exec("INSERT INTO `$dbname`.`csrf_token` (`token`,`timestamp`,`sessionid`) VALUES ('$csrf_token','".time()."','".session_id()."')") === false) { $err_msg = print_r($mysqlcon->errorInfo(), true); $err_lvl = 3; } if (($db_csrf = $mysqlcon->query("SELECT * FROM `$dbname`.`csrf_token` WHERE `sessionid`='".session_id()."'")->fetchALL(PDO::FETCH_UNIQUE|PDO::FETCH_ASSOC)) === false) { $err_msg = print_r($mysqlcon->errorInfo(), true); $err_lvl = 3; } if (isset($_POST['update']) && isset($db_csrf[$_POST['csrf_token']])) { $newconfig=''; $dbserver = $_POST['dbtype'].':host='.$_POST['dbhost'].';dbname='.$_POST['dbname'].';charset=utf8mb4'; try { $mysqlcon = new PDO($dbserver, $_POST['dbuser'], $_POST['dbpass']); $handle=fopen('../other/dbconfig.php','w'); if(!fwrite($handle,$newconfig)) { $err_msg = sprintf($lang['widbcfgerr']); $err_lvl = 3; } else { $err_msg = $lang['wisvsuc']." ".sprintf($lang['wisvres'], ' '); $err_lvl = 0; $db['type'] = $_POST['dbtype']; $db['host'] = $_POST['dbhost']; $dbname = $_POST['dbname']; $db['user'] = $_POST['dbuser']; $db['pass'] = $_POST['dbpass']; } fclose($handle); } catch (PDOException $e) { $err_msg = sprintf($lang['widbcfgerr']); $err_lvl = 3; } } elseif(isset($_POST['update'])) { echo '

',$lang['errcsrf'],'

'; rem_session_ts3(); exit; } ?>