mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-29 18:58:21 -05:00
0f27c20d8d
This is meant mainly for testing purposes and as a reference implementation showing how OSU SPP server could be implemented. This is not suitable for any real production use in its current form. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
40 lines
890 B
PHP
40 lines
890 B
PHP
<?php
|
|
|
|
require('config.php');
|
|
|
|
$db = new PDO($osu_db);
|
|
if (!$db) {
|
|
die($sqliteerror);
|
|
}
|
|
|
|
if (isset($_GET["id"]))
|
|
$id = preg_replace("/[^a-fA-F0-9]/", "", $_GET["id"]);
|
|
else
|
|
die("Missing session id");
|
|
if (strlen($id) < 32)
|
|
die("Invalid session id");
|
|
|
|
$row = $db->query("SELECT rowid,* FROM sessions WHERE id='$id'")->fetch();
|
|
if ($row == false) {
|
|
die("Session not found");
|
|
}
|
|
|
|
$uri = $row['redirect_uri'];
|
|
$rowid = $row['rowid'];
|
|
$realm = $row['realm'];
|
|
|
|
$user = sha1(mt_rand());
|
|
|
|
if (!$db->exec("UPDATE sessions SET user='$user', type='cert' WHERE rowid=$rowid")) {
|
|
die("Failed to update session database");
|
|
}
|
|
|
|
$db->exec("INSERT INTO eventlog(user,realm,sessionid,timestamp,notes) " .
|
|
"VALUES ('', '$realm', '$id', " .
|
|
"strftime('%Y-%m-%d %H:%M:%f','now'), " .
|
|
"'completed user input response for client certificate enrollment')");
|
|
|
|
header("Location: $uri", true, 302);
|
|
|
|
?>
|