355527fe46c276b84d36a1b14b3d6519f8850ed4
[cacert.git] / includes / loggedin.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */
18
19
20 if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] != 0)
21 {
22 $uid = $_SESSION['profile']['id'];
23 $_SESSION['profile']['loggedin'] = 0;
24 $_SESSION['profile'] = "";
25 foreach($_SESSION as $key)
26 {
27 if($key == '_config')
28 continue;
29 if(is_int($key) || is_string($key))
30 unset($_SESSION[$key]);
31 unset($$key);
32 session_unregister($key);
33 }
34
35 $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$uid'"));
36 if($_SESSION['profile']['locked'] == 0)
37 $_SESSION['profile']['loggedin'] = 1;
38 else
39 unset($_SESSION['profile']);
40 }
41
42 if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && ($_SESSION['profile']['id'] == 0 || $_SESSION['profile']['loggedin'] == 0))
43 {
44 $query = "select * from `emailcerts` where `serial`='${_SERVER['SSL_CLIENT_M_SERIAL']}' and `revoked`=0 and disablelogin=0 and
45 UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() > 0";
46 $res = mysql_query($query);
47
48 if(mysql_num_rows($res) > 0)
49 {
50 $row = mysql_fetch_assoc($res);
51
52 $_SESSION['profile']['loggedin'] = 0;
53 $_SESSION['profile'] = "";
54 foreach($_SESSION as $key)
55 {
56 if($key == '_config')
57 continue;
58 if(is_int($key) || is_string($key))
59 unset($_SESSION[$key]);
60 unset($$key);
61 session_unregister($key);
62 }
63
64 $_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$row['memid']."'"));
65 if($_SESSION['profile']['locked'] == 0)
66 $_SESSION['profile']['loggedin'] = 1;
67 else
68 unset($_SESSION['profile']);
69 } else {
70 $_SESSION['profile']['loggedin'] = 0;
71 $_SESSION['profile'] = "";
72 foreach($_SESSION as $key)
73 {
74 if($key == '_config')
75 continue;
76 unset($_SESSION[$key]);
77 unset($$key);
78 session_unregister($key);
79 }
80
81 unset($_SESSION['_config']['oldlocation']);
82
83 foreach($_GET as $key => $val)
84 {
85 if($_SESSION['_config']['oldlocation'])
86 $_SESSION['_config']['oldlocation'] .= "&";
87
88 $key = str_replace(array("\n", "\r"), '', $key);
89 $val = str_replace(array("\n", "\r"), '', $val);
90 $_SESSION['_config']['oldlocation'] .= "$key=$val";
91 }
92 $_SESSION['_config']['oldlocation'] = substr($_SERVER['SCRIPT_NAME'], 1)."?".$_SESSION['_config']['oldlocation'];
93
94 header("location: https://".$_SESSION['_config']['securehostname']."/index.php?id=4");
95 exit;
96 }
97 }
98
99 if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && ($_SESSION['profile']['id'] <= 0 || $_SESSION['profile']['loggedin'] == 0))
100 {
101 header("location: https://".$_SESSION['_config']['normalhostname']);
102 exit;
103 }
104
105 if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] > 0)
106 {
107 $query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['profile']['id']."' group by `to`";
108 $res = mysql_query($query);
109 $row = mysql_fetch_assoc($res);
110 $_SESSION['profile']['points'] = $row['total'];
111
112 if($_SESSION['profile']['language'] == "")
113 {
114 $query = "update `users` set `language`='".$_SESSION['_config']['language']."'
115 where `id`='".$_SESSION['profile']['id']."'";
116 mysql_query($query);
117 } else {
118 $_SESSION['_config']['language'] = $_SESSION['profile']['language'];
119
120 putenv("LANG=".$_SESSION['_config']['language']);
121 setlocale(LC_ALL, $_SESSION['_config']['language']);
122
123 $domain = 'messages';
124 bindtextdomain("$domain", $_SESSION['_config']['filepath']."/locale");
125 textdomain("$domain");
126 }
127 }
128
129 if(array_key_exists("id",$_REQUEST) && $_REQUEST['id'] == "logout")
130 {
131 $normalhost=$_SESSION['_config']['normalhostname'];
132 $_SESSION['profile']['loggedin'] = 0;
133 $_SESSION['profile'] = "";
134 foreach($_SESSION as $key)
135 {
136 unset($_SESSION[$key]);
137 unset($$key);
138 session_unregister($key);
139 }
140 unset($_SESSION);
141
142 header("location: https://".$normalhost."/index.php");
143 exit;
144 }
145
146 if($_SESSION['profile']['loggedin'] < 1)
147 {
148 unset($_SESSION['_config']['oldlocation']);
149
150 foreach($_REQUEST as $key => $val)
151 {
152 if($_SESSION['_config']['oldlocation'])
153 $_SESSION['_config']['oldlocation'] .= "&";
154
155 $key = str_replace(array("\n", "\r"), '', $key);
156 $val = str_replace(array("\n", "\r"), '', $val);
157 $_SESSION['_config']['oldlocation'] .= "$key=$val";
158 }
159 $_SESSION['_config']['oldlocation'] = substr($_SERVER['SCRIPT_NAME'], 1)."?".$_SESSION['_config']['oldlocation'];
160 $hostname=$_SERVER['HTTP_HOST'];
161 $hostname = str_replace(array("\n", "\r"), '', $hostname);
162 header("location: https://".$hostname."/index.php?id=4");
163 exit;
164 }
165 ?>