bug 1192: Authentication is done in the previous step so don't set
authorMichael Tänzer <neo@nhng.de>
Wed, 26 Feb 2014 03:45:14 +0000 (04:45 +0100)
committerMichael Tänzer <neo@nhng.de>
Wed, 26 Feb 2014 03:45:14 +0000 (04:45 +0100)
$_SESSION['profile']['loggedin'] at all, only check it

Also if there was an oldlocation set redirect to it

Signed-off-by: Michael Tänzer <neo@nhng.de>
pages/index/52.php
www/index.php

index e2b205c..9132b8b 100644 (file)
@@ -27,7 +27,6 @@
                <input type="submit" name="agree" value="<?=_('I agree CCA')?>">
                <input type="submit" name="disagree" value="<?=_('I do not want to accept the CCA')?>">
 
-               <input type="hidden" name="id" value="52">
                <input type="hidden" name="oldid" value="<?=$id?>">
        </form>
 </div>
index 5f1680a..780b40b 100644 (file)
@@ -358,24 +358,36 @@ require_once('../includes/notary.inc.php');
        }
 
 // check for CCA acceptance prior to login
-if ($id == 52 )
+if ($oldid == 52 )
 {
-       $agree = ""; if(array_key_exists('agree',$_REQUEST)) $agree=$_REQUEST['agree'];
-       if (!$agree) {
-               $_SESSION['profile']['loggedin'] = 0;
-       }else{
-               write_user_agreement($_SESSION['profile']['id'], "CCA", "Login acception", "", 1);
-               $_SESSION['profile']['ccaagreement']=get_user_agreement_status($_SESSION['profile']['id'],'CCA');
-               $_SESSION['profile']['loggedin'] = 1;
-               header("location: https://".$_SERVER['HTTP_HOST']."/account.php");
+       // Check if the user is already authenticated
+       if (!array_key_exists('profile',$_SESSION)
+                       || !array_key_exists('loggedin',$_SESSION['profile'])
+                       || $_SESSION['profile']['loggedin'] != 1)
+       {
+               header("Location: https://{$_SERVER['HTTP_HOST']}/index.php?id=4");
                exit;
        }
-       $disagree = ""; if(array_key_exists('disagree',$_REQUEST)) $disagree=$_REQUEST['disagree'];
-       if ($disagree) {
-               $_SESSION['profile']['loggedin'] = 0;
-               header("location: https://".$_SERVER['HTTP_HOST']."/index.php?id=4");
-               exit;
+
+       if (array_key_exists('agree',$_REQUEST) && $_REQUEST['agree'] != "")
+       {
+               write_user_agreement($_SESSION['profile']['id'], "CCA", "Login acception", "", 1);
+               $_SESSION['profile']['ccaagreement']=get_user_agreement_status($_SESSION['profile']['id'],'CCA');
+
+               if (array_key_exists("oldlocation",$_SESSION['_config'])
+                               && $_SESSION['_config']['oldlocation']!="")
+               {
+                       header("Location: https://{$_SERVER['HTTP_HOST']}/{$_SESSION['_config']['oldlocation']}");
+                       exit;
+               } else {
+                       header("Location: https://{$_SERVER['HTTP_HOST']}/account.php");
+                       exit;
+               }
        }
+
+       // User didn't agree
+       header("Location: https://{$_SERVER['HTTP_HOST']}/index.php?id=4");
+       exit;
 }