Commit Graph

4 Commits

Author SHA1 Message Date
xisi
3006cb544f Reworked csrf tokens, now enabled globally
The way this now works is, if csrf is enabled:
 * Any new or existing template can have csrf protection by adding the hidden input ctoken that's in this batch to its form, removes any logic in templates
 * Page controllers that already exist have been updated, new ones only require checking if csrf is enabled and valid
2014-01-24 13:00:24 -05:00
xisi
a3314fa81e Cleaned up login page logic a bit more
Fixed up CSRF tokens so rollover minutes/hours are now checked and valid
2014-01-23 11:01:30 -05:00
xisi
76a67cb71a Changed the config options for CSRF/disabling forms
* Now an array to disable with granularity
 * Fixed all CSRF tokens back to 1 min
 * Added CSRF protection for unlock account
 * Unified error message for all csrf tokens
 * Fixed a few issues with last commit
2014-01-20 04:41:13 -05:00
Sebastian Grewe
878fa1c1c8 [IMPROVED] Unlock notification mails on auto-locks
* Added new token type: account_unlock
* Added update SQL File
* Updated base structure with new token type
* Added empty template
* Updated user class to send mail on failed passwords
* Added unlock account page to use tokens

Addresses #670
2014-01-02 11:51:22 +01:00