mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-28 18:28:23 -05:00
cc5f797593
Add support for user remediation to request a new password from the user for username/password credentials that have been configured not use use machine managed password. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
56 lines
1.4 KiB
PHP
56 lines
1.4 KiB
PHP
<html>
|
|
<head>
|
|
<title>Hotspot 2.0 subscription remediation</title>
|
|
</head>
|
|
<body>
|
|
|
|
<?php
|
|
|
|
require('config.php');
|
|
|
|
$db = new PDO($osu_db);
|
|
if (!$db) {
|
|
die($sqliteerror);
|
|
}
|
|
|
|
if (isset($_GET["session_id"]))
|
|
$id = preg_replace("/[^a-fA-F0-9]/", "", $_GET["session_id"]);
|
|
else
|
|
$id = 0;
|
|
echo "SessionID: " . $id . "<br>\n";
|
|
|
|
$row = $db->query("SELECT * FROM sessions WHERE id='$id'")->fetch();
|
|
if ($row == false) {
|
|
die("Session not found");
|
|
}
|
|
|
|
$username = $row['user'];
|
|
echo "User: " . $username . "@" . $row['realm'] . "<br>\n";
|
|
|
|
$user = $db->query("SELECT machine_managed,methods FROM users WHERE identity='$username'")->fetch();
|
|
if ($user == false) {
|
|
die("User not found");
|
|
}
|
|
|
|
echo "<hr><br>\n";
|
|
|
|
$cert = $user['methods'] == "TLS" || strncmp($username, "cert-", 5) == 0;
|
|
|
|
if ($cert) {
|
|
echo "<a href=\"redirect.php?id=" . $_GET["session_id"] . "\">Complete user subscription remediation</a><br>\n";
|
|
} else if ($user['machine_managed'] == "1") {
|
|
echo "<a href=\"redirect.php?id=" . $_GET["session_id"] . "\">Complete user subscription remediation</a><br>\n";
|
|
echo "This will provide a new machine-generated password.<br>\n";
|
|
} else {
|
|
echo "<form action=\"remediation-pw.php\" method=\"POST\">\n";
|
|
echo "<input type=\"hidden\" name=\"id\" value=\"$id\">\n";
|
|
echo "New password: <input type=\"password\" name=\"password\"><br>\n";
|
|
echo "<input type=\"submit\" value=\"Change password\">\n";
|
|
echo "</form>\n";
|
|
}
|
|
|
|
?>
|
|
|
|
</body>
|
|
</html>
|