| Dmitry Shmidt | df5a7e4 | 2014-04-02 12:59:59 -0700 | [diff] [blame] | 1 | <?php |
| 2 | |
| 3 | require('config.php'); |
| 4 | |
| 5 | $db = new PDO($osu_db); |
| 6 | if (!$db) { |
| 7 | die($sqliteerror); |
| 8 | } |
| 9 | |
| 10 | if (isset($_POST["id"])) |
| 11 | $id = preg_replace("/[^a-fA-F0-9]/", "", $_POST["id"]); |
| 12 | else |
| 13 | die("Missing session id"); |
| 14 | |
| 15 | $user = $_POST["user"]; |
| 16 | $pw = $_POST["password"]; |
| 17 | if (strlen($id) < 32 || !isset($user) || !isset($pw)) { |
| 18 | die("Invalid POST data"); |
| 19 | } |
| 20 | |
| 21 | if (strlen($user) < 1 || strncasecmp($user, "cert-", 5) == 0) { |
| 22 | echo "<html><body><p><red>Invalid username</red></p>\n"; |
| 23 | echo "<a href=\"signup.php?session_id=$id\">Try again</a>\n"; |
| 24 | echo "</body></html>\n"; |
| 25 | exit; |
| 26 | } |
| 27 | |
| 28 | $row = $db->query("SELECT rowid,* FROM sessions WHERE id='$id'")->fetch(); |
| 29 | if ($row == false) { |
| 30 | die("Session not found"); |
| 31 | } |
| 32 | $realm = $row['realm']; |
| 33 | |
| 34 | $userrow = $db->query("SELECT identity FROM users WHERE identity='$user' AND realm='$realm'")->fetch(); |
| 35 | if ($userrow) { |
| 36 | echo "<html><body><p><red>Selected username is not available</red></p>\n"; |
| 37 | echo "<a href=\"signup.php?session_id=$id\">Try again</a>\n"; |
| 38 | echo "</body></html>\n"; |
| 39 | exit; |
| 40 | } |
| 41 | |
| 42 | $uri = $row['redirect_uri']; |
| 43 | $rowid = $row['rowid']; |
| 44 | |
| 45 | if (!$db->exec("UPDATE sessions SET user='$user', password='$pw', realm='$realm', type='password' WHERE rowid=$rowid")) { |
| 46 | die("Failed to update session database"); |
| 47 | } |
| 48 | |
| 49 | $db->exec("INSERT INTO eventlog(user,realm,sessionid,timestamp,notes) " . |
| 50 | "VALUES ('$user', '$realm', '$id', " . |
| 51 | "strftime('%Y-%m-%d %H:%M:%f','now'), " . |
| 52 | "'completed user input response for a new PPS MO')"); |
| 53 | |
| 54 | header("Location: $uri", true, 302); |
| 55 | |
| 56 | ?> |