summaryrefslogtreecommitdiffstats
path: root/common/admin/changepassword.php
diff options
context:
space:
mode:
authorNicolas Lécureuil <neoclust@mageia.org>2020-05-17 14:46:00 +0200
committerNicolas Lécureuil <neoclust@mageia.org>2020-05-17 14:46:00 +0200
commite3de9d7dd1331f9718e04cc98e9ca7cfa27cf4aa (patch)
tree336981502f93ceb9fa5ed33ea3b47dcefc5a8402 /common/admin/changepassword.php
parentff32e499745367b816d10f25e63ff3328214c32f (diff)
downloadplanet-user/wally/upstream-10-dev.tar
planet-user/wally/upstream-10-dev.tar.gz
planet-user/wally/upstream-10-dev.tar.bz2
planet-user/wally/upstream-10-dev.tar.xz
planet-user/wally/upstream-10-dev.zip
Sync with master of moonmoon ( version 9.0.0-rc)HEADuser/wally/upstream-10-devmaster
Source from https://github.com/Emmafrs/moonmoon/
Diffstat (limited to 'common/admin/changepassword.php')
-rw-r--r--common/admin/changepassword.php8
1 files changed, 5 insertions, 3 deletions
diff --git a/common/admin/changepassword.php b/common/admin/changepassword.php
index 1fa505e..3b4500e 100644
--- a/common/admin/changepassword.php
+++ b/common/admin/changepassword.php
@@ -1,9 +1,11 @@
<?php
-require_once dirname(__FILE__).'/inc/auth.inc.php';
-if (isset($_POST['password']) && ('' != $_POST['password'])){
+require_once __DIR__.'/../app/app.php';
+require_once __DIR__.'/inc/auth.inc.php';
+
+if ($csrf->verify($_POST['_csrf'], 'frmPassword') && isset($_POST['password']) && ('' != $_POST['password'])) {
$out = '<?php $login="admin"; $password="'.md5($_POST['password']).'"; ?>';
- file_put_contents(dirname(__FILE__).'/inc/pwd.inc.php', $out);
+ file_put_contents(__DIR__.'/inc/pwd.inc.php', $out);
die("Password changed. <a href='administration.php'>Login</a>");
} else {
die('Can not change password');