// If the certificate used to authenticate is somehow missing an email address,
// then we can't do anything more with it.
if (!isset($_SERVER['SSL_CLIENT_S_DN_Email'])) {
redirectHash('-no-email');
}
// The cert is valid and the user is trying to log in, so extract their athena
$athena = strstr($_SERVER['SSL_CLIENT_S_DN_Email'], '@', true);
// Assert the existence of the user session prefs
if (!isset($_SESSION['user'])) {
$_SESSION['user'] = getDefaultUserPrefs();
}
// Try to determine the user's class year from LDAP data
if (!CourseRoadDB::userExists($athena)) {
$ldap_data = fetchDataFromLDAP($athena);
$cur_year = @$ldap_data['mitDirStudentYear'] ?: 1;
$_SESSION['user']['class_year'] = getCurrentAcademicYear() + 4 - $cur_year;
$_SESSION['user']['edited'] = true;
}
// Create a row for the user (default values are chosen for class_year et al)
CourseRoadDB::addUser($athena);
if ($_SESSION['user']['edited']) {
CourseRoadDB::updateUserPrefs($athena, $_SESSION['user']);
}
// We've attempted auth
$_SESSION['triedcert'] = true;
$_SESSION['athena'] = $athena;
$_SESSION['saveas'] = $_SESSION['crhash'] . '';
// If we're also trying to Save with Log In, then update the hash and copy
// the old row.
if (isset($_SESSION['trycert'])) {
$_SESSION['trycert'] = false;
function getDefaultUserPrefs()
{
return array('class_year' => getCurrentAcademicYear() + 3, 'view_req_lines' => 1, 'autocomplete' => 1, 'need_permission' => 0, 'edited' => 0);
}
