// The cert is valid and the user is trying to log in, so extract their athena $athena = strstr($_SERVER['SSL_CLIENT_S_DN_Email'], '@', true); // Assert the existence of the user session prefs if (!isset($_SESSION['user'])) { $_SESSION['user'] = getDefaultUserPrefs(); } // Try to determine the user's class year from LDAP data if (!CourseRoadDB::userExists($athena)) { $ldap_data = fetchDataFromLDAP($athena); $cur_year = @$ldap_data['mitDirStudentYear'] ?: 1; $_SESSION['user']['class_year'] = getCurrentAcademicYear() + 4 - $cur_year; $_SESSION['user']['edited'] = true; } // Create a row for the user (default values are chosen for class_year et al) CourseRoadDB::addUser($athena); if ($_SESSION['user']['edited']) { CourseRoadDB::updateUserPrefs($athena, $_SESSION['user']); } // We've attempted auth $_SESSION['triedcert'] = true; $_SESSION['athena'] = $athena; $_SESSION['saveas'] = $_SESSION['crhash'] . ''; // If we're also trying to Save with Log In, then update the hash and copy // the old row. if (isset($_SESSION['trycert'])) { $_SESSION['trycert'] = false; $_SESSION['saveas'] = defaultOwnedHashName($_SESSION['athena']); CourseRoadDB::copyRoad($_SESSION['crhash'], $_SESSION['saveas'], $athena); } redirectHash($_SESSION['saveas']);
} // SESSION.add_new_term holds onto the new term's data $_SESSION['add_new_term'] = array('year' => $_GET['year'], 'term' => $_GET['term'], 'classes' => explode(',', $_GET['addclasses'])); if (!(isset($_GET['hash']) && CourseRoadDB::hashExists($_GET['hash']))) { $_GET['hash'] = ''; } } // Record failed login attempts (when user denies login after pressing Login) if (isset($_GET['triedlogin'])) { $_SESSION['triedcert'] = true; redirectHash($_SESSION['crhash']); } // A visible "?hash=" in the URL is unwanted, so we redirect to remove it, // but first store the hash to make loading faster. if (isset($_GET['hash'])) { redirectHash(urldecode($_GET['hash'])); } // Store that we've been to index.php. $_SESSION['wenttoindex'] = true; // We originally add add_new_term to SESSION to protect over the redirect above. // Now we read it into a variable and clear the SESSION version. $add_new_term = false; if (isset($_SESSION['add_new_term'])) { $add_new_term = $_SESSION['add_new_term']; unset($_SESSION['add_new_term']); $json = array(); foreach ($add_new_term['classes'] as $classname) { $classdata = pullClass(rtrim($classname, 'J'), $add_new_term['year'], $add_new_term['term']); if (!isset($classdata['error'])) { $json[] = $classdata; }