hs20/server/www/add-mo.php - vendor/opensource/hostap - Git at Google

 <?php

 require('config.php');

 $db = new PDO($osu_db);
 if (!$db) {
    die($sqliteerror);
 }

 if (isset($_POST["id"]))
   $id = preg_replace("/[^a-fA-F0-9]/", "", $_POST["id"]);
 else
   die("Missing session id");

 $user = $_POST["user"];
 $pw = $_POST["password"];
 if (strlen($id) < 32 || !isset($user) || !isset($pw)) {
   die("Invalid POST data");
 }

 if (strlen($user) < 1 || strncasecmp($user, "cert-", 5) == 0) {
   echo "<html><body><p><red>Invalid username</red></p>\n";
   echo "<a href=\"signup.php?session_id=$id\">Try again</a>\n";
   echo "</body></html>\n";
   exit;
 }

 $row = $db->query("SELECT rowid,* FROM sessions WHERE id='$id'")->fetch();
 if ($row == false) {
    die("Session not found");
 }
 $realm = $row['realm'];

 $userrow = $db->query("SELECT identity FROM users WHERE identity='$user' AND realm='$realm'")->fetch();
 if ($userrow) {
   echo "<html><body><p><red>Selected username is not available</red></p>\n";
   echo "<a href=\"signup.php?session_id=$id\">Try again</a>\n";
   echo "</body></html>\n";
   exit;
 }

 $uri = $row['redirect_uri'];
 $rowid = $row['rowid'];

 if (!$db->exec("UPDATE sessions SET user='$user', password='$pw', realm='$realm', type='password' WHERE rowid=$rowid")) {
   die("Failed to update session database");
 }

 $db->exec("INSERT INTO eventlog(user,realm,sessionid,timestamp,notes) " .
 	"VALUES ('$user', '$realm', '$id', " .
 	"strftime('%Y-%m-%d %H:%M:%f','now'), " .
 	"'completed user input response for a new PPS MO')");

 header("Location: $uri", true, 302);

 ?>
	<?php

	require('config.php');

	$db = new PDO($osu_db);
	if (!$db) {
	die($sqliteerror);
	}

	if (isset($_POST["id"]))
	$id = preg_replace("/[^a-fA-F0-9]/", "", $_POST["id"]);
	else
	die("Missing session id");

	$user = $_POST["user"];
	$pw = $_POST["password"];
	if (strlen($id) < 32 \|\| !isset($user) \|\| !isset($pw)) {
	die("Invalid POST data");
	}

	if (strlen($user) < 1 \|\| strncasecmp($user, "cert-", 5) == 0) {
	echo "<html><body><p><red>Invalid username</red></p>\n";
	echo "<a href=\"signup.php?session_id=$id\">Try again</a>\n";
	echo "</body></html>\n";
	exit;
	}

	$row = $db->query("SELECT rowid,* FROM sessions WHERE id='$id'")->fetch();
	if ($row == false) {
	die("Session not found");
	}
	$realm = $row['realm'];

	$userrow = $db->query("SELECT identity FROM users WHERE identity='$user' AND realm='$realm'")->fetch();
	if ($userrow) {
	echo "<html><body><p><red>Selected username is not available</red></p>\n";
	echo "<a href=\"signup.php?session_id=$id\">Try again</a>\n";
	echo "</body></html>\n";
	exit;
	}

	$uri = $row['redirect_uri'];
	$rowid = $row['rowid'];

	if (!$db->exec("UPDATE sessions SET user='$user', password='$pw', realm='$realm', type='password' WHERE rowid=$rowid")) {
	die("Failed to update session database");
	}

	$db->exec("INSERT INTO eventlog(user,realm,sessionid,timestamp,notes) " .
	"VALUES ('$user', '$realm', '$id', " .
	"strftime('%Y-%m-%d %H:%M:%f','now'), " .
	"'completed user input response for a new PPS MO')");

	header("Location: $uri", true, 302);

	?>