diff --git a/includes/admin.php b/includes/admin.php index 513473e4..f9a8a4ff 100755 --- a/includes/admin.php +++ b/includes/admin.php @@ -11,10 +11,10 @@ function Status($message, $level='success', $dismissable=true) { } function DisplayAuthConfig($username, $password){ - $status = ''; - if (isset($_POST['UpdateAdminPassword'])) { - if (CSRFValidate()) { - if (password_verify($_POST['oldpass'], $password)) { + $status = ''; + if (isset($_POST['UpdateAdminPassword'])) { + if (CSRFValidate()) { + if (password_verify($_POST['oldpass'], $password)) { $new_username=trim($_POST['username']); if ($_POST['newpass'] != $_POST['newpassagain']) { $status = Status('New passwords do not match', 'danger'); @@ -35,7 +35,7 @@ function DisplayAuthConfig($username, $password){ $status = Status('Old password does not match', 'danger'); } } else { - // Log something + error_log('CSRF violation'); } } ?> @@ -45,8 +45,8 @@ function DisplayAuthConfig($username, $password){
Configure Auth

-
- + +
diff --git a/includes/functions.php b/includes/functions.php index 72abadcc..bd32ec65 100755 --- a/includes/functions.php +++ b/includes/functions.php @@ -7,7 +7,7 @@ */ function CSRFToken() { ?> - +