added form token to session to validate form submission from frontend

This commit is contained in:
Ro 2021-09-12 14:40:27 -07:00
parent f2450b2be5
commit fdc6cb2cf2
5 changed files with 16 additions and 1 deletions

View file

@ -101,6 +101,7 @@ class DashControl
"title" => "Fipamo | Edit Page",
"page" => (new Book("../content/pages"))->findPageById($uuid),
"mode" => $mode,
"token" => Session::get("form_token"),
"status" => Session::active(),
];
} else {

View file

@ -53,9 +53,12 @@ class Auth
time() + 3600,
"localhost"
); //expires in an hour
$form_token = md5(uniqid(microtime(), true));
Session::start();
Session::set("member", $member);
Session::set("token", $token);
Session::set("form_token", $form_token);
$result = "good_login";
} else {

View file

@ -8,6 +8,7 @@ class Session
private static $data = [
"member" => "",
"token" => "",
"form_token" => "",
];
public static function start()
{

View file

@ -78,6 +78,7 @@
{% endapply %}
<input id="featured-image-upload" type="file" name="featured-image-upload"/>
<input id="post-image-upload" type="file" name="post-image-upload"/>
<input name="token" type="hidden" value="{{ token }}">
</div>
</div>
</div>

File diff suppressed because one or more lines are too long