bug 1288: Accept STARTTLS as last option
[cacert-devel.git] / includes / loggedin.php
index 4a3b89e..c14f8c2 100644 (file)
 */
 
        include_once("../includes/lib/general.php");
+       require_once("../includes/lib/l10n.php");
+       include_once("../includes/mysql.php");
+       require_once('../includes/notary.inc.php');
+
+       if(!isset($_SESSION['profile']) || !is_array($_SESSION['profile'])) {
+               $_SESSION['profile'] = array( 'id' => 0, 'loggedin' => 0 );
+       }
+       if(!isset($_SESSION['profile']['id']) || !isset($_SESSION['profile']['loggedin'])) {
+               $_SESSION['profile']['id'] = 0;
+               $_SESSION['profile']['loggedin'] = 0;
+       }
 
        if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] != 0)
        {
                $uid = $_SESSION['profile']['id'];
                $_SESSION['profile']['loggedin'] = 0;
                $_SESSION['profile'] = "";
-               foreach($_SESSION as $key)
+               foreach($_SESSION as $key => $value)
                {
-                       if($key == '_config')
+                       if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5))
                                continue;
                        if(is_int($key) || is_string($key))
-                               unset($_SESSION[$key]);
-                       unset($$key);
-                       session_unregister($key);
+                               unset($_SESSION[$key]);
+                       unset($$key);
+                       //session_unregister($key);
                }
 
-               $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$uid'"));
+               $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($uid)."'"));
                if($_SESSION['profile']['locked'] == 0)
                        $_SESSION['profile']['loggedin'] = 1;
                else
                        unset($_SESSION['profile']);
        }
-  
+
        if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && ($_SESSION['profile']['id'] == 0 || $_SESSION['profile']['loggedin'] == 0))
        {
-               /* identify unique certs serial number related to root or subroot */
-               $query = "select * from `emailcerts` where
-                               `serial`='${_SERVER['SSL_CLIENT_M_SERIAL']}' and
-                               `rootcert`='".rootcertid($_SERVER['SSL_CLIENT_I_DN_CN'])."' and
-                               `revoked`=0 and disablelogin=0 and
-                               UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() > 0";
-               $res = mysql_query($query);
-               
                $user_id = get_user_id_from_cert($_SERVER['SSL_CLIENT_M_SERIAL'],
                                $_SERVER['SSL_CLIENT_I_DN_CN']);
 
                {
                        $_SESSION['profile']['loggedin'] = 0;
                        $_SESSION['profile'] = "";
-                       foreach($_SESSION as $key)
+                       foreach($_SESSION as $key => $value)
                        {
-                               if($key == '_config')
+                               if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5))
                                        continue;
                                if(is_int($key) || is_string($key))
-                                       unset($_SESSION[$key]);
-                               unset($$key);
-                                       session_unregister($key);
+                                       unset($_SESSION[$key]);
+                               unset($$key);
+                               //session_unregister($key);
                        }
 
                        $_SESSION['profile'] = mysql_fetch_assoc(mysql_query(
-                                       "select * from `users` where `id`='".$user_id."'"));
+                                       "select * from `users` where `id`='".intval($user_id)."'"));
                        if($_SESSION['profile']['locked'] == 0)
                                $_SESSION['profile']['loggedin'] = 1;
                        else
                } else {
                        $_SESSION['profile']['loggedin'] = 0;
                        $_SESSION['profile'] = "";
-                       foreach($_SESSION as $key)
+                       foreach($_SESSION as $key => $value)
                        {
-                               if($key == '_config')
+                               if($key == '_config' || $key == 'mconn' || 'csrf_' == substr($key, 0, 5))
                                        continue;
-                               unset($_SESSION[$key]);
-                               unset($$key);
-                               session_unregister($key);
+                               unset($_SESSION[$key]);
+                               unset($$key);
+                               //session_unregister($key);
                        }
 
-                       unset($_SESSION['_config']['oldlocation']);
-
-                       foreach($_GET as $key => $val)
-                       {
-                               if($_SESSION['_config']['oldlocation'])
-                                       $_SESSION['_config']['oldlocation'] .= "&";
-
-                               $key = str_replace(array("\n", "\r"), '', $key);
-                               $val = str_replace(array("\n", "\r"), '', $val);
-                               $_SESSION['_config']['oldlocation'] .= "$key=$val";
-                       }
-                       $_SESSION['_config']['oldlocation'] = substr($_SERVER['SCRIPT_NAME'], 1)."?".$_SESSION['_config']['oldlocation'];
-
-                       header("location: https://".$_SESSION['_config']['securehostname']."/index.php?id=4");
+                       $_SESSION['_config']['oldlocation'] = $_SERVER['REQUEST_URI'];
+                       header("Location: https://{$_SESSION['_config']['securehostname']}/index.php?id=4");
                        exit;
                }
        }
 
        if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && ($_SESSION['profile']['id'] <= 0 || $_SESSION['profile']['loggedin'] == 0))
        {
-               header("location: https://".$_SESSION['_config']['normalhostname']);
+               header("Location: https://{$_SESSION['_config']['normalhostname']}");
                exit;
        }
 
        if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] > 0)
        {
-               $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
+               $query = "select sum(`points`) as `total` from `notary` where `to`='".intval($_SESSION['profile']['id'])."' and `deleted` = 0 group by `to`";
                $res = mysql_query($query);
                $row = mysql_fetch_assoc($res);
                $_SESSION['profile']['points'] = $row['total'];
 
                if($_SESSION['profile']['language'] == "")
                {
-                       $query = "update `users` set `language`='".$_SESSION['_config']['language']."'
-                                                       where `id`='".$_SESSION['profile']['id']."'";
+                       $query = "update `users` set `language`='".L10n::get_translation()."'
+                                                       where `id`='".intval($_SESSION['profile']['id'])."'";
                        mysql_query($query);
                } else {
-                       $_SESSION['_config']['language'] = $_SESSION['profile']['language'];
-
-                       putenv("LANG=".$_SESSION['_config']['language']);
-                       setlocale(LC_ALL, $_SESSION['_config']['language']);
-
-                       $domain = 'messages';
-                       bindtextdomain("$domain", $_SESSION['_config']['filepath']."/locale");
-                       textdomain("$domain");
+                       L10n::set_translation($_SESSION['profile']['language']);
+                       L10n::init_gettext();
                }
        }
 
                $normalhost=$_SESSION['_config']['normalhostname'];
                $_SESSION['profile']['loggedin'] = 0;
                $_SESSION['profile'] = "";
-               foreach($_SESSION as $key)
+               foreach($_SESSION as $key => $value)
                {
-                       unset($_SESSION[$key]);
-                       unset($$key);
-                       session_unregister($key);
+                       unset($_SESSION[$key]);
+                       unset($$key);
+                       //session_unregister($key);
                }
-                unset($_SESSION);
 
-               header("location: https://".$normalhost."/index.php");
+               header("Location: https://{$normalhost}/index.php");
                exit;
        }
 
        if($_SESSION['profile']['loggedin'] < 1)
        {
-               unset($_SESSION['_config']['oldlocation']);
-
-               foreach($_REQUEST as $key => $val)
-               {
-                       if($_SESSION['_config']['oldlocation'])
-                               $_SESSION['_config']['oldlocation'] .= "&";
+               $_SESSION['_config']['oldlocation'] = $_SERVER['REQUEST_URI'];
+               header("Location: https://{$_SERVER['HTTP_HOST']}/index.php?id=4");
+               exit;
+       }
 
-                       $key = str_replace(array("\n", "\r"), '', $key);
-                       $val = str_replace(array("\n", "\r"), '', $val);
-                       $_SESSION['_config']['oldlocation'] .= "$key=$val";
+       if (!isset($_SESSION['profile']['ccaagreement']) || !$_SESSION['profile']['ccaagreement']) {
+               $_SESSION['profile']['ccaagreement']=get_user_agreement_status($_SESSION['profile']['id'],'CCA');
+               if (!$_SESSION['profile']['ccaagreement']) {
+                       $_SESSION['_config']['oldlocation'] = $_SERVER['REQUEST_URI'];
+                       header("Location: https://{$_SERVER['HTTP_HOST']}/index.php?id=52");
+                       exit;
                }
-               $_SESSION['_config']['oldlocation'] = substr($_SERVER['SCRIPT_NAME'], 1)."?".$_SESSION['_config']['oldlocation'];
-               $hostname=$_SERVER['HTTP_HOST'];
-               $hostname = str_replace(array("\n", "\r"), '', $hostname);
-               header("location: https://".$hostname."/index.php?id=4");
-               exit;
        }
 ?>