1<?php 2 3require('config.php'); 4 5$db = new PDO($osu_db); 6if (!$db) { 7 die($sqliteerror); 8} 9 10if (isset($_POST["id"])) 11 $id = preg_replace("/[^a-fA-F0-9]/", "", $_POST["id"]); 12else 13 die("Missing session id"); 14 15$user = $_POST["user"]; 16$pw = $_POST["password"]; 17if (strlen($id) < 32 || !isset($user) || !isset($pw)) { 18 die("Invalid POST data"); 19} 20 21if (strlen($user) < 1 || strncasecmp($user, "cert-", 5) == 0) { 22 echo "<html><body><p><red>Invalid username</red></p>\n"; 23 echo "<a href=\"signup.php?session_id=$id\">Try again</a>\n"; 24 echo "</body></html>\n"; 25 exit; 26} 27 28$row = $db->query("SELECT rowid,* FROM sessions WHERE id='$id'")->fetch(); 29if ($row == false) { 30 die("Session not found"); 31} 32$realm = $row['realm']; 33 34$userrow = $db->query("SELECT identity FROM users WHERE identity='$user' AND realm='$realm'")->fetch(); 35if ($userrow) { 36 echo "<html><body><p><red>Selected username is not available</red></p>\n"; 37 echo "<a href=\"signup.php?session_id=$id\">Try again</a>\n"; 38 echo "</body></html>\n"; 39 exit; 40} 41 42$uri = $row['redirect_uri']; 43$rowid = $row['rowid']; 44 45if (!$db->exec("UPDATE sessions SET user='$user', password='$pw', realm='$realm', type='password' WHERE rowid=$rowid")) { 46 die("Failed to update session database"); 47} 48 49$db->exec("INSERT INTO eventlog(user,realm,sessionid,timestamp,notes) " . 50 "VALUES ('$user', '$realm', '$id', " . 51 "strftime('%Y-%m-%d %H:%M:%f','now'), " . 52 "'completed user input response for a new PPS MO')"); 53 54header("Location: $uri", true, 302); 55 56?> 57