Esempio n. 1
0
if (isset($_POST['saveNewRoad'])) {
    requireCSRF();
    requirePostDataFields('classes', 'majors');
    $classes = CourseRoadDB::encrypt($_POST['classes']);
    $majors = CourseRoadDB::encrypt($_POST['majors']);
    $hash = substr(strtr(base64_encode(md5($classes . $majors)), '+/=', '-_,'), 0, 5);
    if (!CourseRoadDB::isHashSafe($hash, $classes, $majors)) {
        for ($i = 0; !CourseRoadDB::isHashSafe($hash . $i, $classes, $majors); $i++) {
        }
    }
    $hash .= $i;
    $_SESSION['crhash'] = $hash;
    $_SESSION['trycert'] = false;
    if ($_POST['trycert']) {
        if ($loggedin) {
            $hash = defaultOwnedHashName($athena);
        } else {
            if (!$_SESSION['triedcert']) {
                $_SESSION['trycert'] = true;
            }
        }
    }
    CourseRoadDB::saveNewRoad($hash, $athena, $classes, $majors);
    dieJSON(array('redirectToAuth' => $_SESSION['trycert'], 'hash' => $hash));
}
// Returns the desired table of saved roads when the user is logged in
if (isset($_POST['viewSavedRoads'])) {
    requireCSRF();
    if (!$loggedin) {
        dieJSON(array('error' => true, 'errorDesc' => 'Not logged in', 'html' => 'Sorry, you need to log in again.'));
    }
Esempio n. 2
0
}
// The cert is valid and the user is trying to log in, so extract their athena
$athena = strstr($_SERVER['SSL_CLIENT_S_DN_Email'], '@', true);
// Assert the existence of the user session prefs
if (!isset($_SESSION['user'])) {
    $_SESSION['user'] = getDefaultUserPrefs();
}
// Try to determine the user's class year from LDAP data
if (!CourseRoadDB::userExists($athena)) {
    $ldap_data = fetchDataFromLDAP($athena);
    $cur_year = @$ldap_data['mitDirStudentYear'] ?: 1;
    $_SESSION['user']['class_year'] = getCurrentAcademicYear() + 4 - $cur_year;
    $_SESSION['user']['edited'] = true;
}
// Create a row for the user (default values are chosen for class_year et al)
CourseRoadDB::addUser($athena);
if ($_SESSION['user']['edited']) {
    CourseRoadDB::updateUserPrefs($athena, $_SESSION['user']);
}
// We've attempted auth
$_SESSION['triedcert'] = true;
$_SESSION['athena'] = $athena;
$_SESSION['saveas'] = $_SESSION['crhash'] . '';
// If we're also trying to Save with Log In, then update the hash and copy
// the old row.
if (isset($_SESSION['trycert'])) {
    $_SESSION['trycert'] = false;
    $_SESSION['saveas'] = defaultOwnedHashName($_SESSION['athena']);
    CourseRoadDB::copyRoad($_SESSION['crhash'], $_SESSION['saveas'], $athena);
}
redirectHash($_SESSION['saveas']);