1<?php
2
3require('config.php');
4
5$db = new PDO($osu_db);
6if (!$db) {
7   die($sqliteerror);
8}
9
10if (isset($_GET["id"]))
11  $id = preg_replace("/[^a-fA-F0-9]/", "", $_GET["id"]);
12else
13  die("Missing session id");
14if (strlen($id) < 32)
15  die("Invalid session id");
16
17$row = $db->query("SELECT rowid,* FROM sessions WHERE id='$id'")->fetch();
18if ($row == false) {
19   die("Session not found");
20}
21
22$uri = $row['redirect_uri'];
23$rowid = $row['rowid'];
24$realm = $row['realm'];
25
26$user = sha1(mt_rand());
27
28if (!$db->exec("UPDATE sessions SET user='$user', type='cert' WHERE rowid=$rowid")) {
29  die("Failed to update session database");
30}
31
32$db->exec("INSERT INTO eventlog(user,realm,sessionid,timestamp,notes) " .
33	"VALUES ('', '$realm', '$id', " .
34	"strftime('%Y-%m-%d %H:%M:%f','now'), " .
35	"'completed user input response for client certificate enrollment')");
36
37header("Location: $uri", true, 302);
38
39?>
40