From fde94aa7fa28b51009168dc0437c4f2ded8d8f33 Mon Sep 17 00:00:00 2001
From: gamonoid <contact@gamonoid.com>
Date: Thu, 14 Jun 2018 04:05:22 +0200
Subject: [PATCH] Add csrf token

---
 core/login.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/core/login.php b/core/login.php
index dc999eae..9cf3dfe5 100644
--- a/core/login.php
+++ b/core/login.php
@@ -159,6 +159,9 @@ if (empty($user) || empty($user->email)) {
 $tuser = \Utils\SessionUtils::getSessionObject('user');
 $logoFileUrl = \Classes\UIManager::getInstance()->getCompanyLogoUrl();
 
+$csrfToken = sha1(rand(4500, 100000) . time(). CLIENT_BASE_URL);
+\Utils\SessionUtils::saveSessionObject('csrf-login', $csrfToken);
+
 ?><!DOCTYPE html>
 <html lang="en">
 <head>