]> andersk Git - sql-web.git/blob - global.act.php
andersk / sql-web.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fix CSRF vulnerabilities
[sql-web.git] / global.act.php
1 <?php
2 /*
3         (c) 2005 Joe Presbrey
4 */
5
6 require_once('mitsql.cfg.php');
7 require_once('mitsql.lib.php');
8
9 $msg = $err = $timings = array();
10
11 ## PROCESS CERTIFICATE
12
13 $SSLCred = getSSLCert();
14 $SSLName = '';
15 $SSLEmail = '';
16 $SSLUsername = '';
17
18 if (isOnline()) {
19         
20 ## HANDLE SOME GLOBAL ACTIONS
21
22         if (isset($i_ssl)) {
23                 if (isSSL() && $i_ssl==1) redirect(newQS('ssl'));
24                 if (!isSSL() && $i_ssl==0) redirect(newQS('ssl'));
25                 redirect2(flipSSL());
26         }
27         if (isset($i_reset)) { session_destroy(); session_start(); redirect(newQS('reset')); }
28
29 ## SETUP SESSION VARS
30
31         $UserId = sess('UserId');
32         $Login = new Login($UserId);
33
34         if (isSSL() || !isLoggedIn()) {
35                 $SSLName = $SSLCred['Name'];
36                 $SSLUsername = $SSLCred['Username'];
37                 $SSLEmail = $SSLCred['Email'];
38
39                 /*$LoginSSL = sess('LoginSSL');
40                 if (!is_a($LoginSSL, 'Login')) { $LoginSSL = new Login($SSLUsername); }*/
41                 $LoginSSL = new Login(getUsernameID($SSLUsername));
42                 $LoginSSL->update($SSLCred['Name'],$SSLCred['Email']);
43
44                 if (!isLoggedIn() && !$LoginSSL->exists()) {
45                         if (!empty($SSLName))
46                                 addUser($SSLCred);
47                         $LoginSSL = new Login(getUsernameID($SSLUsername));
48                 }
49         } else {
50                 unset($_SESSION['LoginSSL']);
51         }
52
53         /*
54         if (isPost() || isset($i_refresh)) {
55                 if (!empty($UserId)) {
56                         checkQuotas($UserId);
57                 }
58                 isset($i_refresh) && redirect('main?r');
59         }
60         */
61
62 } // isOnline()
63
64 ?>
Unnamed repository; edit this file 'description' to name the repository.
This page took 0.03636 seconds and 5 git commands to generate.