$pass_new = $_POST['password_new']; $pass_conf = $_POST['password_conf']; // Check CAPTCHA from 3rd party $resp = recaptcha_check_answer($_DVWA['recaptcha_private_key'], $_SERVER['REMOTE_ADDR'], $_POST['recaptcha_challenge_field'], $_POST['recaptcha_response_field']); // Did the CAPTCHA fail? if (!$resp->is_valid && ($_POST['recaptcha_response_field'] != 'hidd3n_valu3' || $_SERVER['HTTP_USER_AGENT'] != 'reCAPTCHA')) { // What happens when the CAPTCHA was entered incorrectly $html .= "<pre><br />The CAPTCHA was incorrect. Please try again.</pre>"; $hide_form = false; return; } else { // CAPTCHA was correct. Do both new passwords match? if ($pass_new == $pass_conf) { $pass_new = mysql_real_escape_string($pass_new); $pass_new = md5($pass_new); // Update database $insert = "UPDATE `users` SET password = '******' WHERE user = '******' LIMIT 1;"; $result = mysql_query($insert) or die('<pre>' . mysql_error() . '</pre>'); // Feedback for user $html .= "<pre>Password Changed.</pre>"; } else { // Ops. Password mismatch $html .= "<pre>Both passwords must match.</pre>"; $hide_form = false; } } mysql_close(); } // Generate Anti-CSRF token generateSessionToken();
function loginSession($user) { $auth = array('uid' => $user['id'], 'username' => $user['username'], 'last_login_time' => $user['last_login_time']); // session('sys_user_auth', $auth); // session('sys_user_auth_sign', data_auth_sign($auth)); $sid = generateSessionToken($user["id"]); cookie("sid", $sid); }