Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_wpa_supplicant_8 / 39ba6fcb78dfa7d870cf9cd34cef8ed9ffe65f6f / . / hs20 / server / www / remediation-pw.php
blob: 76fdccbdf9f7fda1dfd69d1c5c1260a545059023 [file] [log] [blame]
Hai Shalom39ba6fc2019-01-22 12:40:38 -0800[diff] [blame^]1<?php
2
3require('config.php');
4
5$db = new PDO($osu_db);
6if (!$db) {
7 die($sqliteerror);
8}
9
10if (isset($_POST["id"]))
11 $id = preg_replace("/[^a-fA-F0-9]/", "", $_POST["id"]);
12else
13 die("Missing session id");
14
15$pw = $_POST["password"];
16if (strlen($id) < 32 || !isset($pw)) {
17 die("Invalid POST data");
18}
19
20$row = $db->query("SELECT rowid,* FROM sessions WHERE id='$id'")->fetch();
21if ($row == false) {
22 die("Session not found");
23}
24$user = $row['user'];
25$realm = $row['realm'];
26
27$uri = $row['redirect_uri'];
28$rowid = $row['rowid'];
29
30if (!$db->exec("UPDATE sessions SET password='$pw' WHERE rowid=$rowid")) {
31 die("Failed to update session database");
32}
33
34$db->exec("INSERT INTO eventlog(user,realm,sessionid,timestamp,notes) " .
35 "VALUES ('$user', '$realm', '$id', " .
36 "strftime('%Y-%m-%d %H:%M:%f','now'), " .
37 "'completed user input response for subscription remediation')");
38
39header("Location: $uri", true, 302);
40
41?>