diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2019-04-29 08:35:30 +0200 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2019-04-29 08:35:30 +0200 |
| commit | 055d7658db7817b80d00b27d6e99cad961d0ee15 (patch) | |
| tree | aa34996f9d7248e7c58d64361329685a64b21d91 /phpBB/includes/functions.php | |
| parent | bd2ddc1d2ec3e94a13e397198a8406d81481e9f2 (diff) | |
| parent | 2575b499a38ccf2480d5da9d5c566f47a9e2d824 (diff) | |
| download | forums-055d7658db7817b80d00b27d6e99cad961d0ee15.tar forums-055d7658db7817b80d00b27d6e99cad961d0ee15.tar.gz forums-055d7658db7817b80d00b27d6e99cad961d0ee15.tar.bz2 forums-055d7658db7817b80d00b27d6e99cad961d0ee15.tar.xz forums-055d7658db7817b80d00b27d6e99cad961d0ee15.zip | |
Merge branch 'prep-release-3.2.6' into 3.2.x
Diffstat (limited to 'phpBB/includes/functions.php')
| -rw-r--r-- | phpBB/includes/functions.php | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 24f251601f..1d1c9f6f4f 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2288,6 +2288,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa global $request, $phpbb_container, $phpbb_dispatcher, $phpbb_log; $err = ''; + $form_name = 'login'; // Make sure user->setup() has been called if (!$user->is_setup()) @@ -2363,8 +2364,19 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa trigger_error('NO_AUTH_ADMIN_USER_DIFFER'); } - // If authentication is successful we redirect user to previous page - $result = $auth->login($username, $password, $autologin, $viewonline, $admin); + // Check form key + if ($password && !check_form_key($form_name)) + { + $result = array( + 'status' => false, + 'error_msg' => 'FORM_INVALID', + ); + } + else + { + // If authentication is successful we redirect user to previous page + $result = $auth->login($username, $password, $autologin, $viewonline, $admin); + } // If admin authentication and login, we will log if it was a success or not... // We also break the operation on the first non-success login - it could be argued that the user already knows @@ -2515,6 +2527,9 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa )); } + // Add form token for login box + add_form_key($form_name, '_LOGIN'); + $s_hidden_fields = build_hidden_fields($s_hidden_fields); $login_box_template_data = array( |