3006cb544f
The way this now works is, if csrf is enabled: * Any new or existing template can have csrf protection by adding the hidden input ctoken that's in this batch to its form, removes any logic in templates * Page controllers that already exist have been updated, new ones only require checking if csrf is enabled and valid
10 lines
840 B
Smarty
10 lines
840 B
Smarty
<form action="{$smarty.server.SCRIPT_NAME}?page=login" method="post" id="loginForm" data-ajax="false">
|
|
<input type="hidden" name="to" value="{($smarty.request.to|default:"{$smarty.server.SCRIPT_NAME}?page=dashboard")|escape}" />
|
|
<input type="hidden" name="ctoken" value="{$CTOKEN|escape|default:""}" />
|
|
<p><label for="userForm">Email</label><input type="text" name="username" value="" id="userForm"></p>
|
|
<p><label for="passForm">Password</label><input type="password" name="password" value="" id="passForm"></p>
|
|
<center>{nocache}{$RECAPTCHA|default:"" nofilter}{/nocache}</center>
|
|
<center><p><input type="submit" value="Login"></p></center>
|
|
</form>
|
|
<center><p><a href="{$smarty.server.SCRIPT_NAME}?page=password"><font size="1">Forgot your password?</font></a></p></center>
|