diff options
author | Nicolas Lécureuil <neoclust@mageia.org> | 2020-05-17 14:46:00 +0200 |
---|---|---|
committer | Nicolas Lécureuil <neoclust@mageia.org> | 2020-05-17 14:46:00 +0200 |
commit | e3de9d7dd1331f9718e04cc98e9ca7cfa27cf4aa (patch) | |
tree | 336981502f93ceb9fa5ed33ea3b47dcefc5a8402 /common/admin/changepassword.php | |
parent | ff32e499745367b816d10f25e63ff3328214c32f (diff) | |
download | planet-user/wally/upstream-10-dev.tar planet-user/wally/upstream-10-dev.tar.gz planet-user/wally/upstream-10-dev.tar.bz2 planet-user/wally/upstream-10-dev.tar.xz planet-user/wally/upstream-10-dev.zip |
Sync with master of moonmoon ( version 9.0.0-rc)HEADuser/wally/upstream-10-devmaster
Source from https://github.com/Emmafrs/moonmoon/
Diffstat (limited to 'common/admin/changepassword.php')
-rw-r--r-- | common/admin/changepassword.php | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/common/admin/changepassword.php b/common/admin/changepassword.php index 1fa505e..3b4500e 100644 --- a/common/admin/changepassword.php +++ b/common/admin/changepassword.php @@ -1,9 +1,11 @@ <?php -require_once dirname(__FILE__).'/inc/auth.inc.php'; -if (isset($_POST['password']) && ('' != $_POST['password'])){ +require_once __DIR__.'/../app/app.php'; +require_once __DIR__.'/inc/auth.inc.php'; + +if ($csrf->verify($_POST['_csrf'], 'frmPassword') && isset($_POST['password']) && ('' != $_POST['password'])) { $out = '<?php $login="admin"; $password="'.md5($_POST['password']).'"; ?>'; - file_put_contents(dirname(__FILE__).'/inc/pwd.inc.php', $out); + file_put_contents(__DIR__.'/inc/pwd.inc.php', $out); die("Password changed. <a href='administration.php'>Login</a>"); } else { die('Can not change password'); |