diff options
Diffstat (limited to 'admin')
| -rw-r--r-- | admin/include/functions.php | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/admin/include/functions.php b/admin/include/functions.php index 0e5a2b5d8..5a7f791f3 100644 --- a/admin/include/functions.php +++ b/admin/include/functions.php @@ -34,13 +34,18 @@ function check_token() { global $conf; - $token = hash_hmac('md5', session_id(), $conf['secret_key']); + $valid_token = hash_hmac('md5', session_id(), $conf['secret_key']); + $given_token = null; - if (!empty($_POST['pwg_token']) && ($_POST['pwg_token'] != $token)) + if (!empty($_POST['pwg_token'])) { - access_denied(); + $given_token = $_POST['pwg_token']; + } + elseif (!empty($_GET['pwg_token'])) + { + $given_token = $_GET['pwg_token']; } - elseif (!empty($_GET['pwg_token']) && ($_GET['pwg_token'] != $token)) + if ($given_token != $valid_token) { access_denied(); } |