<?php
+/*
+ (c) 2005 Joe Presbrey
+*/
require_once('mitsql.cfg.php');
require_once('mitsql.lib.php');
+require_once('proc.lib.php');
if (!isLoggedIn()) redirect('index');
+if(!isset($_SESSION['csrf_token']))
+{
+ $n = rand(10e16, 10e20);
+ $_SESSION['csrf_token'] = base_convert($n, 10, 36);
+}
+
$err1 = $msg1 = array();
$User = new User($Login->getUserID());
if (isPost()) {
- if (isset($i_newdb)) {
- $dbname = $User->getUsername().DELIMETER.$i_newdb;
- if ($User->isOverQuota()) {
- $err1[] = 'You are over your quota. You may not add databases.';
- } elseif ($User->addDB($dbname)==false) {
- $err1[] = mysql_error();
- } else {
- $msg1[] = 'Database `'.$dbname.'` created.';
+ if($_SESSION['csrf_token'] != $_POST['csrf_token'])
+ {
+ $err1[] = "CSRF token incorrect or not found. Try submitting again.";
+ } else {
+ if (isset($i_newdb)) {
+ list($msg1, $err1) = proc::newdb($User, $i_newdb);
}
- }
- if (isset($i_drop)) {
- $dropdbs = array_keys($i_drop);
- foreach($dropdbs as $dbname) {
- if ($User->delDB($dbname)) {
- $msg1[] = 'Database `'.$dbname.'` dropped.';
- } else {
- $err1[] = mysql_error();
- }
+ if (isset($i_drop)) {
+ list($msg1, $err1) = proc::drop($User, $i_drop);
}
}
- if (!count($err1))
- $User->refresh();
+}
+
+if (!count($err1)) {//&& !isset($i_r))
+ checkQuotas($Login->getUserID());
+ $User->refresh();
}
$myDBs = $User->getDBList();
andersk / sql-web.git / blobdiff