summaryrefslogtreecommitdiffstats
path: root/common/admin/changepassword.php
diff options
context:
space:
mode:
Diffstat (limited to 'common/admin/changepassword.php')
-rw-r--r--common/admin/changepassword.php8
1 files changed, 5 insertions, 3 deletions
diff --git a/common/admin/changepassword.php b/common/admin/changepassword.php
index 1fa505e..3b4500e 100644
--- a/common/admin/changepassword.php
+++ b/common/admin/changepassword.php
@@ -1,9 +1,11 @@
<?php
-require_once dirname(__FILE__).'/inc/auth.inc.php';
-if (isset($_POST['password']) && ('' != $_POST['password'])){
+require_once __DIR__.'/../app/app.php';
+require_once __DIR__.'/inc/auth.inc.php';
+
+if ($csrf->verify($_POST['_csrf'], 'frmPassword') && isset($_POST['password']) && ('' != $_POST['password'])) {
$out = '<?php $login="admin"; $password="'.md5($_POST['password']).'"; ?>';
- file_put_contents(dirname(__FILE__).'/inc/pwd.inc.php', $out);
+ file_put_contents(__DIR__.'/inc/pwd.inc.php', $out);
die("Password changed. <a href='administration.php'>Login</a>");
} else {
die('Can not change password');
generated by cgit v1.2.1 (git 2.21.0) at 2024-11-21 10:42:10 +0000