<?

/*
 * Every file but the login page should include this file.  It causes
 * functions to be defined, constants to be declared, the user session to be
 * set up, and the LDAP connection to be done (so it isn't necessary to do it
 * in every script).
 */

require_once("includes.php");

session_start();

/* stuff away two levels back of page the user requested so we can load it
 * later if we need to alter course (i.e., to login, or upon completion of a
 * form submission, redisplay the original form page) */
if (isset($_SESSION["requested"]))
        $_SESSION["requested_old"] = $_SESSION["requested"];
$_SESSION["requested"] = $_SERVER["REQUEST_URI"];

/* sometimes the base page requested (without arguments) is needed, e.g. for
 * form posting that has an action of the page itself, so we can just
 * reference this variable to make the "action=" */
if ($pos = strpos($_SESSION["requested"], "?"))
        $_SESSION["requested_base"] = substr($_SESSION["requested"], 0, $pos);

if (!isset($_SESSION["bind_dn"])) {
        /* the user has not been logged in yet; redirect him */
        xheader("Location: " . BASEURI . LOGINPAGE . "?sid=" . session_id());
        exit();
}

/*
 * This has to be done each time since PHP LDAP connections are not retained
 * across page loads.
 */
if (!($_SESSION["bind_linkid"] = do_ldap_connect($_SESSION["bind_dn"],
                                                 $_SESSION["bind_pass"])))
        die(sprintf("ldap_bind failed as %s", $_SESSION["bind_dn"]));

?>