]> andersk Git - sql-web.git/blobdiff - signup.php
andersk / sql-web.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix CSRF vulnerabilities
[sql-web.git] / signup.php
diff --git a/signup.php b/signup.php
index 0b52815c42491d711d61079df0da4875e5e17591..5d55fcc2e334382c4d54b6d73fdb71fa0b9d22ef 100644 (file)
--- a/signup.php
+++ b/signup.php
@@ -1,10 +1,13 @@
 <?php
+/*
+       (c) 2005 Joe Presbrey
+*/
 
 require_once('mitsql.cfg.php');
 require_once('mitsql.lib.php');
 
 if (!isSSL())
-       redirect('index',false);
+       redirect('signup',true);
 
 if (isLoggedIn()) {
 
@@ -15,14 +18,22 @@ if (isLoggedIn()) {
        if (is_null($SSLCred)) {
                $err[] = 'Please install a valid certificate.';
        } else {
-       $Login2 = new Login($SSLUsername);
-       if (isPost() && $Login2->canSignup()) {
-               $u = new User($Login2->getUserId());
-               $u->signup($i_p1);
-               $Login2->refresh();
+               if (isPost() && $LoginSSL->canSignup()) {
+                       if (empty($i_p1)) {
+                               $err[] = 'Your password may not be blank.';
+                       } elseif ($i_p1 != $i_p2) {
+                               $err[] = 'Your confirmation password does not match.';
+                       } else {
+                               $u = new User($LoginSSL->getUserId());
+                               $u->signup($i_p1);
+                // TODO: missing function call, replace?
+                               // $LoginSSL->refresh();
+                               redirect('login', true);
+                       }
+               } elseif (isPost()) {
+                       $err[] = 'You may not signup.';
+               }
        }
-       }
-
 }
 
 include 'tpl/signup.php';
Unnamed repository; edit this file 'description' to name the repository.
This page took 0.042224 seconds and 4 git commands to generate.