Phase 2: Add CSRF token protection to all forms and processors - Created CsrfMiddleware class with 8 helper methods - Added CSRF tokens to 9 POST forms across trip/course/camping/membership - Added CSRF validation to all 10 POST processors - CsrfMiddleware.requireToken() validates and dies on invalid tokens - 100% POST endpoint coverage with CSRF protection
This commit is contained in:
twotalesanimation
@@ -40,6 +40,7 @@ $login_url = $client->createAuthUrl();
|
||||
<div class="">
|
||||
<div class="comment-form bgc-lighter z-1 rel mb-30 rmb-55">
|
||||
<form id="loginForm" class="loginForm" name="loginForm" action="assets/php/form-process.php" method="post" data-aos="fade-left" data-aos-duration="1500" data-aos-offset="50">
|
||||
<input type="hidden" name="csrf_token" value="<?php echo \Middleware\CsrfMiddleware::getToken(); ?>">
|
||||
<div class="section-title">
|
||||
<h2>Log in</h2>
|
||||
<div style="text-align: center;" id="responseMessage"></div> <!-- Message display area -->
|
||||
|
||||
Reference in New Issue
Block a user