RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed worker delete csrf thing I stubbed earlier

Browse Source 
took to field out of the rest of the login forms
This commit is contained in:
xisi 2014-01-29 09:41:50 -05:00
parent c36413d70c
commit ae47437ab7
3 changed files with 3 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
public/include/pages/account/workers.inc.php
View File

@ -4,14 +4,10 @@ $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
if ($user->isAuthenticated()) { if ($user->isAuthenticated()) {
switch (@$_REQUEST['do']) { switch (@$_REQUEST['do']) {
case 'delete': case 'delete':
if (!$config['csrf']['enabled'] || ($config['csrf']['enabled'])) { if ($worker->deleteWorker($_SESSION['USERDATA']['id'], $_GET['id'])) {
if ($worker->deleteWorker($_SESSION['USERDATA']['id'], $_GET['id'])) { $_SESSION['POPUP'][] = array('CONTENT' => 'Worker removed', 'TYPE' => 'success');
$_SESSION['POPUP'][] = array('CONTENT' => 'Worker removed', 'TYPE' => 'success');
} else {
$_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'errormsg');
}
} else { } else {
$_SESSION['POPUP'][] = array('CONTENT' => $csrftoken->getErrorWithDescriptionHTML(), 'TYPE' => 'info'); $_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'errormsg');
} }
break; break;

1
public/templates/mobile/login/default.tpl
View File

@ -1,5 +1,4 @@
<form action="{$smarty.server.SCRIPT_NAME}?page=login" method="post" id="loginForm" data-ajax="false"> <form action="{$smarty.server.SCRIPT_NAME}?page=login" method="post" id="loginForm" data-ajax="false">
<input type="hidden" name="to" value="{($smarty.request.to|default:"{$smarty.server.SCRIPT_NAME}?page=dashboard")|escape}" />
<input type="hidden" name="ctoken" value="{$CTOKEN|escape|default:""}" /> <input type="hidden" name="ctoken" value="{$CTOKEN|escape|default:""}" />
<p><label for="userForm">Email</label><input type="text" name="username" value="" id="userForm"></p> <p><label for="userForm">Email</label><input type="text" name="username" value="" id="userForm"></p>
<p><label for="passForm">Password</label><input type="password" name="password" value="" id="passForm"></p> <p><label for="passForm">Password</label><input type="password" name="password" value="" id="passForm"></p>

1
public/templates/mpos/login/small.tpl
View File

@ -3,7 +3,6 @@
<form action="{$smarty.server.SCRIPT_NAME}" method="post" id="loginForm"> <form action="{$smarty.server.SCRIPT_NAME}" method="post" id="loginForm">
<input type="hidden" name="page" value="login" /> <input type="hidden" name="page" value="login" />
<input type="hidden" name="ctoken" value="{$CTOKEN|escape|default:""}" /> <input type="hidden" name="ctoken" value="{$CTOKEN|escape|default:""}" />
<input type="hidden" name="to" value="{$smarty.server.SCRIPT_NAME}?page=dashboard" />
<fieldset2 class="small"> <fieldset2 class="small">
<label>Username</label> <label>Username</label>
<input type="text" name="username" size="22" maxlength="100" required /> <input type="text" name="username" size="22" maxlength="100" required />