Merge pull request #1106 from serghey-rodin/madeITBelgium-csrf

Fix CSRF in login
2025-08-19 21:04:07 -07:00 · 2017-02-28 12:47:14 +03:00 · 2017-02-28 12:47:14 +03:00 · f5ef047df7
commit f5ef047df7
parent f4aa36afbe 516cd2b101
2 changed files with 59 additions and 51 deletions
--- a/web/login/index.php
+++ b/web/login/index.php
@ -34,6 +34,7 @@ if (isset($_SESSION['user'])) {

 // Basic auth
 if (isset($_POST['user']) && isset($_POST['password'])) {
+    if(isset($_SESSION['token']) && isset($_POST['token']) && $_POST['token'] == $_SESSION['token']) {
        $v_user = escapeshellarg($_POST['user']);

        // Send password via tmp file
@ -93,6 +94,9 @@ if (isset($_POST['user']) && isset($_POST['password'])) {
                exit;
            }
        }
+    } else {
+        $ERROR = "<a class=\"error\">".__('Invalid or missing token')."</a>";
+    }
 }

 // Check system configuration
@ -121,6 +125,9 @@ if (empty($_SESSION['language'])) {
    }
 }

+// Generate CSRF token
+$_SESSION['token'] = md5(uniqid(mt_rand(), true));
+
 require_once($_SERVER['DOCUMENT_ROOT'].'/inc/i18n/'.$_SESSION['language'].'.php');
 require_once('../templates/header.html');
 require_once('../templates/login.html');
--- a/web/templates/login.html
+++ b/web/templates/login.html
@ -9,6 +9,7 @@
                                </td>
                                <td style="padding: 20px 0 0 0;">
                                    <form method="post" action="/login/" >
+                                    <input type="hidden" name="token" value="<?php echo $_SESSION['token']; ?>">
                                    <table class="login-box">
                                        <tr>
                                            <td syle="padding: 12px 0 0 2px;">