1 files changed, 19 insertions, 4 deletions

diff --git a/inc/user.inc.php b/inc/user.inc.php
index 28a1fd5..16ec77d 100644
--- a/inc/user.inc.php
+++ b/inc/user.inc.php
@@ -81,7 +81,7 @@ class User
 
 	public static function isTutor()
 	{
-		return isset(self::$user['role']) && self::$user['role'] === 'tutor';
+		return isset(self::$user['role']) && self::$user['role'] === 'TUTOR';
 	}
 	
 	public static function isAdmin()
@@ -158,18 +158,30 @@ class User
 						. ' aber der IdP Ihrer Einrichtung scheint die benötigten Metadaten nicht'
 						. ' an den bwLehrpool-SP zu übermitteln. Bitte wenden Sie sich an den Support.');
 				}
+				Session::delete();
 				return false;
 			}
 			// Try user from local DB
 			self::$user = Database::queryFirst('SELECT userid, shibid, organizationid AS organization, firstname, lastname, email FROM user WHERE userid = :uid LIMIT 1', array('uid' => Session::getUid()));
 			self::$isInDb = self::$user !== false;
+			if (!self::$isInDb) {
+				Session::delete();
+			}
 			return self::$isInDb;
 		}
 		// Try bwIDM etc.
 		if (!$hasSession) {
+			// Make sure cookies are enabled
+			if (!empty($_SERVER['Shib-Session-ID'])) {
+				if (isset($_GET['force-cookie']))
+					die('Bitte aktivieren Sie Cookies und Javascript!');
+
+			}
 			Session::create();
 			Session::set('token', md5(mt_rand() . $_SERVER['REMOTE_ADDR'] . microtime(true) . $_SERVER['persistent-id'] . mt_rand()));
 			Session::save();
+			if (!empty($_SERVER['Shib-Session-ID']))
+				Util::redirect('?do=Main&force-cookie=true.dat');
 		}
 		self::$isShib = true;
 		if (!isset($_SERVER['sn']))
@@ -187,10 +199,13 @@ class User
 			'email' => $_SERVER['mail'],
 		);
 		// Figure out whether the user should be considered a tutor
-		if (isset($_SERVER['affiliation']) && preg_match('/(^|;)employee@/', $_SERVER['affiliation']))
-			self::$user['role'] = 'tutor';
+		if (isset($_SERVER['affiliation']) && (strpos(";{$_SERVER['affiliation']}", ';employee@') !== false
+					|| strpos(";{$_SERVER['affiliation']}", ';staff@') !== false))
+			self::$user['role'] = 'TUTOR';
 		elseif (isset($_SERVER['entitlement']) && strpos(";{$_SERVER['entitlement']};", ';http://bwidm.de/entitlement/bwLehrpool;') !== false)
-			self::$user['role'] = 'tutor';
+			self::$user['role'] = 'TUTOR';
+		else
+			self::$user['role'] = 'STUDENT';
 		// Try to figure out organization
 		if (isset($_SERVER['affiliation']) && preg_match('/@([a-zA-Z\-\._]+)(;|$)/', $_SERVER['affiliation'], $out))
 			self::$user['organization'] = $out[1];