dvwa updated

dvwa/vulnerabilities/brute/source/low.php

@@ -10,11 +10,12 @@ if( isset( $_GET[ 'Login' ] ) ) {
 
 	// Check the database
 	$query  = "SELECT * FROM `users` WHERE user = '$user' AND password = '$pass';";
-	$result = mysql_query( $query ) or die( '<pre>' . mysql_error() . '</pre>' );
+	$result = mysqli_query($GLOBALS["___mysqli_ston"],  $query ) or die( '<pre>' . ((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)) . '</pre>' );
 
-	if( $result && mysql_num_rows( $result ) == 1 ) {
+	if( $result && mysqli_num_rows( $result ) == 1 ) {
 		// Get users details
-		$avatar = mysql_result( $result, 0, "avatar" );
+		$row    = mysqli_fetch_assoc( $result );
+		$avatar = $row["avatar"];
 
 		// Login successful
 		$html .= "<p>Welcome to the password protected area {$user}</p>";
@@ -25,7 +26,7 @@ if( isset( $_GET[ 'Login' ] ) ) {
 		$html .= "<pre><br />Username and/or password incorrect.</pre>";
 	}
 
-	mysql_close();
+	((is_null($___mysqli_res = mysqli_close($GLOBALS["___mysqli_ston"]))) ? false : $___mysqli_res);
 }
 
 ?>