1<?php 2 3require('config.php'); 4 5$db = new PDO($osu_db); 6if (!$db) { 7 die($sqliteerror); 8} 9 10if (isset($_POST["id"])) 11 $id = preg_replace("/[^a-fA-F0-9]/", "", $_POST["id"]); 12else 13 die("Missing session id"); 14 15$pw = $_POST["password"]; 16if (strlen($id) < 32 || !isset($pw)) { 17 die("Invalid POST data"); 18} 19 20$row = $db->query("SELECT rowid,* FROM sessions WHERE id='$id'")->fetch(); 21if ($row == false) { 22 die("Session not found"); 23} 24$user = $row['user']; 25$realm = $row['realm']; 26 27$uri = $row['redirect_uri']; 28$rowid = $row['rowid']; 29 30if (!$db->exec("UPDATE sessions SET password='$pw' WHERE rowid=$rowid")) { 31 die("Failed to update session database"); 32} 33 34$db->exec("INSERT INTO eventlog(user,realm,sessionid,timestamp,notes) " . 35 "VALUES ('$user', '$realm', '$id', " . 36 "strftime('%Y-%m-%d %H:%M:%f','now'), " . 37 "'completed user input response for subscription remediation')"); 38 39header("Location: $uri", true, 302); 40 41?> 42