fixed worker delete csrf thing I stubbed earlier

took to field out of the rest of the login forms
2014-01-29 09:41:50 -05:00 · 2014-01-29 09:41:50 -05:00 · ae47437ab7
commit ae47437ab7
parent c36413d70c
3 changed files with 3 additions and 9 deletions
--- a/public/include/pages/account/workers.inc.php
+++ b/public/include/pages/account/workers.inc.php
@ -4,14 +4,10 @@ $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 if ($user->isAuthenticated()) {
  switch (@$_REQUEST['do']) {
  case 'delete':
-    if (!$config['csrf']['enabled'] || ($config['csrf']['enabled'])) {
-      if ($worker->deleteWorker($_SESSION['USERDATA']['id'], $_GET['id'])) {
-        $_SESSION['POPUP'][] = array('CONTENT' => 'Worker removed', 'TYPE' => 'success');
-      } else {
-        $_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'errormsg');
-      }
+    if ($worker->deleteWorker($_SESSION['USERDATA']['id'], $_GET['id'])) {
+      $_SESSION['POPUP'][] = array('CONTENT' => 'Worker removed', 'TYPE' => 'success');
    } else {
-      $_SESSION['POPUP'][] = array('CONTENT' => $csrftoken->getErrorWithDescriptionHTML(), 'TYPE' => 'info');
+      $_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'errormsg');
    }
    break;
    
--- a/public/templates/mobile/login/default.tpl
+++ b/public/templates/mobile/login/default.tpl
@ -1,5 +1,4 @@
      <form action="{$smarty.server.SCRIPT_NAME}?page=login" method="post" id="loginForm" data-ajax="false">
-        <input type="hidden" name="to" value="{($smarty.request.to|default:"{$smarty.server.SCRIPT_NAME}?page=dashboard")|escape}" />
        <input type="hidden" name="ctoken" value="{$CTOKEN|escape|default:""}" />
        <p><label for="userForm">Email</label><input type="text" name="username" value="" id="userForm"></p>
        <p><label for="passForm">Password</label><input type="password" name="password" value="" id="passForm"></p>
--- a/public/templates/mpos/login/small.tpl
+++ b/public/templates/mpos/login/small.tpl
@ -3,7 +3,6 @@
  <form action="{$smarty.server.SCRIPT_NAME}" method="post" id="loginForm">
    <input type="hidden" name="page" value="login" />
    <input type="hidden" name="ctoken" value="{$CTOKEN|escape|default:""}" />
-    <input type="hidden" name="to" value="{$smarty.server.SCRIPT_NAME}?page=dashboard" />
    <fieldset2 class="small">
      <label>Username</label>
      <input type="text" name="username" size="22" maxlength="100" required />