diff --git a/dvwa/includes/DBMS/MySQL.php b/dvwa/includes/DBMS/MySQL.php
index c39061288..2303de8a3 100644
--- a/dvwa/includes/DBMS/MySQL.php
+++ b/dvwa/includes/DBMS/MySQL.php
@@ -6,7 +6,9 @@
 
 */
 
-define( 'DVWA_WEB_PAGE_TO_ROOT', '../../../' );
+if( !defined( 'DVWA_WEB_PAGE_TO_ROOT' ) ) {
+	define( 'DVWA_WEB_PAGE_TO_ROOT', '../../../' );
+}
 
 if( !@($GLOBALS["___mysqli_ston"] = mysqli_connect( $_DVWA[ 'db_server' ],  $_DVWA[ 'db_user' ],  $_DVWA[ 'db_password' ] )) ) {
 	dvwaMessagePush( "Could not connect to the MySQL service.<br />Please check the config file." );
diff --git a/login.php b/login.php
index cbd37d90b..7e5d107c3 100644
--- a/login.php
+++ b/login.php
@@ -9,7 +9,13 @@
 
 if( isset( $_POST[ 'Login' ] ) ) {
 	// Anti-CSRF
-	checkToken( $_REQUEST[ 'user_token' ], $_SESSION[ 'session_token' ], 'login.php' );
+	if (array_key_exists ("session_token", $_SESSION)) {
+		$session_token = $_SESSION[ 'session_token' ];
+	} else {
+		$session_token = "";
+	}
+
+	checkToken( $_REQUEST[ 'user_token' ], $session_token, 'login.php' );
 
 	$user = $_POST[ 'username' ];
 	$user = stripslashes( $user );
diff --git a/setup.php b/setup.php
index 5ad063411..7d1fc6c45 100644
--- a/setup.php
+++ b/setup.php
@@ -11,7 +11,13 @@
 
 if( isset( $_POST[ 'create_db' ] ) ) {
 	// Anti-CSRF
-	checkToken( $_REQUEST[ 'user_token' ], $_SESSION[ 'session_token' ], 'setup.php' );
+	if (array_key_exists ("session_token", $_SESSION)) {
+		$session_token = $_SESSION[ 'session_token' ];
+	} else {
+		$session_token = "";
+	}
+
+	checkToken( $_REQUEST[ 'user_token' ], $session_token, 'setup.php' );
 
 	if( $DBMS == 'MySQL' ) {
 		include_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/DBMS/MySQL.php';