76a67cb71a
* Now an array to disable with granularity * Fixed all CSRF tokens back to 1 min * Added CSRF protection for unlock account * Unified error message for all csrf tokens * Fixed a few issues with last commit
12 lines
817 B
Smarty
12 lines
817 B
Smarty
<form action="{$smarty.server.SCRIPT_NAME}" method="post">
|
|
<input type="hidden" name="token" value="{$smarty.request.token|escape}">
|
|
<input type="hidden" name="page" value="{$smarty.request.page|escape}">
|
|
<input type="hidden" name="action" value="{$smarty.request.action|escape}">
|
|
{if $GLOBAL.csrf.enabled && !"editaccount"|in_array:$GLOBAL.csrf.disabled_forms}<input type="hidden" name="ctoken" value="{$CTOKEN|escape}" />{/if}
|
|
<input type="hidden" name="do" value="useToken">
|
|
<table>
|
|
<tr><td>New Password: </td><td><input type="password" name="newPassword"></td></tr>
|
|
<tr><td>New Password Repeat: </td><td><input type="password" name="newPassword2"></td></tr>
|
|
</tbody></table>
|
|
<input type="submit" class="submit long" value="Change Password"></form>
|