wmantly/mp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

redo ant csrf token

Browse Source 
ensure anti csrf token and session is only created after login
This commit is contained in:
BIG2EYEZ
2024-01-13 01:17:07 +08:00
parent f2a9facfaf
commit 183e73eca2
7 changed files with 96 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
Sean/views/inusers.ejs
View File

@ -146,6 +146,7 @@
</div>
<script>
const allUsers = <%- JSON.stringify(allUsers) %>;
</script>
<script src="https://code.jquery.com/jquery-3.6.4.min.js"></script>

3
Sean/views/inusers.js
View File

@ -1,6 +1,5 @@
$(document).ready(function () {
$('#resetPasswordLink').on('click', function () {
$('#resetPasswordFormContainer').show();
@ -429,5 +428,7 @@ $('#resetPasswordForm').on('submit', function (e) {
});
});

1
Sean/views/login.ejs
View File

@ -86,7 +86,6 @@ button:hover {
<label for="password">Password</label>
<input type="password" id="password" name="password" placeholder="Enter your password" required>
<input type="hidden" name="csrf_token" value="<%= csrfToken %>">
<button type="submit">Login</button>
</form>

2
Sean/views/otp.ejs
View File

@ -69,7 +69,7 @@
<label for="otp">OTP:</label>
<input type="text" id="otp" name="otp" required>
<br>
<input type="hidden" name="csrf_token" value="<%= csrfToken %>">
<button type="submit">Submit OTP</button>
</form>
</body>