Mibew/mibew
1
0
Fork 0
mirror of https://github.com/Mibew/mibew.git synced 2025-02-14 11:25:46 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add CSRF protection to login form

Browse Source
This commit is contained in:
Dmitriy Simushev 2015-03-17 14:22:32 +00:00
parent a8629df5ec
commit e122d020eb
3 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/mibew/libs/classes/Mibew/Controller/LoginController.php
View File

@ -34,6 +34,8 @@ class LoginController extends AbstractController
*/ */
public function showFormAction(Request $request) public function showFormAction(Request $request)
{ {
set_csrf_token();
// Check if the operator already logged in // Check if the operator already logged in
if ($this->getOperator()) { if ($this->getOperator()) {
// Redirect the operator to home page. // Redirect the operator to home page.
@ -82,6 +84,8 @@ class LoginController extends AbstractController
*/ */
public function submitFormAction(Request $request) public function submitFormAction(Request $request)
{ {
csrf_check_token($request);
$login = $request->request->get('login'); $login = $request->request->get('login');
$password = $request->request->get('password'); $password = $request->request->get('password');
$remember = $request->request->get('isRemember') == 'on'; $remember = $request->request->get('isRemember') == 'on';

2
src/mibew/styles/pages/default/templates_src/server_side/_layout.handlebars
View File

@ -44,6 +44,8 @@
{{#if show_small_login}} {{#if show_small_login}}
<div id="login-small-pane"> <div id="login-small-pane">
<form name="smallLogin" method="post" action="{{route "login"}}"> <form name="smallLogin" method="post" action="{{route "login"}}">
{{csrfTokenInput}}
{{l10n "Login:"}} {{l10n "Login:"}}
<input type="text" name="login" size="8" class="field-input"/> <input type="text" name="login" size="8" class="field-input"/>
<input type="password" name="password" size="8" class="field-input" autocomplete="off"/> <input type="password" name="password" size="8" class="field-input" autocomplete="off"/>

2
src/mibew/styles/pages/default/templates_src/server_side/login.handlebars
View File

@ -9,6 +9,8 @@
</div> </div>
<form name="loginForm" method="post" action="{{route "login_submit"}}"> <form name="loginForm" method="post" action="{{route "login_submit"}}">
{{csrfTokenInput}}
<div id="login-pane"> <div id="login-pane">
<div class="header"> <div class="header">