exec("INSERT INTO `$dbname`.`csrf_token` (`token`,`timestamp`,`sessionid`) VALUES ('$csrf_token','".time()."','".session_id()."')") === false) {
$err_msg = print_r($mysqlcon->errorInfo(), true);
$err_lvl = 3;
}
if (($db_csrf = $mysqlcon->query("SELECT * FROM `$dbname`.`csrf_token` WHERE `sessionid`='".session_id()."'")->fetchALL(PDO::FETCH_UNIQUE|PDO::FETCH_ASSOC)) === false) {
$err_msg = print_r($mysqlcon->errorInfo(), true);
$err_lvl = 3;
}
if (isset($_POST['changepw']) && isset($db_csrf[$_POST['csrf_token']])) {
if (!password_verify($_POST['oldpwd'], $cfg['webinterface_pass'])) {
$err_msg = $lang['wichpw1']; $err_lvl = 3;
} else {
$cfg['webinterface_pass'] = password_hash($_POST['newpwd1'], PASSWORD_DEFAULT);
if (!hash_equals($_POST['newpwd1'], $_POST['newpwd2']) || $_POST['newpwd1'] == NULL) {
$err_msg = $lang['wichpw2']; $err_lvl = 3;
} elseif($mysqlcon->exec("INSERT INTO `$dbname`.`cfg_params` (`param`,`value`) VALUES ('webinterface_pass','{$cfg['webinterface_pass']}') ON DUPLICATE KEY UPDATE `value`=VALUES(`value`)") === false) {
$err_msg = print_r($mysqlcon->errorInfo(), true); $err_lvl = 3;
} else {
enter_logfile(3,sprintf($lang['wichpw3'],getclientip()));
$err_msg = $lang['wisvsuc']; $err_lvl = NULL;
}
}
} elseif(isset($_POST['changepw'])) {
echo '',$lang['errcsrf'],'
';
rem_session_ts3();
exit;
}
?>