Merge pull request digininja#321 from digininja/master

fixing up undefined and double defined variables

dvwa/includes/DBMS/MySQL.php

@@ -6,7 +6,9 @@
 
 */
 
-define( 'DVWA_WEB_PAGE_TO_ROOT', '../../../' );
+if( !defined( 'DVWA_WEB_PAGE_TO_ROOT' ) ) {
+	define( 'DVWA_WEB_PAGE_TO_ROOT', '../../../' );
+}
 
 if( !@($GLOBALS["___mysqli_ston"] = mysqli_connect( $_DVWA[ 'db_server' ],  $_DVWA[ 'db_user' ],  $_DVWA[ 'db_password' ] )) ) {
 	dvwaMessagePush( "Could not connect to the MySQL service.<br />Please check the config file." );

login.php

@@ -9,7 +9,13 @@
 
 if( isset( $_POST[ 'Login' ] ) ) {
 	// Anti-CSRF
-	checkToken( $_REQUEST[ 'user_token' ], $_SESSION[ 'session_token' ], 'login.php' );
+	if (array_key_exists ("session_token", $_SESSION)) {
+		$session_token = $_SESSION[ 'session_token' ];
+	} else {
+		$session_token = "";
+	}
+
+	checkToken( $_REQUEST[ 'user_token' ], $session_token, 'login.php' );
 
 	$user = $_POST[ 'username' ];
 	$user = stripslashes( $user );

setup.php

@@ -11,7 +11,13 @@
 
 if( isset( $_POST[ 'create_db' ] ) ) {
 	// Anti-CSRF
-	checkToken( $_REQUEST[ 'user_token' ], $_SESSION[ 'session_token' ], 'setup.php' );
+	if (array_key_exists ("session_token", $_SESSION)) {
+		$session_token = $_SESSION[ 'session_token' ];
+	} else {
+		$session_token = "";
+	}
+
+	checkToken( $_REQUEST[ 'user_token' ], $session_token, 'setup.php' );
 
 	if( $DBMS == 'MySQL' ) {
 		include_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/DBMS/MySQL.php';