Add csrf tokens to all sensitive forms
This commit is contained in:
Daniel Winzen
@ -248,6 +248,9 @@ function send_captcha() {
|
||||
|
||||
function check_login(){
|
||||
global $db;
|
||||
if(empty($_SESSION['csrf_token']){
|
||||
$_SESSION['csrf_token']=sha1(uniqid());
|
||||
}
|
||||
if(empty($_SESSION['hosting_username'])){
|
||||
header('Location: login.php');
|
||||
session_destroy();
|
||||
@ -506,3 +509,10 @@ function add_user_db(PDO $db, int $user_id) : ?string {
|
||||
$db->exec('FLUSH PRIVILEGES;');
|
||||
return $mysql_db;
|
||||
}
|
||||
|
||||
function check_csrf_error(){
|
||||
if(empty($_POST['csrf_token']) || $_POST['csrf_token'] !== $_SESSION['csrf_token']){
|
||||
return 'Invalid CSRF token, please try again.';
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -21,6 +21,7 @@ $error=false;
|
||||
if($_SERVER['REQUEST_METHOD']==='POST' && isSet($_POST['pass']) && $_POST['pass']===ADMIN_PASSWORD){
|
||||
if(!($error=check_captcha_error())){
|
||||
$_SESSION['logged_in']=true;
|
||||
$_SESSION['csrf_token']=sha1(uniqid());
|
||||
}
|
||||
}
|
||||
if(empty($_SESSION['logged_in'])){
|
||||
@ -54,25 +55,30 @@ if(empty($_SESSION['logged_in'])){
|
||||
echo '<tr><th>Username</th><th>Onion link</th><th>Action</th></tr>';
|
||||
$stmt=$db->query('SELECT users.username, onions.onion FROM users INNER JOIN onions ON (onions.user_id=users.id) ORDER BY users.username;');
|
||||
while($tmp=$stmt->fetch(PDO::FETCH_NUM)){
|
||||
echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\"><input type=\"hidden\" name=\"onion\" value=\"$tmp[1]\"><tr><td>$tmp[0]</td><td><a href=\"http://$tmp[1].onion\" target=\"_blank\">$tmp[1].onion</a></td><td><input type=\"submit\" name=\"action\" value=\"edit\"></td></tr></form>";
|
||||
echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\"><input type=\"hidden\" name=\"csrf_token\" value=\"$_SESSION[csrf_token]\"><input type=\"hidden\" name=\"onion\" value=\"$tmp[1]\"><tr><td>$tmp[0]</td><td><a href=\"http://$tmp[1].onion\" target=\"_blank\">$tmp[1].onion</a></td><td><input type=\"submit\" name=\"action\" value=\"edit\"></td></tr></form>";
|
||||
}
|
||||
echo '</table>';
|
||||
}elseif($_REQUEST['action']==='approve'){
|
||||
if(!empty($_POST['onion'])){
|
||||
$stmt=$db->prepare('UPDATE new_account INNER JOIN users ON (users.id=new_account.user_id) SET new_account.approved=1 WHERE users.onion=?;');
|
||||
$stmt->execute([$_POST['onion']]);
|
||||
echo '<p style="color:green;">Successfully approved</p>';
|
||||
if($error=check_csrf_error()){
|
||||
echo '<p style="color:red;">'.$error.'</p>';
|
||||
}else{
|
||||
$stmt=$db->prepare('UPDATE new_account INNER JOIN users ON (users.id=new_account.user_id) SET new_account.approved=1 WHERE users.onion=?;');
|
||||
$stmt->execute([$_POST['onion']]);
|
||||
echo '<p style="color:green;">Successfully approved</p>';
|
||||
}
|
||||
}
|
||||
echo '<table border="1">';
|
||||
echo '<tr><th>Username</th><th>Onion address</th><th>Action</th></tr>';
|
||||
$stmt=$db->query('SELECT users.username, onions.onion FROM users INNER JOIN new_account ON (users.id=new_account.user_id) INNER JOIN onions ON (onions.user_id=users.id) WHERE new_account.approved=0 ORDER BY users.username;');
|
||||
while($tmp=$stmt->fetch(PDO::FETCH_NUM)){
|
||||
echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\"><input type=\"hidden\" name=\"onion\" value=\"$tmp[1]\"><tr><td>$tmp[0]</td><td><a href=\"http://$tmp[1].onion\" target=\"_blank\">$tmp[1].onion</a></td><td><input type=\"submit\" name=\"action\" value=\"approve\"><input type=\"submit\" name=\"action\" value=\"delete\"></td></tr></form>";
|
||||
echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\"><input type=\"hidden\" name=\"csrf_token\" value=\"$_SESSION[csrf_token]\"><input type=\"hidden\" name=\"onion\" value=\"$tmp[1]\"><tr><td>$tmp[0]</td><td><a href=\"http://$tmp[1].onion\" target=\"_blank\">$tmp[1].onion</a></td><td><input type=\"submit\" name=\"action\" value=\"approve\"><input type=\"submit\" name=\"action\" value=\"delete\"></td></tr></form>";
|
||||
}
|
||||
echo '</table>';
|
||||
}elseif($_REQUEST['action']==='delete'){
|
||||
echo '<p>Delete accouts:</p>';
|
||||
echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\">";
|
||||
echo '<input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'">';
|
||||
echo '<p>Onion address: <input type="text" name="onion" size="30" value="';
|
||||
if(isSet($_POST['onion'])){
|
||||
echo htmlspecialchars($_POST['onion']);
|
||||
@ -80,7 +86,9 @@ if(empty($_SESSION['logged_in'])){
|
||||
echo '" required autofocus></p>';
|
||||
echo '<input type="submit" name="action" value="delete"></form><br>';
|
||||
if(!empty($_POST['onion'])){
|
||||
if(preg_match('~^([a-z2-7]{16}|[a-z2-7]{56})(\.onion)?$~', $_POST['onion'], $match)){
|
||||
if($error=check_csrf_error()){
|
||||
echo '<p style="color:red;">'.$error.'</p>';
|
||||
}elseif(preg_match('~^([a-z2-7]{16}|[a-z2-7]{56})(\.onion)?$~', $_POST['onion'], $match)){
|
||||
$stmt=$db->prepare('SELECT user_id FROM onions WHERE onion=?;');
|
||||
$stmt->execute([$match[1]]);
|
||||
if($user_id=$stmt->fetch(PDO::FETCH_NUM)){
|
||||
@ -97,6 +105,7 @@ if(empty($_SESSION['logged_in'])){
|
||||
}elseif($_REQUEST['action']==='suspend'){
|
||||
echo '<p>Suspend hidden service:</p>';
|
||||
echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\">";
|
||||
echo '<input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'">';
|
||||
echo '<p>Onion address: <input type="text" name="onion" size="30" value="';
|
||||
if(isSet($_POST['onion'])){
|
||||
echo htmlspecialchars($_POST['onion']);
|
||||
@ -104,7 +113,9 @@ if(empty($_SESSION['logged_in'])){
|
||||
echo '" required autofocus></p>';
|
||||
echo '<input type="submit" name="action" value="suspend"></form><br>';
|
||||
if(!empty($_POST['onion'])){
|
||||
if(preg_match('~^([a-z2-7]{16}|[a-z2-7]{56})(\.onion)?$~', $_POST['onion'], $match)){
|
||||
if($error=check_csrf_error()){
|
||||
echo '<p style="color:red;">'.$error.'</p>';
|
||||
}elseif(preg_match('~^([a-z2-7]{16}|[a-z2-7]{56})(\.onion)?$~', $_POST['onion'], $match)){
|
||||
$stmt=$db->prepare('SELECT null FROM onions WHERE onion=?;');
|
||||
$stmt->execute([$match[1]]);
|
||||
if($stmt->fetch(PDO::FETCH_NUM)){
|
||||
@ -123,6 +134,7 @@ if(empty($_SESSION['logged_in'])){
|
||||
}elseif(in_array($_REQUEST['action'], ['edit', 'edit_2'], true)){
|
||||
echo '<p>Edit hidden service:</p>';
|
||||
echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\">";
|
||||
echo '<input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'">';
|
||||
echo '<p>Onion address: <input type="text" name="onion" size="30" value="';
|
||||
if(isSet($_POST['onion'])){
|
||||
echo htmlspecialchars($_POST['onion']);
|
||||
@ -130,7 +142,9 @@ if(empty($_SESSION['logged_in'])){
|
||||
echo '" required autofocus></p>';
|
||||
echo '<input type="submit" name="action" value="edit"></form><br>';
|
||||
if(!empty($_POST['onion'])){
|
||||
if(preg_match('~^([a-z2-7]{16}|[a-z2-7]{56})(\.onion)?$~', $_POST['onion'], $match)){
|
||||
if($error=check_csrf_error()){
|
||||
echo '<p style="color:red;">'.$error.'</p>';
|
||||
}elseif(preg_match('~^([a-z2-7]{16}|[a-z2-7]{56})(\.onion)?$~', $_POST['onion'], $match)){
|
||||
if($_REQUEST['action']==='edit_2'){
|
||||
$stmt=$db->prepare('SELECT version FROM onions WHERE onion=?;');
|
||||
$stmt->execute([$match[1]]);
|
||||
@ -162,6 +176,7 @@ if(empty($_SESSION['logged_in'])){
|
||||
$stmt->execute([$match[1]]);
|
||||
if($onion=$stmt->fetch(PDO::FETCH_NUM)){
|
||||
echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\">";
|
||||
echo '<input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'">';
|
||||
echo '<table border="1"><tr><th>Onion</th><th>Enabled</th><th>SMTP enabled</th><th>Nr. of intros</th><th>Max streams per rend circuit</th><th>Save</th></tr>';
|
||||
echo '<tr><td><input type="text" name="onion" size="15" value="'.$onion[0].'" required autofocus></td>';
|
||||
echo '<td><label><input type="checkbox" name="enabled" value="1"';
|
||||
|
||||
@ -9,7 +9,9 @@ session_start();
|
||||
$user=check_login();
|
||||
$msg='';
|
||||
if($_SERVER['REQUEST_METHOD']==='POST'){
|
||||
if(!isset($_POST['pass']) || !password_verify($_POST['pass'], $user['password'])){
|
||||
if($error=check_csrf_error()){
|
||||
$msg.='<p style="color:red;">'.$error.'</p>';
|
||||
}elseif(!isset($_POST['pass']) || !password_verify($_POST['pass'], $user['password'])){
|
||||
$msg.='<p style="color:red;">Wrong password.</p>';
|
||||
}else{
|
||||
$stmt=$db->prepare('UPDATE users SET todelete=1 WHERE id=?;');
|
||||
@ -29,7 +31,7 @@ header('Content-Type: text/html; charset=UTF-8');
|
||||
</head><body>
|
||||
<p>This will delete your account and all data asociated with it. It can't be un-done. Are you sure?</p>
|
||||
<?php echo $msg; ?>
|
||||
<form method="POST" action="delete.php"><table>
|
||||
<form method="POST" action="delete.php"><input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>"><table>
|
||||
<tr><td>Enter your account password to confirm</td><td><input type="password" name="pass" required autofocus></td></tr>
|
||||
<tr><td colspan="2"><input type="submit" value="Delete"></td></tr>
|
||||
</table></form>
|
||||
|
||||
@ -125,28 +125,25 @@ if(@!ftp_chdir($ftp, $dir)){
|
||||
}
|
||||
|
||||
if(!empty($_POST['mkdir']) && !empty($_POST['name'])){
|
||||
if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){
|
||||
echo 'Invalid CSRF token, please try again.';
|
||||
exit;
|
||||
if($error=check_csrf_error()){
|
||||
die($error);
|
||||
}
|
||||
ftp_mkdir($ftp, $_POST['name']);
|
||||
ftp_mkdir($ftp, $_POST['name']);
|
||||
}
|
||||
|
||||
if(!empty($_POST['mkfile']) && !empty($_POST['name'])){
|
||||
if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){
|
||||
echo 'Invalid CSRF token, please try again.';
|
||||
exit;
|
||||
if($error=check_csrf_error()){
|
||||
die($error);
|
||||
}
|
||||
$tmpfile='/tmp/'.uniqid();
|
||||
touch($tmpfile);
|
||||
ftp_put($ftp, $_POST['name'], $tmpfile, FTP_BINARY);
|
||||
unlink($tmpfile);
|
||||
$tmpfile='/tmp/'.uniqid();
|
||||
touch($tmpfile);
|
||||
ftp_put($ftp, $_POST['name'], $tmpfile, FTP_BINARY);
|
||||
unlink($tmpfile);
|
||||
}
|
||||
|
||||
if(!empty($_POST['delete']) && !empty($_POST['files'])){
|
||||
if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){
|
||||
echo 'Invalid CSRF token, please try again.';
|
||||
exit;
|
||||
if($error=check_csrf_error()){
|
||||
die($error);
|
||||
}
|
||||
foreach($_POST['files'] as $file){
|
||||
ftp_recursive_delete($ftp, $file);
|
||||
@ -154,9 +151,8 @@ if(!empty($_POST['delete']) && !empty($_POST['files'])){
|
||||
}
|
||||
|
||||
if(!empty($_POST['rename_2']) && !empty($_POST['files'])){
|
||||
if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){
|
||||
echo 'Invalid CSRF token, please try again.';
|
||||
exit;
|
||||
if($error=check_csrf_error()){
|
||||
die($error);
|
||||
}
|
||||
foreach($_POST['files'] as $old=>$new){
|
||||
ftp_rename($ftp, $old, $new);
|
||||
@ -164,18 +160,16 @@ if(!empty($_POST['rename_2']) && !empty($_POST['files'])){
|
||||
}
|
||||
|
||||
if(!empty($_POST['rename']) && !empty($_POST['files'])){
|
||||
if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){
|
||||
echo 'Invalid CSRF token, please try again.';
|
||||
exit;
|
||||
if($error=check_csrf_error()){
|
||||
die($error);
|
||||
}
|
||||
send_rename($dir);
|
||||
exit;
|
||||
}
|
||||
|
||||
if(!empty($_POST['edit_2']) && !empty($_POST['files'])){
|
||||
if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){
|
||||
echo 'Invalid CSRF token, please try again.';
|
||||
exit;
|
||||
if($error=check_csrf_error()){
|
||||
die($error);
|
||||
}
|
||||
$tmpfile='/tmp/'.uniqid();
|
||||
foreach($_POST['files'] as $name=>$content){
|
||||
@ -186,14 +180,16 @@ if(!empty($_POST['edit_2']) && !empty($_POST['files'])){
|
||||
}
|
||||
|
||||
if(!empty($_POST['edit']) && !empty($_POST['files'])){
|
||||
if($error=check_csrf_error()){
|
||||
die($error);
|
||||
}
|
||||
send_edit($ftp, $dir);
|
||||
exit;
|
||||
}
|
||||
|
||||
if(!empty($_POST['unzip']) && !empty($_POST['files'])){
|
||||
if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){
|
||||
echo 'Invalid CSRF token, please try again.';
|
||||
exit;
|
||||
if($error=check_csrf_error()){
|
||||
die($error);
|
||||
}
|
||||
$zip = new ZipArchive();
|
||||
foreach($_POST['files'] as $file){
|
||||
@ -230,9 +226,8 @@ if(!empty($_POST['unzip']) && !empty($_POST['files'])){
|
||||
|
||||
|
||||
if(!empty($_FILES['files'])){
|
||||
if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){
|
||||
echo 'Invalid CSRF token, please try again.';
|
||||
exit;
|
||||
if($error=check_csrf_error()){
|
||||
die($error);
|
||||
}
|
||||
$c=count($_FILES['files']['name']);
|
||||
for($i=0; $i<$c; ++$i){
|
||||
@ -308,7 +303,7 @@ $dir=htmlspecialchars($dir);
|
||||
</head><body>
|
||||
<h1>Index of <?php echo $dir; ?></h1>
|
||||
<?php if($dir!=='/'){ ?>
|
||||
<p>Upload up to 1GB and up to 100 files at once <form action="files.php" enctype="multipart/form-data" method="post"><input type="hidden" name="csrf-token" value="<?= $_SESSION['csrf_token'] ?>"><input name="files[]" type="file" multiple><input type="hidden" name="path" value="<?php echo $dir; ?>"><input type="submit" value="Upload"></form></p><br>
|
||||
<p>Upload up to 1GB and up to 100 files at once <form action="files.php" enctype="multipart/form-data" method="post"><input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>"><input name="files[]" type="file" multiple><input type="hidden" name="path" value="<?php echo $dir; ?>"><input type="submit" value="Upload"></form></p><br>
|
||||
<?php
|
||||
}
|
||||
$fileurl='A';
|
||||
@ -326,7 +321,7 @@ if($order==='A'){
|
||||
}
|
||||
?>
|
||||
<form action="files.php" method="post">
|
||||
<input type="hidden" name="csrf-token" value="<?= $_SESSION['csrf_token'] ?>">
|
||||
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
|
||||
<input type="submit" name="mkdir" value="Create directory">
|
||||
<input type="submit" name="mkfile" value="Create file">
|
||||
<input type="text" name="name"><br><br>
|
||||
@ -453,7 +448,7 @@ function send_rename($dir){
|
||||
echo '<meta name=viewport content="width=device-width, initial-scale=1">';
|
||||
echo '</head><body>';
|
||||
echo '<form action="files.php" method="post">';
|
||||
echo '<input type="hidden" name="csrf-token" value="<'.$_SESSION['csrf_token'].'">';
|
||||
echo '<input type="hidden" name="csrf_token" value="<'.$_SESSION['csrf_token'].'">';
|
||||
echo '<input type="hidden" name="path" value="'.htmlspecialchars($dir).'">';
|
||||
echo '<table>';
|
||||
foreach($_POST['files'] as $file){
|
||||
@ -472,7 +467,7 @@ function send_edit($ftp, $dir){
|
||||
echo '<meta name=viewport content="width=device-width, initial-scale=1">';
|
||||
echo '</head><body>';
|
||||
echo '<form action="files.php" method="post">';
|
||||
echo '<input type="hidden" name="csrf-token" value="<'.$_SESSION['csrf_token'].'">';
|
||||
echo '<input type="hidden" name="csrf_token" value="<'.$_SESSION['csrf_token'].'">';
|
||||
echo '<input type="hidden" name="path" value="'.htmlspecialchars($dir).'">';
|
||||
echo '<table>';
|
||||
$tmpfile='/tmp/'.uniqid();
|
||||
|
||||
@ -7,10 +7,16 @@ try{
|
||||
}
|
||||
session_start();
|
||||
$user=check_login();
|
||||
if(isset($_REQUEST['action']) && $_REQUEST['action']==='add_db'){
|
||||
if(isset($_POST['action']) && $_POST['action']==='add_db'){
|
||||
if($error=check_csrf_error()){
|
||||
die($error);
|
||||
}
|
||||
add_user_db($db, $user['id']);
|
||||
}
|
||||
if(isset($_REQUEST['action']) && isset($_REQUEST['onion']) && $_REQUEST['action']==='edit'){
|
||||
if($error=check_csrf_error()){
|
||||
die($error);
|
||||
}
|
||||
$stmt=$db->prepare('SELECT onions.version FROM onions INNER JOIN users ON (users.id=onions.user_id) WHERE onions.onion = ? AND users.id = ? AND onions.enabled IN (0, 1);');
|
||||
$stmt->execute([$_REQUEST['onion'], $user['id']]);
|
||||
if($onion=$stmt->fetch(PDO::FETCH_NUM)){
|
||||
@ -52,7 +58,7 @@ echo '<tr><th>Onion</th><th>Private key</th><th>Enabled</th><th>SMTP enabled</th
|
||||
$stmt=$db->prepare('SELECT onion, private_key, enabled, enable_smtp, num_intros, max_streams FROM onions WHERE user_id = ?;');
|
||||
$stmt->execute([$user['id']]);
|
||||
while($onion=$stmt->fetch(PDO::FETCH_ASSOC)){
|
||||
echo "<form action=\"home.php\" method=\"post\"><input type=\"hidden\" name=\"onion\" value=\"$onion[onion]\"><tr><td><a href=\"http://$onion[onion].onion\" target=\"_blank\">$onion[onion].onion</a></td><td>";
|
||||
echo "<form action=\"home.php\" method=\"post\"><input type=\"hidden\" name=\"csrf_token\" value=\"$_SESSION[csrf_token]\"><input type=\"hidden\" name=\"onion\" value=\"$onion[onion]\"><tr><td><a href=\"http://$onion[onion].onion\" target=\"_blank\">$onion[onion].onion</a></td><td>";
|
||||
if(isset($_REQUEST['show_priv'])){
|
||||
echo "<pre>$onion[private_key]</pre>";
|
||||
}else{
|
||||
@ -86,7 +92,7 @@ while($mysql=$stmt->fetch(PDO::FETCH_ASSOC)){
|
||||
}
|
||||
echo '</table>';
|
||||
if($count_dbs<MAX_NUM_USER_DBS){
|
||||
echo '<p><form action="home.php" method="post"><button type="submit" name="action" value="add_db">Add new database</button></form></p>';
|
||||
echo '<p><form action="home.php" method="post"><input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'"><button type="submit" name="action" value="add_db">Add new database</button></form></p>';
|
||||
}
|
||||
echo '<p><a href="password.php?type=sql">Change MySQL password</a></p>';
|
||||
echo '<p>You can use <a href="/phpmyadmin/" target="_blank">PHPMyAdmin</a> and <a href="/adminer/" target="_blank">Adminer</a> for web based database administration.</p>';
|
||||
|
||||
@ -34,7 +34,7 @@ if(isset($_SERVER['HTTP_HOST']) && preg_match('/danwin1210\.(i2p|me)$/', $_SERVE
|
||||
<li>FTP access</li>
|
||||
<li>SFTP access</li>
|
||||
<li>No disk quota, but please be fair about your disk usage - quota will come</li>
|
||||
<li>mail() can send e-mails from your.onion@<?php echo ADDRESS; ?> (your.onion@hosting.danwin1210.me for clearnet) - not yet working but will return in future</li>
|
||||
<li>mail() can send e-mails from your.onion@<?php echo ADDRESS; ?> (your.onion@hosting.danwin1210.me for clearnet) - not yet working but will return in future, use https://github.com/PHPMailer/PHPMailer or similar for now</li>
|
||||
<li>Webmail and IMAP, POP3 and SMTP access to your mail account</li>
|
||||
<li>Mail sent to anything@your.onion gets automatically redirected to your inbox</li>
|
||||
<li>Your own .onion address</li>
|
||||
|
||||
@ -12,6 +12,9 @@ if(!isset($_REQUEST['type'])){
|
||||
}
|
||||
$msg='';
|
||||
if($_SERVER['REQUEST_METHOD']==='POST'){
|
||||
if($error=check_csrf_error()){
|
||||
$msg.='<p style="color:red;">'.$error.'</p>';
|
||||
}
|
||||
if(!isset($_POST['pass']) || !password_verify($_POST['pass'], $user['password'])){
|
||||
$msg.='<p style="color:red;">Wrong password.</p>';
|
||||
}elseif(!isset($_POST['confirm']) || !isset($_POST['newpass']) || $_POST['newpass']!==$_POST['confirm']){
|
||||
@ -45,7 +48,7 @@ echo '<meta name="author" content="Daniel Winzen">';
|
||||
echo '<meta name="viewport" content="width=device-width, initial-scale=1">';
|
||||
echo '</head><body>';
|
||||
echo $msg;
|
||||
echo '<form method="POST" action="password.php"><table>';
|
||||
echo '<form method="POST" action="password.php"><input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'"><table>';
|
||||
echo '<tr><td>Reset type:</td><td><select name="type">';
|
||||
echo '<option value="acc"';
|
||||
if($_REQUEST['type']==='acc'){
|
||||
|
||||
Reference in New Issue
Block a user