From 70e8b81c75486475983a5efe3c129c98bf88cefd Mon Sep 17 00:00:00 2001
From: Andreas Baumann <mail@andreasbaumann.cc>
Date: Sun, 19 Apr 2015 14:59:04 +0200
Subject: made CSRF token work

---
 src/user.cpp | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/user.cpp b/src/user.cpp
index c77381d..07312f9 100644
--- a/src/user.cpp
+++ b/src/user.cpp
@@ -23,14 +23,18 @@ void user::login( )
 {
 	content::user c( cms );
 	ini( c );
-	if( request( ).request_method( ) == "POST" ) {
+	if( request( ).request_method( ) == "POST" && session( ).is_set( "prelogin" ) ) {
 		c.login.load( context( ) ); 
 		if( c.login.validate( ) ) {
-			response( ).set_redirect_header( cms.root( ) );
+			session( ).reset_session( );
+			session( ).erase( "prelogin" );
 			session( )["username"] = c.login.username.value( );
 			session( ).expose( "username" );
+			response( ).set_redirect_header( cms.root( ) );
 		}
 	}
+	
+	session( ).set( "prelogin", "" );  
 	render( "login", c );
 }
 
-- 
cgit v1.2.3-54-g00ecf