1df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt<?php 2df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 3df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtrequire('config.php'); 4df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 5df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt$db = new PDO($osu_db); 6df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif (!$db) { 7df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt die($sqliteerror); 8df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 9df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 10df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif (isset($_POST["id"])) 11df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $id = preg_replace("/[^a-fA-F0-9]/", "", $_POST["id"]); 12df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtelse 13df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt die("Missing session id"); 14df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 15df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt$user = $_POST["user"]; 16df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt$pw = $_POST["password"]; 17df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif (strlen($id) < 32 || !isset($user) || !isset($pw)) { 18df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt die("Invalid POST data"); 19df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 20df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 21df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif (strlen($user) < 1 || strncasecmp($user, "cert-", 5) == 0) { 22df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "<html><body><p><red>Invalid username</red></p>\n"; 23df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "<a href=\"signup.php?session_id=$id\">Try again</a>\n"; 24df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "</body></html>\n"; 25df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt exit; 26df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 27df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 28df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt$row = $db->query("SELECT rowid,* FROM sessions WHERE id='$id'")->fetch(); 29df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif ($row == false) { 30df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt die("Session not found"); 31df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 32df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt$realm = $row['realm']; 33df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 34df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt$userrow = $db->query("SELECT identity FROM users WHERE identity='$user' AND realm='$realm'")->fetch(); 35df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif ($userrow) { 36df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "<html><body><p><red>Selected username is not available</red></p>\n"; 37df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "<a href=\"signup.php?session_id=$id\">Try again</a>\n"; 38df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt echo "</body></html>\n"; 39df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt exit; 40df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 41df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 42df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt$uri = $row['redirect_uri']; 43df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt$rowid = $row['rowid']; 44df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 45df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif (!$db->exec("UPDATE sessions SET user='$user', password='$pw', realm='$realm', type='password' WHERE rowid=$rowid")) { 46df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt die("Failed to update session database"); 47df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 48df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 49df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt$db->exec("INSERT INTO eventlog(user,realm,sessionid,timestamp,notes) " . 50df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "VALUES ('$user', '$realm', '$id', " . 51df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "strftime('%Y-%m-%d %H:%M:%f','now'), " . 52df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "'completed user input response for a new PPS MO')"); 53df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 54df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtheader("Location: $uri", true, 302); 55df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 56df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt?> 57