Add csrf token

2018-06-14 04:05:22 +02:00
parent 025a8283ab
commit fde94aa7fa
1 changed files with 3 additions and 0 deletions
--- a/core/login.php
+++ b/core/login.php
@@ -159,6 +159,9 @@ if (empty($user) || empty($user->email)) {
 $tuser = \Utils\SessionUtils::getSessionObject('user');
 $logoFileUrl = \Classes\UIManager::getInstance()->getCompanyLogoUrl();

+$csrfToken = sha1(rand(4500, 100000) . time(). CLIENT_BASE_URL);
+\Utils\SessionUtils::saveSessionObject('csrf-login', $csrfToken);
+
 ?><!DOCTYPE html>
 <html lang="en">
 <head>