]> andersk Git - sql-web.git/blobdiff - signup.php
andersk / sql-web.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix CSRF vulnerabilities
[sql-web.git] / signup.php
diff --git a/signup.php b/signup.php
index e958d29a3109c48ac551dd1bad1d2f8b152e7b12..5d55fcc2e334382c4d54b6d73fdb71fa0b9d22ef 100644 (file)
--- a/signup.php
+++ b/signup.php
@@ -1,24 +1,39 @@
 <?php
+/*
+       (c) 2005 Joe Presbrey
+*/
 
 require_once('mitsql.cfg.php');
 require_once('mitsql.lib.php');
 
 if (!isSSL())
-       redirect2(flipSSL());
+       redirect('signup',true);
 
 if (isLoggedIn()) {
 
        redirect('index');
 
 } else {
-
-       $Login2 = new Login($SSLUsername);
-       if (isPost() && $Login2->canSignup()) {
-               $u = new User($Login2->getUserId());
-               $u->signup($i_p1);
-               $Login2->refresh();
+       
+       if (is_null($SSLCred)) {
+               $err[] = 'Please install a valid certificate.';
+       } else {
+               if (isPost() && $LoginSSL->canSignup()) {
+                       if (empty($i_p1)) {
+                               $err[] = 'Your password may not be blank.';
+                       } elseif ($i_p1 != $i_p2) {
+                               $err[] = 'Your confirmation password does not match.';
+                       } else {
+                               $u = new User($LoginSSL->getUserId());
+                               $u->signup($i_p1);
+                // TODO: missing function call, replace?
+                               // $LoginSSL->refresh();
+                               redirect('login', true);
+                       }
+               } elseif (isPost()) {
+                       $err[] = 'You may not signup.';
+               }
        }
-
 }
 
 include 'tpl/signup.php';
Unnamed repository; edit this file 'description' to name the repository.
This page took 0.026332 seconds and 4 git commands to generate.