function dvwaMessagePop()
{
$dvwaSession =& dvwaSessionGrab();
if (!isset($dvwaSession['messages']) || count($dvwaSession['messages']) == 0) {
return false;
}
return array_shift($dvwaSession['messages']);
}
<?php
if (isset($_POST['Change'])) {
$dvwaSession =& dvwaSessionGrab();
$user = $dvwaSession['username'];
if ($_POST['Change'] == 'check') {
$pass = stripslashes($_POST['password_current']);
$pass = mysql_real_escape_string($pass);
$pass = md5($pass);
$qry = "SELECT * FROM `users` WHERE user='******' AND password='******';";
$result = @mysql_query($qry) or die('<pre>' . mysql_error() . '</pre>');
if ($result && mysql_num_rows($result) >= 1) {
// Login Successful...
echo "true";
} else {
echo "false";
}
exit;
}
// Checks the http referer header
if (strpos($_SERVER['HTTP_REFERER'], "127.0.0.1") !== false && $_POST['Change'] == 'Change') {
// Turn requests into variables
$pass_new = $_POST['password_new'];
$pass_conf = $_POST['password_conf'];
if ($pass_new == $pass_conf) {
$pass_new = mysql_real_escape_string($pass_new);
$pass_new = md5($pass_new);
$insert = "UPDATE `users` SET password = '******' WHERE user = '******';";
$result = mysql_query($insert) or die('<pre>' . mysql_error() . '</pre>');
require_once '../../hackable/ctf/ctf.php';
$html .= "<pre> Password Changed </br> {$FLAG['chpwd']} </pre>";
function xlabautocode()
{
$code = xlabGetSqli('authcode', $_REQUEST);
$session =& dvwaSessionGrab();
if (isset($session['authcode']) and !empty($session['authcode']) and strcasecmp($session['authcode'], $code) == 0) {
return true;
}
return false;
}
