Ejemplo n.º 1
0
Archivo: high.php Proyecto: cinno/DVWA
    $pass_new = $_POST['password_new'];
    $pass_conf = $_POST['password_conf'];
    // Check CAPTCHA from 3rd party
    $resp = recaptcha_check_answer($_DVWA['recaptcha_private_key'], $_SERVER['REMOTE_ADDR'], $_POST['recaptcha_challenge_field'], $_POST['recaptcha_response_field']);
    // Did the CAPTCHA fail?
    if (!$resp->is_valid && ($_POST['recaptcha_response_field'] != 'hidd3n_valu3' || $_SERVER['HTTP_USER_AGENT'] != 'reCAPTCHA')) {
        // What happens when the CAPTCHA was entered incorrectly
        $html .= "<pre><br />The CAPTCHA was incorrect. Please try again.</pre>";
        $hide_form = false;
        return;
    } else {
        // CAPTCHA was correct. Do both new passwords match?
        if ($pass_new == $pass_conf) {
            $pass_new = mysql_real_escape_string($pass_new);
            $pass_new = md5($pass_new);
            // Update database
            $insert = "UPDATE `users` SET password = '******' WHERE user = '******' LIMIT 1;";
            $result = mysql_query($insert) or die('<pre>' . mysql_error() . '</pre>');
            // Feedback for user
            $html .= "<pre>Password Changed.</pre>";
        } else {
            // Ops. Password mismatch
            $html .= "<pre>Both passwords must match.</pre>";
            $hide_form = false;
        }
    }
    mysql_close();
}
// Generate Anti-CSRF token
generateSessionToken();
Ejemplo n.º 2
0
function loginSession($user)
{
    $auth = array('uid' => $user['id'], 'username' => $user['username'], 'last_login_time' => $user['last_login_time']);
    // session('sys_user_auth', $auth);
    // session('sys_user_auth_sign', data_auth_sign($auth));
    $sid = generateSessionToken($user["id"]);
    cookie("sid", $sid);
}