36 lines
895 B
PHP
36 lines
895 B
PHP
<?php
|
|
|
|
if( isset( $_GET[ 'Change' ] ) ) {
|
|
// Check Anti-CSRF token
|
|
checkToken( $_REQUEST[ 'user_token' ], $_SESSION[ 'session_token' ], 'index.php' );
|
|
|
|
// Get input
|
|
$pass_new = $_GET[ 'password_new' ];
|
|
$pass_conf = $_GET[ 'password_conf' ];
|
|
|
|
// Do the passwords match?
|
|
if( $pass_new == $pass_conf ) {
|
|
// They do!
|
|
$pass_new = mysql_real_escape_string( $pass_new );
|
|
$pass_new = md5( $pass_new );
|
|
|
|
// Update the database
|
|
$insert = "UPDATE `users` SET password = '$pass_new' WHERE user = '" . dvwaCurrentUser() . "';";
|
|
$result = mysql_query( $insert ) or die( '<pre>' . mysql_error() . '</pre>' );
|
|
|
|
// Feedback for the user
|
|
$html .= "<pre>Password Changed.</pre>";
|
|
}
|
|
else {
|
|
// Issue with passwords matching
|
|
$html .= "<pre>Passwords did not match.</pre>";
|
|
}
|
|
|
|
mysql_close();
|
|
}
|
|
|
|
// Generate Anti-CSRF token
|
|
generateSessionToken();
|
|
|
|
?>
|