diff options
| author | vipsoft <vipsoft@59fd770c-687e-43c8-a1e3-f5a4ff64c105> | 2010-03-15 03:49:12 +0300 |
|---|---|---|
| committer | vipsoft <vipsoft@59fd770c-687e-43c8-a1e3-f5a4ff64c105> | 2010-03-15 03:49:12 +0300 |
| commit | 631775b5b4e35d648781b1911e22373364c7b94d (patch) | |
| tree | 3a011005bea7b942f9ed09dcdac5f592cd25dfb5 /plugins/Login | |
| parent | 7eeb2489977eaca99b0ec8084caf0507213af7d5 (diff) | |
refs #1202 - example of using nonce
Diffstat (limited to 'plugins/Login')
| -rw-r--r-- | plugins/Login/Controller.php | 13 | ||||
| -rw-r--r-- | plugins/Login/Form.php | 1 | ||||
| -rw-r--r-- | plugins/Login/templates/login.tpl | 3 |
3 files changed, 12 insertions, 5 deletions
diff --git a/plugins/Login/Controller.php b/plugins/Login/Controller.php index 8e4a4b295d..23e6cceceb 100644 --- a/plugins/Login/Controller.php +++ b/plugins/Login/Controller.php @@ -65,16 +65,21 @@ class Piwik_Login_Controller extends Piwik_Controller $form = new Piwik_Login_Form(); if($form->validate()) { - $login = $form->getSubmitValue('form_login'); - $password = $form->getSubmitValue('form_password'); - $md5Password = md5($password); - $messageNoAccess = $this->authenticateAndRedirect($login, $md5Password, $urlToRedirect); + $nonce = $form->getSubmitValue('form_nonce'); + if(Piwik::verifyNonce('Piwik_Login.login', $nonce)) + { + $login = $form->getSubmitValue('form_login'); + $password = $form->getSubmitValue('form_password'); + $md5Password = md5($password); + $messageNoAccess = $this->authenticateAndRedirect($login, $md5Password, $urlToRedirect); + } } $view = Piwik_View::factory('login'); // make navigation login form -> reset password -> login form remember your first url $view->urlToRedirect = $urlToRedirect; $view->AccessErrorString = $messageNoAccess; + $view->nonce = Piwik::getNonce('Piwik_Login.login'); $view->linkTitle = Piwik::getRandomTitle(); $view->addForm( $form ); $view->subTemplate = 'genericForm.tpl'; diff --git a/plugins/Login/Form.php b/plugins/Login/Form.php index 89acfe1625..156dd907ca 100644 --- a/plugins/Login/Form.php +++ b/plugins/Login/Form.php @@ -28,6 +28,7 @@ class Piwik_Login_Form extends Piwik_Form $formElements = array( array('text', 'form_login'), array('password', 'form_password'), + array('hidden', 'form_nonce'), ); $this->addElements( $formElements ); diff --git a/plugins/Login/templates/login.tpl b/plugins/Login/templates/login.tpl index d8cf60f543..c95a715f20 100644 --- a/plugins/Login/templates/login.tpl +++ b/plugins/Login/templates/login.tpl @@ -17,7 +17,8 @@ <form {$form_data.attributes}> <p> <label>{'Login_Login'|translate}:<br /> - <input type="text" name="form_login" id="form_login" class="input" value="" size="20" tabindex="10" /></label> + <input type="text" name="form_login" id="form_login" class="input" value="" size="20" tabindex="10" /> + <input type="hidden" name="form_nonce" id="form_nonce" value="{$nonce}" /></label> </p> <p> |