]> andersk Git - sql-web.git/blobdiff - main.php
andersk / sql-web.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix CSRF vulnerabilities
[sql-web.git] / main.php
diff --git a/main.php b/main.php
index 775fbda243922b8f63c481d6b170855d902bdeb9..b4935afc990c2eea56302ad1bae70b25dfc48356 100644 (file)
--- a/main.php
+++ b/main.php
@@ -1,20 +1,45 @@
 <?php
+/*
+       (c) 2005 Joe Presbrey
+*/
 
 require_once('mitsql.cfg.php');
 require_once('mitsql.lib.php');
+require_once('proc.lib.php');
 
 if (!isLoggedIn()) redirect('index');
 
+if(!isset($_SESSION['csrf_token']))
+{
+       $n = rand(10e16, 10e20);
+       $_SESSION['csrf_token'] = base_convert($n, 10, 36);
+}
+
+$err1 = $msg1 = array();
+
 $User = new User($Login->getUserID());
 
 if (isPost()) {
-       if (isset($i_newdb)) {
-               if ($User->addDB($User->getUsername().DELIMETER.$i_newdb)==false) {
-                       $err[] = mysql_error();
+       if($_SESSION['csrf_token'] != $_POST['csrf_token'])
+       {
+               $err1[] = "CSRF token incorrect or not found. Try submitting again.";
+       } else {
+               if (isset($i_newdb)) {
+                       list($msg1, $err1) = proc::newdb($User, $i_newdb);
+               }
+               if (isset($i_drop)) {
+                       list($msg1, $err1) = proc::drop($User, $i_drop);
                }
        }
 }
 
+if (!count($err1)) {//&& !isset($i_r))
+       checkQuotas($Login->getUserID());
+       $User->refresh();
+}
+
+$myDBs = $User->getDBList();
+
 include 'tpl/main.php';
 
 ?>
Unnamed repository; edit this file 'description' to name the repository.
This page took 0.026183 seconds and 4 git commands to generate.