1df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt<?php 2df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 3df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtrequire('config.php'); 4df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 5df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt$db = new PDO($osu_db); 6df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif (!$db) { 7df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt die($sqliteerror); 8df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 9df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 10df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif (isset($_POST["id"])) 11df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $id = preg_replace("/[^a-fA-F0-9]/", "", $_POST["id"]); 12df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtelse 13df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt die("Missing session id"); 14df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif (strlen($id) < 32) 15df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt die("Invalid session id"); 16df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 17df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt$row = $db->query("SELECT rowid,* FROM sessions WHERE id='$id'")->fetch(); 18df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif ($row == false) { 19df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt die("Session not found"); 20df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 21df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 22df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt$uri = $row['redirect_uri']; 23df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt$rowid = $row['rowid']; 24df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt$realm = $row['realm']; 25df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 26df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt$row = $db->query("SELECT value FROM osu_config WHERE realm='$realm' AND field='free_account'")->fetch(); 27df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif (!$row || strlen($row['value']) == 0) { 28df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt die("Free account disabled"); 29df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 30df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 31df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt$user = $row['value']; 32df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 33df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt$row = $db->query("SELECT password FROM users WHERE identity='$user' AND realm='$realm'")->fetch(); 34df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif (!$row) 35df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt die("Free account not found"); 36df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 37df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt$pw = $row['password']; 38df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 39df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif (!$db->exec("UPDATE sessions SET user='$user', password='$pw', realm='$realm', machine_managed='1' WHERE rowid=$rowid")) { 40df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt die("Failed to update session database"); 41df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 42df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 43df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt$db->exec("INSERT INTO eventlog(user,realm,sessionid,timestamp,notes) " . 44df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "VALUES ('$user', '$realm', '$id', " . 45df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "strftime('%Y-%m-%d %H:%M:%f','now'), " . 46df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "'completed user input response for a new PPS MO')"); 47df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 48df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtheader("Location: $uri", true, 302); 49df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 50df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt?> 51