🔒 use token-based csrf protection for admin login
This commit is contained in:
parent
82a49597d0
commit
c45a6e4bf5
1
meta.php
1
meta.php
|
@ -17,6 +17,7 @@
|
|||
static::$ext[] = "url";
|
||||
static::$ext[] = "id64";
|
||||
static::$ext[] = "cookieaccept";
|
||||
static::$ext[] = "csrf";
|
||||
|
||||
|
||||
// ROUTES //
|
||||
|
|
|
@ -10,6 +10,7 @@
|
|||
use Flake\File;
|
||||
use Flake\Project;
|
||||
use Flake\Cookieaccept;
|
||||
use Flake\Csrf;
|
||||
|
||||
// CHECK AUTHENTICATION //
|
||||
// redirect to start page when logged in
|
||||
|
@ -100,6 +101,8 @@
|
|||
</div>
|
||||
</div>
|
||||
|
||||
<input type="hidden" name="csrf_token" value="<?= Csrf::token() ?>" />
|
||||
|
||||
<button id="login-form-submit" class="button primary">
|
||||
<span class="text">Login</span>
|
||||
<span class="icon ti ti-chevron-right"></span>
|
||||
|
|
|
@ -2,8 +2,13 @@
|
|||
declare(strict_types = 1);
|
||||
namespace Kimendisch\Sbgg_Jetzt;
|
||||
use Flake\Url_Redirect;
|
||||
use Flake\Csrf;
|
||||
|
||||
if(isset($_POST["token"])){
|
||||
// VERIFY CSRF TOKEN //
|
||||
Csrf::check();
|
||||
|
||||
|
||||
// CHECK TOKEN //
|
||||
// collect token from form submit
|
||||
$token = $_POST["token"];
|
||||
|
|
Loading…
Reference in New Issue