May I Help !: Code to secure yourself from CSRF (Cross Site Request Forgery)

Thursday, 21 March 2013

Code to secure yourself from CSRF (Cross Site Request Forgery)

Following is code for the above page.
This page is to change the password and code for this is:


<?php

            

    if (isset($_GET['Change'])) {

    

        // Turn requests into variables

        $pass_curr = $_GET['password_current'];

        $pass_new = $_GET['password_new'];

        $pass_conf = $_GET['password_conf'];



        // Sanitise current password input

        $pass_curr = stripslashes( $pass_curr );

        $pass_curr = mysql_real_escape_string( $pass_curr );

        $pass_curr = md5( $pass_curr );

        

        // Check that the current password is correct

        $qry = "SELECT password FROM `users` WHERE user='admin' AND

password='$pass_curr';";

        $result = mysql_query($qry) or die('<pre>' . mysql_error() .

 '</pre>' );



        if (($pass_new == $pass_conf) && ( $result &&

 mysql_num_rows( $result ) == 1 )){

            $pass_new = mysql_real_escape_string($pass_new);

            $pass_new = md5($pass_new);



            $insert="UPDATE `users` SET password = '$pass_new' WHERE

user ='admin';";

            $result=mysql_query($insert) or die('<pre>' . mysql_error() .

'</pre>' );

                        

            echo "<pre> Password Changed </pre>";        

            mysql_close();

        }

    

        else{        

            echo "<pre> Passwords did not match or current password

incorrect</pre>";            

        }



    }
?>

1 comment:

Unknown21 March 2013 at 02:48
This comment has been removed by the author.
ReplyDelete
Replies

Add comment

May I Help !

Pages

Thursday, 21 March 2013

Code to secure yourself from CSRF (Cross Site Request Forgery)

1 comment:

Blog Archive

Popular Posts