fixing up undefined and double defined variables

52dc94b8 · Robin Wood · 1d4136af · 52dc94b8 · 52dc94b8 · 52dc94b8
Commit 52dc94b8 authored Sep 28, 2019 by Robin Wood
--- a/dvwa/includes/DBMS/MySQL.php
+++ b/dvwa/includes/DBMS/MySQL.php
@@ -6,7 +6,9 @@ This file contains all of the code to setup the initial MySQL database. (setup.p

 */

+if( !defined( 'DVWA_WEB_PAGE_TO_ROOT' ) ) {
 	define( 'DVWA_WEB_PAGE_TO_ROOT', '../../../' );
+}

 if( !@($GLOBALS["___mysqli_ston"] = mysqli_connect( $_DVWA[ 'db_server' ],  $_DVWA[ 'db_user' ],  $_DVWA[ 'db_password' ] )) ) {
 	dvwaMessagePush( "Could not connect to the MySQL service.<br />Please check the config file." );

--- a/login.php
+++ b/login.php
@@ -9,7 +9,13 @@ dvwaDatabaseConnect();

 if( isset( $_POST[ 'Login' ] ) ) {
 	// Anti-CSRF
-	checkToken( $_REQUEST[ 'user_token' ], $_SESSION[ 'session_token' ], 'login.php' );
+	if (array_key_exists ("session_token", $_SESSION)) {
+		$session_token = $_SESSION[ 'session_token' ];
+	} else {
+		$session_token = "";
+	}
+
+	checkToken( $_REQUEST[ 'user_token' ], $session_token, 'login.php' );

 	$user = $_POST[ 'username' ];
 	$user = stripslashes( $user );

--- a/setup.php
+++ b/setup.php
@@ -11,7 +11,13 @@ $page[ 'page_id' ] = 'setup';

 if( isset( $_POST[ 'create_db' ] ) ) {
 	// Anti-CSRF
-	checkToken( $_REQUEST[ 'user_token' ], $_SESSION[ 'session_token' ], 'setup.php' );
+	if (array_key_exists ("session_token", $_SESSION)) {
+		$session_token = $_SESSION[ 'session_token' ];
+	} else {
+		$session_token = "";
+	}
+
+	checkToken( $_REQUEST[ 'user_token' ], $session_token, 'setup.php' );

 	if( $DBMS == 'MySQL' ) {
 		include_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/DBMS/MySQL.php';