")
114 {
115 $query = "update `users` set `language`='".L10n::get_translation()."'
116 where `id`='".$_SESSION['profile']['id']."'";
117 mysql_query($query);
118 } else {
119 L10n::set_translation($_SESSION['profile']['language']);
120 L10n::init_gettext();
121 }
122 }
123
124 if(array_key_exists("id",$_REQUEST) && $_REQUEST['id'] == "logout")
125 {
126 $normalhost=$_SESSION['_config']['normalhostname'];
127 $_SESSION['profile']['loggedin'] = 0;
128 $_SESSION['profile'] = "";
129 foreach($_SESSION as $key => $value)
130 {
131 unset($_SESSION[$key]);
132 unset($$key);
133 //session_unregister($key);
134 }
135
136 header("location: https://".$normalhost."/index.php");
137 exit;
138 }
139
140 if($_SESSION['profile']['loggedin'] < 1)
141 {
142 unset($_SESSION['_config']['oldlocation']);
143
144 foreach($_REQUEST as $key => $val)
145 {
146 if($_SESSION['_config']['oldlocation'])
147 $_SESSION['_config']['oldlocation'] .= "&";
148
149 $key = str_replace(array("\n", "\r"), '', $key);
150 $val = str_replace(array("\n", "\r"), '', $val);
151 $_SESSION['_config']['oldlocation'] .= "$key=$val";
152 }
153 $_SESSION['_config']['oldlocation'] = substr($_SERVER['SCRIPT_NAME'], 1)."?".$_SESSION['_config']['oldlocation'];
154 $hostname=$_SERVER['HTTP_HOST'];
155 $hostname = str_replace(array("\n", "\r"), '', $hostname);
156 header("location: https://".$hostname."/index.php?id=4");
157 exit;
158 }
159 ?>