]> andersk Git - sql-web.git/blobdiff - global.act.php
andersk / sql-web.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix CSRF vulnerabilities
[sql-web.git] / global.act.php
diff --git a/global.act.php b/global.act.php
index 009d529c407f0125c508129b1493d67a29c0f909..ee34748a31ab6385433813a80b9ed737c6935eb8 100644 (file)
--- a/global.act.php
+++ b/global.act.php
@@ -1,37 +1,12 @@
 <?php
+/*
+       (c) 2005 Joe Presbrey
+*/
 
 require_once('mitsql.cfg.php');
 require_once('mitsql.lib.php');
 
-if (isset($i_ssl)) {
-       if (isSSL() && $i_ssl==1) redirect(newQS('ssl'));
-       if (!isSSL() && $i_ssl==0) redirect(newQS('ssl'));
-       redirect2(flipSSL());
-}
-if (isset($i_reset)) { session_destroy(); session_start(); redirect(newQS('reset')); }
-
-$err = array();
-
-## SESSION VARS
-
-$timings = array();
-$UserId = 0;
-$Username = '';
-$Name = '';
-$Email = '';
-$UL = 0;
-$Login = sess('Login');
-$LoginSSL = sess('LoginSSL');
-
-if (is_a($Login, 'Login')) {
-    $UserId = $Login->getUserId();
-       $Username = $Login->getUsername();
-       $Name = $Login->getName();
-       $Email = $Login->getEmail();
-       $UL = $Login->getUL();
-} else {
-       $Login = new Login('');
-}
+$msg = $err = $timings = array();
 
 ## PROCESS CERTIFICATE
 
@@ -40,18 +15,50 @@ $SSLName = '';
 $SSLEmail = '';
 $SSLUsername = '';
 
-if (isSSL()) {
-       $SSLName = $SSLCred['Name'];
-       $SSLUsername = $SSLCred['Username'];
-       $SSLEmail = $SSLCred['Email'];
-}
-if (!is_a($LoginSSL, 'Login')) {
-       $LoginSSL = new Login($SSLUsername);
-}
-if (!isLoggedIn() && !$LoginSSL->exists()) {
-       if (!empty($SSLName))
-               addUser($SSLCred);
-       $LoginSSL->refresh();
-}
+if (isOnline()) {
+       
+## HANDLE SOME GLOBAL ACTIONS
+
+       if (isset($i_ssl)) {
+               if (isSSL() && $i_ssl==1) redirect(newQS('ssl'));
+               if (!isSSL() && $i_ssl==0) redirect(newQS('ssl'));
+               redirect2(flipSSL());
+       }
+       if (isset($i_reset)) { session_destroy(); session_start(); redirect(newQS('reset')); }
+
+## SETUP SESSION VARS
+
+       $UserId = sess('UserId');
+       $Login = new Login($UserId);
+
+       if (isSSL() || !isLoggedIn()) {
+               $SSLName = $SSLCred['Name'];
+               $SSLUsername = $SSLCred['Username'];
+               $SSLEmail = $SSLCred['Email'];
+
+               /*$LoginSSL = sess('LoginSSL');
+               if (!is_a($LoginSSL, 'Login')) { $LoginSSL = new Login($SSLUsername); }*/
+               $LoginSSL = new Login(getUsernameID($SSLUsername));
+               $LoginSSL->update($SSLCred['Name'],$SSLCred['Email']);
+
+               if (!isLoggedIn() && !$LoginSSL->exists()) {
+                       if (!empty($SSLName))
+                               addUser($SSLCred);
+                       $LoginSSL = new Login(getUsernameID($SSLUsername));
+               }
+       } else {
+               unset($_SESSION['LoginSSL']);
+       }
+
+       /*
+       if (isPost() || isset($i_refresh)) {
+               if (!empty($UserId)) {
+                       checkQuotas($UserId);
+               }
+               isset($i_refresh) && redirect('main?r');
+       }
+       */
+
+} // isOnline()
 
 ?>
Unnamed repository; edit this file 'description' to name the repository.
This page took 0.041232 seconds and 4 git commands to generate.