bug 1288: Accept STARTTLS as last option
[cacert-devel.git] / includes / loggedin.php
index 46f0659..c14f8c2 100644 (file)
@@ -19,6 +19,7 @@
        include_once("../includes/lib/general.php");
        require_once("../includes/lib/l10n.php");
        include_once("../includes/mysql.php");
+       require_once('../includes/notary.inc.php');
 
        if(!isset($_SESSION['profile']) || !is_array($_SESSION['profile'])) {
                $_SESSION['profile'] = array( 'id' => 0, 'loggedin' => 0 );
                        if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5))
                                continue;
                        if(is_int($key) || is_string($key))
-                               unset($_SESSION[$key]);
-                       unset($$key);
-                       //session_unregister($key);
+                               unset($_SESSION[$key]);
+                       unset($$key);
+                       //session_unregister($key);
                }
 
-               $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$uid'"));
+               $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($uid)."'"));
                if($_SESSION['profile']['locked'] == 0)
                        $_SESSION['profile']['loggedin'] = 1;
                else
                                if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5))
                                        continue;
                                if(is_int($key) || is_string($key))
-                                       unset($_SESSION[$key]);
-                               unset($$key);
-                               //session_unregister($key);
+                                       unset($_SESSION[$key]);
+                               unset($$key);
+                               //session_unregister($key);
                        }
 
                        $_SESSION['profile'] = mysql_fetch_assoc(mysql_query(
-                                       "select * from `users` where `id`='".$user_id."'"));
+                                       "select * from `users` where `id`='".intval($user_id)."'"));
                        if($_SESSION['profile']['locked'] == 0)
                                $_SESSION['profile']['loggedin'] = 1;
                        else
                        {
                                if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5))
                                        continue;
-                               unset($_SESSION[$key]);
-                               unset($$key);
-                               //session_unregister($key);
+                               unset($_SESSION[$key]);
+                               unset($$key);
+                               //session_unregister($key);
                        }
 
-                       $_SESSION['_config']['oldlocation'] = '';
-
-                       foreach($_GET as $key => $val)
-                       {
-                               if($_SESSION['_config']['oldlocation'])
-                                       $_SESSION['_config']['oldlocation'] .= "&";
-
-                               $key = str_replace(array("\n", "\r"), '', $key);
-                               $val = str_replace(array("\n", "\r"), '', $val);
-                               $_SESSION['_config']['oldlocation'] .= "$key=$val";
-                       }
-                       $_SESSION['_config']['oldlocation'] = substr($_SERVER['SCRIPT_NAME'], 1)."?".$_SESSION['_config']['oldlocation'];
-
-                       header("location: https://".$_SESSION['_config']['securehostname']."/index.php?id=4");
+                       $_SESSION['_config']['oldlocation'] = $_SERVER['REQUEST_URI'];
+                       header("Location: https://{$_SESSION['_config']['securehostname']}/index.php?id=4");
                        exit;
                }
        }
 
        if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && ($_SESSION['profile']['id'] <= 0 || $_SESSION['profile']['loggedin'] == 0))
        {
-               header("location: https://".$_SESSION['_config']['normalhostname']);
+               header("Location: https://{$_SESSION['_config']['normalhostname']}");
                exit;
        }
 
        if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] > 0)
        {
-               $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' and `deleted` = 0 group by `to`";
+               $query = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted` = 0 group by `to`";
                $res = mysql_query($query);
                $row = mysql_fetch_assoc($res);
                $_SESSION['profile']['points'] = $row['total'];
                if($_SESSION['profile']['language'] == "")
                {
                        $query = "update `users` set `language`='".L10n::get_translation()."'
-                                                       where `id`='".$_SESSION['profile']['id']."'";
+                                                       where `id`='".intval($_SESSION['profile']['id'])."'";
                        mysql_query($query);
                } else {
                        L10n::set_translation($_SESSION['profile']['language']);
                $_SESSION['profile'] = "";
                foreach($_SESSION as $key => $value)
                {
-                       unset($_SESSION[$key]);
-                       unset($$key);
-                       //session_unregister($key);
+                       unset($_SESSION[$key]);
+                       unset($$key);
+                       //session_unregister($key);
                }
 
-               header("location: https://".$normalhost."/index.php");
+               header("Location: https://{$normalhost}/index.php");
                exit;
        }
 
        if($_SESSION['profile']['loggedin'] < 1)
        {
-               $_SESSION['_config']['oldlocation'] = '';
-
-               foreach($_REQUEST as $key => $val)
-               {
-                       if('' != $_SESSION['_config']['oldlocation'])
-                               $_SESSION['_config']['oldlocation'] .= "&";
+               $_SESSION['_config']['oldlocation'] = $_SERVER['REQUEST_URI'];
+               header("Location: https://{$_SERVER['HTTP_HOST']}/index.php?id=4");
+               exit;
+       }
 
-                       $key = str_replace(array("\n", "\r"), '', $key);
-                       $val = str_replace(array("\n", "\r"), '', $val);
-                       $_SESSION['_config']['oldlocation'] .= "$key=$val";
+       if (!isset($_SESSION['profile']['ccaagreement']) || !$_SESSION['profile']['ccaagreement']) {
+               $_SESSION['profile']['ccaagreement']=get_user_agreement_status($_SESSION['profile']['id'],'CCA');
+               if (!$_SESSION['profile']['ccaagreement']) {
+                       $_SESSION['_config']['oldlocation'] = $_SERVER['REQUEST_URI'];
+                       header("Location: https://{$_SERVER['HTTP_HOST']}/index.php?id=52");
+                       exit;
                }
-               $_SESSION['_config']['oldlocation'] = substr($_SERVER['SCRIPT_NAME'], 1)."?".$_SESSION['_config']['oldlocation'];
-               $hostname=$_SERVER['HTTP_HOST'];
-               $hostname = str_replace(array("\n", "\r"), '', $hostname);
-               header("location: https://".$hostname."/index.php?id=4");
-               exit;
        }
 ?>