]> andersk Git - sql-web.git/blobdiff - global.act.php
andersk / sql-web.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix CSRF vulnerabilities
[sql-web.git] / global.act.php
diff --git a/global.act.php b/global.act.php
index 94e662d5af48dad487532fd0b4077d516142332f..ee34748a31ab6385433813a80b9ed737c6935eb8 100644 (file)
--- a/global.act.php
+++ b/global.act.php
@@ -1,22 +1,12 @@
 <?php
+/*
+       (c) 2005 Joe Presbrey
+*/
 
 require_once('mitsql.cfg.php');
 require_once('mitsql.lib.php');
 
-if (isset($i_ssl)) {
-       if (isSSL() && $i_ssl==1) redirect(newQS('ssl'));
-       if (!isSSL() && $i_ssl==0) redirect(newQS('ssl'));
-       redirect2(flipSSL());
-}
-if (isset($i_reset)) { session_destroy(); session_start(); redirect(newQS('reset')); }
-
-$msg = $err = array();
-
-## SESSION VARS
-
-$timings = array();
-$UserId = sess('UserId');
-$Login = new Login($UserId);
+$msg = $err = $timings = array();
 
 ## PROCESS CERTIFICATE
 
@@ -25,27 +15,50 @@ $SSLName = '';
 $SSLEmail = '';
 $SSLUsername = '';
 
-if (isSSL() || !isLoggedIn()) {
-       $SSLName = $SSLCred['Name'];
-       $SSLUsername = $SSLCred['Username'];
-       $SSLEmail = $SSLCred['Email'];
+if (isOnline()) {
+       
+## HANDLE SOME GLOBAL ACTIONS
+
+       if (isset($i_ssl)) {
+               if (isSSL() && $i_ssl==1) redirect(newQS('ssl'));
+               if (!isSSL() && $i_ssl==0) redirect(newQS('ssl'));
+               redirect2(flipSSL());
+       }
+       if (isset($i_reset)) { session_destroy(); session_start(); redirect(newQS('reset')); }
+
+## SETUP SESSION VARS
 
-       /*$LoginSSL = sess('LoginSSL');
-       if (!is_a($LoginSSL, 'Login')) { $LoginSSL = new Login($SSLUsername); }*/
-       $LoginSSL = new Login($SSLUsername);
-       $LoginSSL->update($SSLCred['Name'],$SSLCred['Email']);
+       $UserId = sess('UserId');
+       $Login = new Login($UserId);
 
-       if (!isLoggedIn() && !$LoginSSL->exists()) {
-               if (!empty($SSLName))
-                       addUser($SSLCred);
-               $LoginSSL->refresh();
+       if (isSSL() || !isLoggedIn()) {
+               $SSLName = $SSLCred['Name'];
+               $SSLUsername = $SSLCred['Username'];
+               $SSLEmail = $SSLCred['Email'];
+
+               /*$LoginSSL = sess('LoginSSL');
+               if (!is_a($LoginSSL, 'Login')) { $LoginSSL = new Login($SSLUsername); }*/
+               $LoginSSL = new Login(getUsernameID($SSLUsername));
+               $LoginSSL->update($SSLCred['Name'],$SSLCred['Email']);
+
+               if (!isLoggedIn() && !$LoginSSL->exists()) {
+                       if (!empty($SSLName))
+                               addUser($SSLCred);
+                       $LoginSSL = new Login(getUsernameID($SSLUsername));
+               }
+       } else {
+               unset($_SESSION['LoginSSL']);
+       }
+
+       /*
+       if (isPost() || isset($i_refresh)) {
+               if (!empty($UserId)) {
+                       checkQuotas($UserId);
+               }
+               isset($i_refresh) && redirect('main?r');
        }
-} else {
-       unset($_SESSION['LoginSSL']);
-}
-
-if (isPost() || isset($i_refresh)) {
-       checkQuotas($UserId);
-       isset($i_refresh) && redirect('main');
-}
+       */
+
+} // isOnline()
+
 ?>
Unnamed repository; edit this file 'description' to name the repository.
This page took 0.083313 seconds and 4 git commands to generate.