RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

clean up pages that use csrftokens

Browse Source
This commit is contained in:
xisi 2014-01-16 23:19:25 -05:00
parent 42d93f5beb
commit 6da5510035
4 changed files with 17 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
public/include/classes/csrftoken.class.php
View File

@ -8,7 +8,7 @@ class CSRFToken Extends Base {
* Gets a basic CSRF token for this user/type and time chunk * Gets a basic CSRF token for this user/type and time chunk
* @param string user User; for hash seed, if username isn't available use IP * @param string user User; for hash seed, if username isn't available use IP
* @param string type Type of token; for hash seed, should be unique per page/use * @param string type Type of token; for hash seed, should be unique per page/use
* @param string timing Which date() chars we add to the seed; month day year hour minute default * @param string timing Which date() chars we add to the seed; default month day year hour minute ie same minute only
* @param string seedExtra Extra information to add to the seed * @param string seedExtra Extra information to add to the seed
* @return string CSRF token * @return string CSRF token
*/ */

11
public/include/pages/home.inc.php
View File

@ -22,12 +22,11 @@ if (!$smarty->isCached('master.tpl', $smarty_cache_key)) {
} else { } else {
$debug->append('Using cached page', 3); $debug->append('Using cached page', 3);
} }
// csrf token - update if it's enabled
$token = '';
if ($config['csrf']['enabled'] && $config['csrf']['forms']['login']) {
$token = $csrftoken->getBasic($user->getCurrentIP(), 'login');
}
// Load news entries for Desktop site and unauthenticated users // Load news entries for Desktop site and unauthenticated users
$smarty->assign("CONTENT", "default.tpl"); $smarty->assign("CONTENT", "default.tpl");
$smarty->assign('CTOKEN', $token); // csrf token
if ($config['csrf']['enabled'] && $config['csrf']['forms']['login']) {
$token = $csrftoken->getBasic($user->getCurrentIP(), 'login');
$smarty->assign('CTOKEN', $token);
}
?> ?>

12
public/include/pages/login.inc.php
View File

@ -57,13 +57,11 @@ if ($setting->getValue('maintenance') && !$user->isAdmin($user->getUserId($_POST
$_SESSION['POPUP'][] = array('CONTENT' => "Login token expired, please try again $img", 'TYPE' => 'info'); $_SESSION['POPUP'][] = array('CONTENT' => "Login token expired, please try again $img", 'TYPE' => 'info');
} }
} }
// csrf token - update if it's enabled
$token = '';
if ($config['csrf']['enabled'] && $config['csrf']['forms']['login']) {
$token = $csrftoken->getBasic($user->getCurrentIP(), 'login');
}
// Load login template // Load login template
$smarty->assign('CONTENT', 'default.tpl'); $smarty->assign('CONTENT', 'default.tpl');
$smarty->assign('CTOKEN', $token); // csrf token
if ($config['csrf']['enabled'] && $config['csrf']['forms']['login']) {
$token = $csrftoken->getBasic($user->getCurrentIP(), 'login');
$smarty->assign('CTOKEN', $token);
}
?> ?>

6
public/include/pages/register.inc.php
View File

@ -14,6 +14,12 @@ if ($setting->getValue('lock_registration') && $setting->getValue('disable_invit
require_once(INCLUDE_DIR . '/lib/recaptchalib.php'); require_once(INCLUDE_DIR . '/lib/recaptchalib.php');
$smarty->assign("RECAPTCHA", recaptcha_get_html($setting->getValue('recaptcha_public_key'), null, true)); $smarty->assign("RECAPTCHA", recaptcha_get_html($setting->getValue('recaptcha_public_key'), null, true));
} }
// Load news entries for Desktop site and unauthenticated users
$smarty->assign("CONTENT", "default.tpl"); $smarty->assign("CONTENT", "default.tpl");
// csrf token
if ($config['csrf']['enabled'] && $config['csrf']['forms']['register']) {
$token = $csrftoken->getBasic($user->getCurrentIP(), 'register');
$smarty->assign('CTOKEN', $token);
}
} }
?> ?>