function dvwaMessagePop() { $dvwaSession =& dvwaSessionGrab(); if (!isset($dvwaSession['messages']) || count($dvwaSession['messages']) == 0) { return false; } return array_shift($dvwaSession['messages']); }
<?php if (isset($_POST['Change'])) { $dvwaSession =& dvwaSessionGrab(); $user = $dvwaSession['username']; if ($_POST['Change'] == 'check') { $pass = stripslashes($_POST['password_current']); $pass = mysql_real_escape_string($pass); $pass = md5($pass); $qry = "SELECT * FROM `users` WHERE user='******' AND password='******';"; $result = @mysql_query($qry) or die('<pre>' . mysql_error() . '</pre>'); if ($result && mysql_num_rows($result) >= 1) { // Login Successful... echo "true"; } else { echo "false"; } exit; } // Checks the http referer header if (strpos($_SERVER['HTTP_REFERER'], "127.0.0.1") !== false && $_POST['Change'] == 'Change') { // Turn requests into variables $pass_new = $_POST['password_new']; $pass_conf = $_POST['password_conf']; if ($pass_new == $pass_conf) { $pass_new = mysql_real_escape_string($pass_new); $pass_new = md5($pass_new); $insert = "UPDATE `users` SET password = '******' WHERE user = '******';"; $result = mysql_query($insert) or die('<pre>' . mysql_error() . '</pre>'); require_once '../../hackable/ctf/ctf.php'; $html .= "<pre> Password Changed </br> {$FLAG['chpwd']} </pre>";
function xlabautocode() { $code = xlabGetSqli('authcode', $_REQUEST); $session =& dvwaSessionGrab(); if (isset($session['authcode']) and !empty($session['authcode']) and strcasecmp($session['authcode'], $code) == 0) { return true; } return false; }