8756036646
added csrf protection to workers under sitewide config added csrf protection to notifications under sitewide config added csrf protection to invitations under sitewide config cleaned up login page csrf cleaned up contactform/contactform page cleaned up register/register page moved config->csrf->forms->register to sitewide added login ip/user/time to notification on login
26 lines
1.2 KiB
PHP
26 lines
1.2 KiB
PHP
<?php
|
|
|
|
// Make sure we are called from index.php
|
|
if (!defined('SECURITY')) die('Hacking attempt');
|
|
|
|
if ($setting->getValue('lock_registration') && $setting->getValue('disable_invitations')) {
|
|
$_SESSION['POPUP'][] = array('CONTENT' => 'Account registration is currently disabled. Please try again later.', 'TYPE' => 'errormsg');
|
|
$smarty->assign("CONTENT", "disabled.tpl");
|
|
} else if ($setting->getValue('lock_registration') && !$setting->getValue('disable_invitations') && !isset($_GET['token'])) {
|
|
$_SESSION['POPUP'][] = array('CONTENT' => 'Only invited users are allowed to register.', 'TYPE' => 'errormsg');
|
|
$smarty->assign("CONTENT", "disabled.tpl");
|
|
} else {
|
|
if ($setting->getValue('recaptcha_enabled') && $setting->getValue('recaptcha_enabled_registrations')) {
|
|
require_once(INCLUDE_DIR . '/lib/recaptchalib.php');
|
|
$smarty->assign("RECAPTCHA", recaptcha_get_html($setting->getValue('recaptcha_public_key'), null, true));
|
|
}
|
|
// Load news entries for Desktop site and unauthenticated users
|
|
$smarty->assign("CONTENT", "default.tpl");
|
|
// csrf token
|
|
if ($config['csrf']['enabled'] && $config['csrf']['options']['sitewide']) {
|
|
$token = $csrftoken->getBasic($user->getCurrentIP(), 'register', 'mdyH');
|
|
$smarty->assign('CTOKEN', $token);
|
|
}
|
|
}
|
|
?>
|