3006cb544f
The way this now works is, if csrf is enabled: * Any new or existing template can have csrf protection by adding the hidden input ctoken that's in this batch to its form, removes any logic in templates * Page controllers that already exist have been updated, new ones only require checking if csrf is enabled and valid
21 lines
1.0 KiB
PHP
21 lines
1.0 KiB
PHP
<?php
|
|
|
|
// Make sure we are called from index.php
|
|
if (!defined('SECURITY')) die('Hacking attempt');
|
|
|
|
if ($setting->getValue('lock_registration') && $setting->getValue('disable_invitations')) {
|
|
$_SESSION['POPUP'][] = array('CONTENT' => 'Account registration is currently disabled. Please try again later.', 'TYPE' => 'errormsg');
|
|
$smarty->assign("CONTENT", "disabled.tpl");
|
|
} else if ($setting->getValue('lock_registration') && !$setting->getValue('disable_invitations') && !isset($_GET['token'])) {
|
|
$_SESSION['POPUP'][] = array('CONTENT' => 'Only invited users are allowed to register.', 'TYPE' => 'errormsg');
|
|
$smarty->assign("CONTENT", "disabled.tpl");
|
|
} else {
|
|
if ($setting->getValue('recaptcha_enabled') && $setting->getValue('recaptcha_enabled_registrations')) {
|
|
require_once(INCLUDE_DIR . '/lib/recaptchalib.php');
|
|
$smarty->assign("RECAPTCHA", recaptcha_get_html($setting->getValue('recaptcha_public_key'), null, true));
|
|
}
|
|
// Load news entries for Desktop site and unauthenticated users
|
|
$smarty->assign("CONTENT", "default.tpl");
|
|
}
|
|
?>
|