fragattacks/hs20/server/www/add-mo.php
Jouni Malinen 0f27c20d8d HS 2.0R2: Add example OSU SPP server implementation
This is meant mainly for testing purposes and as a reference
implementation showing how OSU SPP server could be implemented. This is
not suitable for any real production use in its current form.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-31 12:25:17 +03:00

57 lines
1.5 KiB
PHP

<?php
require('config.php');
$db = new PDO($osu_db);
if (!$db) {
die($sqliteerror);
}
if (isset($_POST["id"]))
$id = preg_replace("/[^a-fA-F0-9]/", "", $_POST["id"]);
else
die("Missing session id");
$user = $_POST["user"];
$pw = $_POST["password"];
if (strlen($id) < 32 || !isset($user) || !isset($pw)) {
die("Invalid POST data");
}
if (strlen($user) < 1 || strncasecmp($user, "cert-", 5) == 0) {
echo "<html><body><p><red>Invalid username</red></p>\n";
echo "<a href=\"signup.php?session_id=$id\">Try again</a>\n";
echo "</body></html>\n";
exit;
}
$row = $db->query("SELECT rowid,* FROM sessions WHERE id='$id'")->fetch();
if ($row == false) {
die("Session not found");
}
$realm = $row['realm'];
$userrow = $db->query("SELECT identity FROM users WHERE identity='$user' AND realm='$realm'")->fetch();
if ($userrow) {
echo "<html><body><p><red>Selected username is not available</red></p>\n";
echo "<a href=\"signup.php?session_id=$id\">Try again</a>\n";
echo "</body></html>\n";
exit;
}
$uri = $row['redirect_uri'];
$rowid = $row['rowid'];
if (!$db->exec("UPDATE sessions SET user='$user', password='$pw', realm='$realm', type='password' WHERE rowid=$rowid")) {
die("Failed to update session database");
}
$db->exec("INSERT INTO eventlog(user,realm,sessionid,timestamp,notes) " .
"VALUES ('$user', '$realm', '$id', " .
"strftime('%Y-%m-%d %H:%M:%f','now'), " .
"'completed user input response for a new PPS MO')");
header("Location: $uri", true, 302);
?>