Home | History | Annotate | Download | only in www 
      1 <?php
      2 
      3 require('config.php');
      4 
      5 $db = new PDO($osu_db);
      6 if (!$db) {
      7    die($sqliteerror);
      8 }
      9 
     10 if (isset($_POST["id"]))
     11   $id = preg_replace("/[^a-fA-F0-9]/", "", $_POST["id"]);
     12 else
     13   die("Missing session id");
     14 
     15 $pw = $_POST["password"];
     16 if (strlen($id) < 32 || !isset($pw)) {
     17   die("Invalid POST data");
     18 }
     19 
     20 $row = $db->query("SELECT rowid,* FROM sessions WHERE id='$id'")->fetch();
     21 if ($row == false) {
     22    die("Session not found");
     23 }
     24 $user = $row['user'];
     25 $realm = $row['realm'];
     26 
     27 $uri = $row['redirect_uri'];
     28 $rowid = $row['rowid'];
     29 
     30 if (!$db->exec("UPDATE sessions SET password='$pw' WHERE rowid=$rowid")) {
     31   die("Failed to update session database");
     32 }
     33 
     34 $db->exec("INSERT INTO eventlog(user,realm,sessionid,timestamp,notes) " .
     35 	"VALUES ('$user', '$realm', '$id', " .
     36 	"strftime('%Y-%m-%d %H:%M:%f','now'), " .
     37 	"'completed user input response for subscription remediation')");
     38 
     39 header("Location: $uri", true, 302);
     40 
     41 ?>
     42