forked from CAcertOrg/cats
-
Notifications
You must be signed in to change notification settings - Fork 0
/
login_with_api.php
executable file
·117 lines (110 loc) · 4.73 KB
/
login_with_api.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
<?php
//print_r ($_SERVER);
//include ("functions/ocsp.php");
include ("functions/api.php");
include ("functions/acceptLogin.php");
if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && ($_SESSION['profile']['id'] == 0 || $_SESSION['profile']['loggedin'] == 0))
{
if($_SERVER['SSL_CLIENT_VERIFY']=='SUCCESS'){
if($_SERVER['SSL_CLIENT_I_DN_CN']=='CA Cert Signing Authority')$root=1;
else if ($_SERVER['SSL_CLIENT_I_DN_CN']=='CAcert Class 3 Root')$root=2;
$data = "serial=".$_SERVER['SSL_CLIENT_M_SERIAL']."&root=$root";
$x = PostToHost("www.cacert.org", "/api/edu.php", "No_Referrer", $data);
// 2007-10-22 Ted: Looks like the server has changed the number of header lines in its reply.
// IMHO hardcoding the number of header lines in a HTTP response is ... adventurous ...
// Look for the first empty line, the data line is the next! Put it in a function!
$user_id=$x[10];
if( $user_id!=0){
$sql="SELECT * FROM user where `user_id`='".mysql_real_escape_string($user_id)."'";
$query = mysql_query($sql);
$nr=mysql_num_rows($query);
if($nr==0){
$_SESSION['profile']['id']=$user_id;
acceptLogin();
} else {
$row = mysql_fetch_assoc($query);
$_SESSION['profile']['loggedin'] = 1;
$_SESSION['profile']['language']= $row['lang'];
$_SESSION['profile']['id']=$row['user_id'];
$_SESSION['profile']['admin'] =$row['admin'];
$_SESSION['profile']['email'] =$row['email'];
echo" <meta http-equiv='refresh' content='0; url=?' />";
}
//}
// else if($_SESSION['profile']['OCSP']==2 )echo " <h3>".Login_01."</h3>";
//else if($_SESSION['profile']['OCSP']==0)echo "<h3>".Login_02."</h3>";
} else {
echo "Fehler beim Loginvorgang<br />\n";
// Debug prints for isolating login problems
// echo "Data: $data<br />\n";
// echo "<pre>".join("", @$x)."</pre>";
}
}
else {
echo '<h5 class="centered"><br />'.Global_17.'</h5>';
}
}
/* $query = "select * from `emailcerts` where `serial`='${_SERVER['SSL_CLIENT_M_SERIAL']}' and `revoked`=0 and
UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() > 0";
$res = mysql_query($query);
if(mysql_num_rows($res) > 0){
$row = mysql_fetch_assoc($res);
$_SESSION['profile']['loggedin'] = 0;
$_SESSION['profile'] = "";
foreach($_SESSION as $key){
if($key == '_config')
continue;
if(is_int($key) || is_string($key))
unset($_SESSION[$key]);
unset($key);
session_unregister($key);
}
$sql=mysql_query("select * from `users` where `id`='".$row['memid']."'");
if (mysql_num_rows($sql) ==1){
$_SESSION['profile'] = mysql_fetch_assoc($sql);
if($_SERVER['SSL_CLIENT_S_DN_Email']!=$_SESSION['profile']['email']){
$sql_email=mysql_query("SELECT * FROM email WHERE email='${_SERVER['SSL_CLIENT_S_DN_Email']}'AND memid=".$_SESSION['profile']['id']." AND deleted='0000-00-00 00:00:00'");
if (mysql_num_rows($sql_email) ==1)$_SESSION['profile']['loggedin'] = 1;
else unset($_SESSION['profile']);
}
else $_SESSION['profile']['loggedin'] = 1;
}
else unset($_SESSION['profile']);
} else {
$_SESSION['profile']['loggedin'] = 0;
$_SESSION['profile'] = "";
foreach($_SESSION as $key)
{
if($key == '_config')
continue;
unset($_SESSION[$key]);
unset($key);
session_unregister($key);
}
exit;
}
}
}
if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] > 0)
{
$_SESSION['_config']['language'] = $_SESSION['profile']['language'];
putenv("LANG=".$_SESSION['_config']['language']);
setlocale(LC_ALL, $_SESSION['_config']['language']);
$domain = 'messages';
bindtextdomain("$domain", $_SESSION['_config']['filepath']."/locale");
textdomain("$domain");
// echo" <META HTTP-EQUIV='refresh' content='0;URL=?'>";
}*/
if($_REQUEST['id'] == "logout")
{
if(isset($_SESSION['profile']['language'])){
$sql="UPDATE user SET lang='".$_SESSION['profile']['language']."' WHERE user_id='".$_SESSION['profile']['id']."'";
$query = mysql_query($sql);
}
$_SESSION['profile']['loggedin'] = 0;
$_SESSION['profile'] = "";
echo" <meta http-equiv='refresh' content='0; url=?' />";
session_destroy();
exit;
}
?>