| Dmitry Shmidt | df5a7e4 | 2014-04-02 12:59:59 -0700 | [diff] [blame^] | 1 | <?php |
| 2 | |
| 3 | require('config.php'); |
| 4 | |
| 5 | $db = new PDO($osu_db); |
| 6 | if (!$db) { |
| 7 | die($sqliteerror); |
| 8 | } |
| 9 | |
| 10 | if (isset($_POST["id"])) |
| 11 | $id = preg_replace("/[^a-fA-F0-9]/", "", $_POST["id"]); |
| 12 | else |
| 13 | die("Missing session id"); |
| 14 | if (strlen($id) < 32) |
| 15 | die("Invalid session id"); |
| 16 | |
| 17 | $row = $db->query("SELECT rowid,* FROM sessions WHERE id='$id'")->fetch(); |
| 18 | if ($row == false) { |
| 19 | die("Session not found"); |
| 20 | } |
| 21 | |
| 22 | $uri = $row['redirect_uri']; |
| 23 | $rowid = $row['rowid']; |
| 24 | $realm = $row['realm']; |
| 25 | |
| 26 | $row = $db->query("SELECT value FROM osu_config WHERE realm='$realm' AND field='free_account'")->fetch(); |
| 27 | if (!$row || strlen($row['value']) == 0) { |
| 28 | die("Free account disabled"); |
| 29 | } |
| 30 | |
| 31 | $user = $row['value']; |
| 32 | |
| 33 | $row = $db->query("SELECT password FROM users WHERE identity='$user' AND realm='$realm'")->fetch(); |
| 34 | if (!$row) |
| 35 | die("Free account not found"); |
| 36 | |
| 37 | $pw = $row['password']; |
| 38 | |
| 39 | if (!$db->exec("UPDATE sessions SET user='$user', password='$pw', realm='$realm', machine_managed='1' WHERE rowid=$rowid")) { |
| 40 | die("Failed to update session database"); |
| 41 | } |
| 42 | |
| 43 | $db->exec("INSERT INTO eventlog(user,realm,sessionid,timestamp,notes) " . |
| 44 | "VALUES ('$user', '$realm', '$id', " . |
| 45 | "strftime('%Y-%m-%d %H:%M:%f','now'), " . |
| 46 | "'completed user input response for a new PPS MO')"); |
| 47 | |
| 48 | header("Location: $uri", true, 302); |
| 49 | |
| 50 | ?> |