diff options
| author | Andreas Baumann <mail@andreasbaumann.cc> | 2015-04-19 14:59:04 +0200 |
|---|---|---|
| committer | Andreas Baumann <mail@andreasbaumann.cc> | 2015-04-19 14:59:04 +0200 |
| commit | 70e8b81c75486475983a5efe3c129c98bf88cefd (patch) | |
| tree | e0daa7d0eb14b56ad3ed20ddac71c9cb6b7e898a | |
| parent | db8511e5081747ebddc4f16303a9c7fe44bb313e (diff) | |
| download | aCms-70e8b81c75486475983a5efe3c129c98bf88cefd.tar.gz aCms-70e8b81c75486475983a5efe3c129c98bf88cefd.tar.bz2 | |
made CSRF token work
| -rw-r--r-- | src/user.cpp | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/user.cpp b/src/user.cpp index c77381d..07312f9 100644 --- a/src/user.cpp +++ b/src/user.cpp @@ -23,14 +23,18 @@ void user::login( ) { content::user c( cms ); ini( c ); - if( request( ).request_method( ) == "POST" ) { + if( request( ).request_method( ) == "POST" && session( ).is_set( "prelogin" ) ) { c.login.load( context( ) ); if( c.login.validate( ) ) { - response( ).set_redirect_header( cms.root( ) ); + session( ).reset_session( ); + session( ).erase( "prelogin" ); session( )["username"] = c.login.username.value( ); session( ).expose( "username" ); + response( ).set_redirect_header( cms.root( ) ); } } + + session( ).set( "prelogin", "" ); render( "login", c ); } |