diff options
author | Andrew Dolgov <[email protected]> | 2021-03-14 14:17:18 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2021-03-14 14:17:18 +0300 |
commit | 1c9afba5f058adace5e005b51fc533882f9af0fa (patch) | |
tree | 99f4a228acf9f969d5411048c210338ba0fd126a /login.php | |
parent | 2b8b845abe7c13ecbb266613910484310cffe8e1 (diff) |
* add CSRF protection to xhr requests
* force ORM to use SQLITE WAL
* add .editorconfig
* cleanup a few things
Diffstat (limited to 'login.php')
-rw-r--r-- | login.php | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -28,6 +28,7 @@ $_SESSION["owner"] = $username; $_SESSION["pass_hash"] = sha1($user->pass); + $_SESSION["csrf_token"] = bin2hex(random_bytes(16)); header("Location: index.php"); exit; @@ -35,6 +36,8 @@ } else { $login_notice = "Incorrect username or password"; } + } else { + logout_user(); } ?> <!DOCTYPE html> |