summaryrefslogtreecommitdiff
path: root/lib/VNDB/Handler/Users.pm
diff options
context:
space:
mode:
authorYorhel <git@yorhel.nl>2014-08-29 09:43:00 +0200
committerYorhel <git@yorhel.nl>2014-08-29 09:45:15 +0200
commitc27d4e6b509a655d81e36469bb881afc287596e8 (patch)
treec7a42b5226edaab2e3356592130a6db7caa13a9e /lib/VNDB/Handler/Users.pm
parent9475bf8ccf1b422402ab70b6cb2276dc3c61e5c6 (diff)
Strengthen formcode for non-logged-in visitors + CSRF protect login form
formcode is strengthened by including the IP (-prefix) into the hash, ensuring that the code can't be obtained by someone on a different network. I also removed the login form of every page. Felt kinda pointless.
Diffstat (limited to 'lib/VNDB/Handler/Users.pm')
-rw-r--r--lib/VNDB/Handler/Users.pm1
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/VNDB/Handler/Users.pm b/lib/VNDB/Handler/Users.pm
index 5738d964..eb7e03ab 100644
--- a/lib/VNDB/Handler/Users.pm
+++ b/lib/VNDB/Handler/Users.pm
@@ -142,6 +142,7 @@ sub login {
my $frm;
if($self->reqMethod eq 'POST') {
+ return if !$self->authCheckCode;
$frm = $self->formValidate(
{ post => 'usrname', required => 1, minlength => 2, maxlength => 15 },
{ post => 'usrpass', required => 1, minlength => 4, maxlength => 64, template => 'asciiprint' },