diff options
author | Yorhel <git@yorhel.nl> | 2014-08-29 09:43:00 +0200 |
---|---|---|
committer | Yorhel <git@yorhel.nl> | 2014-08-29 09:45:15 +0200 |
commit | c27d4e6b509a655d81e36469bb881afc287596e8 (patch) | |
tree | c7a42b5226edaab2e3356592130a6db7caa13a9e /lib/VNDB/Util/LayoutHTML.pm | |
parent | 9475bf8ccf1b422402ab70b6cb2276dc3c61e5c6 (diff) |
Strengthen formcode for non-logged-in visitors + CSRF protect login form
formcode is strengthened by including the IP (-prefix) into the hash,
ensuring that the code can't be obtained by someone on a different
network.
I also removed the login form of every page. Felt kinda pointless.
Diffstat (limited to 'lib/VNDB/Util/LayoutHTML.pm')
-rw-r--r-- | lib/VNDB/Util/LayoutHTML.pm | 18 |
1 files changed, 4 insertions, 14 deletions
diff --git a/lib/VNDB/Util/LayoutHTML.pm b/lib/VNDB/Util/LayoutHTML.pm index 7507d682..6471e8b1 100644 --- a/lib/VNDB/Util/LayoutHTML.pm +++ b/lib/VNDB/Util/LayoutHTML.pm @@ -110,21 +110,11 @@ sub _menu { a href => "$uid/logout", mt '_menu_logout'; end; } else { - h2; - a href => '/u/login', mt '_menu_login'; - end; + h2 mt '_menu_user'; div; - form action => '/nospam?/u/login', id => 'loginform', method => 'post'; - fieldset; - legend 'Login'; - input type => 'text', class => 'text', id => 'username', name => 'usrname'; - input type => 'password', class => 'text', id => 'userpass', name => 'usrpass'; - input type => 'submit', class => 'submit', value => mt '_menu_login'; - end; - end; - p; - lit mt '_menu_loginmsg', '/u/register', '/u/newpass'; - end; + a href => '/u/login', mt '_menu_login'; br; + a href => '/u/newpass', mt '_menu_newpass'; br; + a href => '/u/register', mt '_menu_register'; br; end; } end 'div'; # /menubox |