added form token to session to validate form submission from frontend
This commit is contained in:
parent
f2450b2be5
commit
fdc6cb2cf2
5 changed files with 16 additions and 1 deletions
|
@ -101,6 +101,7 @@ class DashControl
|
||||||
"title" => "Fipamo | Edit Page",
|
"title" => "Fipamo | Edit Page",
|
||||||
"page" => (new Book("../content/pages"))->findPageById($uuid),
|
"page" => (new Book("../content/pages"))->findPageById($uuid),
|
||||||
"mode" => $mode,
|
"mode" => $mode,
|
||||||
|
"token" => Session::get("form_token"),
|
||||||
"status" => Session::active(),
|
"status" => Session::active(),
|
||||||
];
|
];
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -53,9 +53,12 @@ class Auth
|
||||||
time() + 3600,
|
time() + 3600,
|
||||||
"localhost"
|
"localhost"
|
||||||
); //expires in an hour
|
); //expires in an hour
|
||||||
|
|
||||||
|
$form_token = md5(uniqid(microtime(), true));
|
||||||
Session::start();
|
Session::start();
|
||||||
Session::set("member", $member);
|
Session::set("member", $member);
|
||||||
Session::set("token", $token);
|
Session::set("token", $token);
|
||||||
|
Session::set("form_token", $form_token);
|
||||||
|
|
||||||
$result = "good_login";
|
$result = "good_login";
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -8,6 +8,7 @@ class Session
|
||||||
private static $data = [
|
private static $data = [
|
||||||
"member" => "",
|
"member" => "",
|
||||||
"token" => "",
|
"token" => "",
|
||||||
|
"form_token" => "",
|
||||||
];
|
];
|
||||||
public static function start()
|
public static function start()
|
||||||
{
|
{
|
||||||
|
|
|
@ -78,6 +78,7 @@
|
||||||
{% endapply %}
|
{% endapply %}
|
||||||
<input id="featured-image-upload" type="file" name="featured-image-upload"/>
|
<input id="featured-image-upload" type="file" name="featured-image-upload"/>
|
||||||
<input id="post-image-upload" type="file" name="post-image-upload"/>
|
<input id="post-image-upload" type="file" name="post-image-upload"/>
|
||||||
|
<input name="token" type="hidden" value="{{ token }}">
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
11
public/assets/scripts/dash.min.js
vendored
11
public/assets/scripts/dash.min.js
vendored
File diff suppressed because one or more lines are too long
Loading…
Reference in a new issue