diff options
Diffstat (limited to 'admin/changepassword.php')
| -rw-r--r-- | admin/changepassword.php | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/admin/changepassword.php b/admin/changepassword.php index 8c38769..3b4500e 100644 --- a/admin/changepassword.php +++ b/admin/changepassword.php @@ -1,7 +1,9 @@ <?php + +require_once __DIR__.'/../app/app.php'; require_once __DIR__.'/inc/auth.inc.php'; -if (isset($_POST['password']) && ('' != $_POST['password'])){ +if ($csrf->verify($_POST['_csrf'], 'frmPassword') && isset($_POST['password']) && ('' != $_POST['password'])) { $out = '<?php $login="admin"; $password="'.md5($_POST['password']).'"; ?>'; file_put_contents(__DIR__.'/inc/pwd.inc.php', $out); die("Password changed. <a href='administration.php'>Login</a>"); |