getUpkeep($server, $challengeresponse); $prefix = strval(@$_REQUEST['prefix']); // Need to check the form of $prefix to avoid some vulnerabilities. // This check should be robust enough for now. if (!preg_match('/^[a-zA-Z0-9-_\.]*$/', $prefix)) { die(); } $origin = 'http://' . $prefix . '.psim.us'; $username = isset($_COOKIE['showdown_username']) ? $_COOKIE['showdown_username'] : ''; $sid = isset($_COOKIE['sid']) ? $_COOKIE['sid'] : ''; ?>