clean up pages that use csrftokens

2014-01-16 23:19:25 -05:00 · 2014-01-16 23:19:25 -05:00 · 6da5510035
commit 6da5510035
parent 42d93f5beb
4 changed files with 17 additions and 14 deletions
--- a/public/include/classes/csrftoken.class.php
+++ b/public/include/classes/csrftoken.class.php
@ -8,7 +8,7 @@ class CSRFToken Extends Base {
   * Gets a basic CSRF token for this user/type and time chunk
   * @param string user User; for hash seed, if username isn't available use IP
   * @param string type Type of token; for hash seed, should be unique per page/use
-   * @param string timing Which date() chars we add to the seed; month day year hour minute default
+   * @param string timing Which date() chars we add to the seed; default month day year hour minute ie same minute only
   * @param string seedExtra Extra information to add to the seed
   * @return string CSRF token
   */
--- a/public/include/pages/home.inc.php
+++ b/public/include/pages/home.inc.php
@ -22,12 +22,11 @@ if (!$smarty->isCached('master.tpl', $smarty_cache_key)) {
 } else {
  $debug->append('Using cached page', 3);
 }
-// csrf token - update if it's enabled
-$token = '';
-if ($config['csrf']['enabled'] && $config['csrf']['forms']['login']) {
-  $token = $csrftoken->getBasic($user->getCurrentIP(), 'login');
-}
 // Load news entries for Desktop site and unauthenticated users
 $smarty->assign("CONTENT", "default.tpl");
-$smarty->assign('CTOKEN', $token);
+// csrf token
+if ($config['csrf']['enabled'] && $config['csrf']['forms']['login']) {
+  $token = $csrftoken->getBasic($user->getCurrentIP(), 'login');
+  $smarty->assign('CTOKEN', $token);
+}
 ?>
--- a/public/include/pages/login.inc.php
+++ b/public/include/pages/login.inc.php
@ -57,13 +57,11 @@ if ($setting->getValue('maintenance') && !$user->isAdmin($user->getUserId($_POST
    $_SESSION['POPUP'][] = array('CONTENT' => "Login token expired, please try again $img", 'TYPE' => 'info');
  }
 }
-// csrf token - update if it's enabled
-$token = '';
-if ($config['csrf']['enabled'] && $config['csrf']['forms']['login']) {
-  $token = $csrftoken->getBasic($user->getCurrentIP(), 'login');
-}
-
 // Load login template
 $smarty->assign('CONTENT', 'default.tpl');
-$smarty->assign('CTOKEN', $token);
+// csrf token
+if ($config['csrf']['enabled'] && $config['csrf']['forms']['login']) {
+  $token = $csrftoken->getBasic($user->getCurrentIP(), 'login');
+  $smarty->assign('CTOKEN', $token);
+}
 ?>
--- a/public/include/pages/register.inc.php
+++ b/public/include/pages/register.inc.php
@ -14,6 +14,12 @@ if ($setting->getValue('lock_registration') && $setting->getValue('disable_invit
    require_once(INCLUDE_DIR . '/lib/recaptchalib.php');
    $smarty->assign("RECAPTCHA", recaptcha_get_html($setting->getValue('recaptcha_public_key'), null, true));
  }
+  // Load news entries for Desktop site and unauthenticated users
  $smarty->assign("CONTENT", "default.tpl");
+  // csrf token
+  if ($config['csrf']['enabled'] && $config['csrf']['forms']['register']) {
+    $token = $csrftoken->getBasic($user->getCurrentIP(), 'register');
+    $smarty->assign('CTOKEN', $token);
+  }
 }
 ?>