]> andersk Git - sql-web.git/blobdiff - signup.php
andersk / sql-web.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix CSRF vulnerabilities
[sql-web.git] / signup.php
diff --git a/signup.php b/signup.php
index fa93c8b8f5d185a01cbfe1685368b1283142389d..5d55fcc2e334382c4d54b6d73fdb71fa0b9d22ef 100644 (file)
--- a/signup.php
+++ b/signup.php
@@ -1,4 +1,7 @@
 <?php
+/*
+       (c) 2005 Joe Presbrey
+*/
 
 require_once('mitsql.cfg.php');
 require_once('mitsql.lib.php');
@@ -16,11 +19,19 @@ if (isLoggedIn()) {
                $err[] = 'Please install a valid certificate.';
        } else {
                if (isPost() && $LoginSSL->canSignup()) {
-                       $u = new User($LoginSSL->getUserId());
-                       $u->signup($i_p1);
-                       $LoginSSL->refresh();
-                       sess('Login', $LoginSSL);
-                       redirect('login', true);
+                       if (empty($i_p1)) {
+                               $err[] = 'Your password may not be blank.';
+                       } elseif ($i_p1 != $i_p2) {
+                               $err[] = 'Your confirmation password does not match.';
+                       } else {
+                               $u = new User($LoginSSL->getUserId());
+                               $u->signup($i_p1);
+                // TODO: missing function call, replace?
+                               // $LoginSSL->refresh();
+                               redirect('login', true);
+                       }
+               } elseif (isPost()) {
+                       $err[] = 'You may not signup.';
                }
        }
 }
Unnamed repository; edit this file 'description' to name the repository.
This page took 0.044413 seconds and 4 git commands to generate.