69 lines
2.9 KiB
PHP
69 lines
2.9 KiB
PHP
<?php
|
|
|
|
if( isset( $_POST[ 'Change' ] ) ) {
|
|
// Check Anti-CSRF token
|
|
checkToken( $_REQUEST[ 'user_token' ], $_SESSION[ 'session_token' ], 'index.php' );
|
|
|
|
// Hide the CAPTCHA form
|
|
$hide_form = true;
|
|
|
|
// Get input
|
|
$pass_new = $_POST[ 'password_new' ];
|
|
$pass_new = stripslashes( $pass_new );
|
|
$pass_new = ((isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"])) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $pass_new ) : ((trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR)) ? "" : ""));
|
|
$pass_new = md5( $pass_new );
|
|
|
|
$pass_conf = $_POST[ 'password_conf' ];
|
|
$pass_conf = stripslashes( $pass_conf );
|
|
$pass_conf = ((isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"])) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $pass_conf ) : ((trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR)) ? "" : ""));
|
|
$pass_conf = md5( $pass_conf );
|
|
|
|
$pass_curr = $_POST[ 'password_current' ];
|
|
$pass_curr = stripslashes( $pass_curr );
|
|
$pass_curr = ((isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"])) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $pass_curr ) : ((trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR)) ? "" : ""));
|
|
$pass_curr = md5( $pass_curr );
|
|
|
|
// Check CAPTCHA from 3rd party
|
|
$resp = recaptcha_check_answer(
|
|
$_DVWA[ 'recaptcha_private_key' ],
|
|
$_POST['g-recaptcha-response']
|
|
);
|
|
|
|
// Did the CAPTCHA fail?
|
|
if( !$resp ) {
|
|
// What happens when the CAPTCHA was entered incorrectly
|
|
$html .= "<pre><br />The CAPTCHA was incorrect. Please try again.</pre>";
|
|
$hide_form = false;
|
|
return;
|
|
}
|
|
else {
|
|
// Check that the current password is correct
|
|
$data = $db->prepare( 'SELECT password FROM users WHERE user = (:user) AND password = (:password) LIMIT 1;' );
|
|
$data->bindParam( ':user', dvwaCurrentUser(), PDO::PARAM_STR );
|
|
$data->bindParam( ':password', $pass_curr, PDO::PARAM_STR );
|
|
$data->execute();
|
|
|
|
// Do both new password match and was the current password correct?
|
|
if( ( $pass_new == $pass_conf) && ( $data->rowCount() == 1 ) ) {
|
|
// Update the database
|
|
$data = $db->prepare( 'UPDATE users SET password = (:password) WHERE user = (:user);' );
|
|
$data->bindParam( ':password', $pass_new, PDO::PARAM_STR );
|
|
$data->bindParam( ':user', dvwaCurrentUser(), PDO::PARAM_STR );
|
|
$data->execute();
|
|
|
|
// Feedback for the end user - success!
|
|
$html .= "<pre>Password Changed.</pre>";
|
|
}
|
|
else {
|
|
// Feedback for the end user - failed!
|
|
$html .= "<pre>Either your current password is incorrect or the new passwords did not match.<br />Please try again.</pre>";
|
|
$hide_form = false;
|
|
}
|
|
}
|
|
}
|
|
|
|
// Generate Anti-CSRF token
|
|
generateSessionToken();
|
|
|
|
?>
|