forked from projects/fipamo
added form token to session to validate form submission from frontend
This commit is contained in:
parent
f2450b2be5
commit
fdc6cb2cf2
5 changed files with 16 additions and 1 deletions
|
@ -101,6 +101,7 @@ class DashControl
|
|||
"title" => "Fipamo | Edit Page",
|
||||
"page" => (new Book("../content/pages"))->findPageById($uuid),
|
||||
"mode" => $mode,
|
||||
"token" => Session::get("form_token"),
|
||||
"status" => Session::active(),
|
||||
];
|
||||
} else {
|
||||
|
|
|
@ -53,9 +53,12 @@ class Auth
|
|||
time() + 3600,
|
||||
"localhost"
|
||||
); //expires in an hour
|
||||
|
||||
$form_token = md5(uniqid(microtime(), true));
|
||||
Session::start();
|
||||
Session::set("member", $member);
|
||||
Session::set("token", $token);
|
||||
Session::set("form_token", $form_token);
|
||||
|
||||
$result = "good_login";
|
||||
} else {
|
||||
|
|
|
@ -8,6 +8,7 @@ class Session
|
|||
private static $data = [
|
||||
"member" => "",
|
||||
"token" => "",
|
||||
"form_token" => "",
|
||||
];
|
||||
public static function start()
|
||||
{
|
||||
|
|
|
@ -78,6 +78,7 @@
|
|||
{% endapply %}
|
||||
<input id="featured-image-upload" type="file" name="featured-image-upload"/>
|
||||
<input id="post-image-upload" type="file" name="post-image-upload"/>
|
||||
<input name="token" type="hidden" value="{{ token }}">
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
|
11
public/assets/scripts/dash.min.js
vendored
11
public/assets/scripts/dash.min.js
vendored
File diff suppressed because one or more lines are too long
Loading…
Reference in a new issue