Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- include 'csrf.class.php';
- if (isset($_GET['Change'])) {
- $token_id = $csrf->get_token_id();
- $token_value = $csrf->get_token($token_id);
- // Turn requests into variables
- $pass_new = $_GET['password_new'];
- $pass_conf = $_GET['password_conf'];
- if (($pass_new == $pass_conf)){
- if($csrf->check_valid('get')){
- $pass_new = mysql_real_escape_string($pass_new);
- $pass_new = md5($pass_new);
- $insert="UPDATE `users` SET password = '$pass_new' WHERE user = 'admin';";
- $result=mysql_query($insert) or die('<pre>' . mysql_error() . '</pre>' );
- echo "<pre> Password Changed </pre>";
- mysql_close();
- }
- else{
- echo "<pre> Zły token CSRF </pre>";
- }
- }
- else{
- echo "<pre> Passwords did not match. </pre>";
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
