|
(2) Medium level
- <?php
-
- if( isset( $_GET[ 'Change' ] ) ) {
- // Checks to see where the request came from
- if( eregi( $_SERVER[ 'SERVER_NAME' ], $_SERVER[ 'HTTP_REFERER' ] ) ) {
- // Get input
- $pass_new = $_GET[ 'password_new' ];
- $pass_conf = $_GET[ 'password_conf' ];
-
- // Do the passwords match?
- if( $pass_new == $pass_conf ) {
- // They do!
- $pass_new = mysql_real_escape_string( $pass_new );
- $pass_new = md5( $pass_new );
-
- // Update the database
- $insert = "UPDATE `users` SET password = '$pass_new' WHERE user = '" . dvwaCurrentUser() . "';";
- $result = mysql_query( $insert ) or die( '<pre>' . mysql_error() . '</pre>' );
-
- // Feedback for the user
- echo "<pre>Password Changed.</pre>";
- }
- else {
- // Issue with passwords matching
- echo "<pre>Passwords did not match.</pre>";
- }
- }
- else {
- // Didn't come from a trusted source
- echo "<pre>That request didn't look correct.</pre>";
- }
-
- mysql_close();
- }
-
- ?>
(编辑:威海站长网)
【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!
|
