if (isset($_POST['saveNewRoad'])) { requireCSRF(); requirePostDataFields('classes', 'majors'); $classes = CourseRoadDB::encrypt($_POST['classes']); $majors = CourseRoadDB::encrypt($_POST['majors']); $hash = substr(strtr(base64_encode(md5($classes . $majors)), '+/=', '-_,'), 0, 5); if (!CourseRoadDB::isHashSafe($hash, $classes, $majors)) { for ($i = 0; !CourseRoadDB::isHashSafe($hash . $i, $classes, $majors); $i++) { } } $hash .= $i; $_SESSION['crhash'] = $hash; $_SESSION['trycert'] = false; if ($_POST['trycert']) { if ($loggedin) { $hash = defaultOwnedHashName($athena); } else { if (!$_SESSION['triedcert']) { $_SESSION['trycert'] = true; } } } CourseRoadDB::saveNewRoad($hash, $athena, $classes, $majors); dieJSON(array('redirectToAuth' => $_SESSION['trycert'], 'hash' => $hash)); } // Returns the desired table of saved roads when the user is logged in if (isset($_POST['viewSavedRoads'])) { requireCSRF(); if (!$loggedin) { dieJSON(array('error' => true, 'errorDesc' => 'Not logged in', 'html' => 'Sorry, you need to log in again.')); }
} // The cert is valid and the user is trying to log in, so extract their athena $athena = strstr($_SERVER['SSL_CLIENT_S_DN_Email'], '@', true); // Assert the existence of the user session prefs if (!isset($_SESSION['user'])) { $_SESSION['user'] = getDefaultUserPrefs(); } // Try to determine the user's class year from LDAP data if (!CourseRoadDB::userExists($athena)) { $ldap_data = fetchDataFromLDAP($athena); $cur_year = @$ldap_data['mitDirStudentYear'] ?: 1; $_SESSION['user']['class_year'] = getCurrentAcademicYear() + 4 - $cur_year; $_SESSION['user']['edited'] = true; } // Create a row for the user (default values are chosen for class_year et al) CourseRoadDB::addUser($athena); if ($_SESSION['user']['edited']) { CourseRoadDB::updateUserPrefs($athena, $_SESSION['user']); } // We've attempted auth $_SESSION['triedcert'] = true; $_SESSION['athena'] = $athena; $_SESSION['saveas'] = $_SESSION['crhash'] . ''; // If we're also trying to Save with Log In, then update the hash and copy // the old row. if (isset($_SESSION['trycert'])) { $_SESSION['trycert'] = false; $_SESSION['saveas'] = defaultOwnedHashName($_SESSION['athena']); CourseRoadDB::copyRoad($_SESSION['crhash'], $_SESSION['saveas'], $athena); } redirectHash($_SESSION['saveas']);