anti csrf token generated upon login

2024-01-12 16:58:47 +08:00
parent f1d13a1217
commit 9dcf1429a8
6 changed files with 236 additions and 110 deletions
--- a/Sean/views/inusers.ejs
+++ b/Sean/views/inusers.ejs
@ -96,6 +96,7 @@
              </select>
            </div>
          </div>
+          <input type="hidden" name="csrf_token" value="<%= csrfToken %>">
          <div class="button">
            <input type="submit" value="Register">
          </div>
--- a/Sean/views/login.ejs
+++ b/Sean/views/login.ejs
@ -86,7 +86,7 @@ button:hover {

      <label for="password">Password</label>
      <input type="password" id="password" name="password" placeholder="Enter your password" required>
-
+      <input type="hidden" name="csrf_token" value="<%= csrfToken %>">
      <button type="submit">Login</button>
    </form>

@ -95,4 +95,5 @@ button:hover {
    </div>
  </div>
 </body>
+
 </html>
--- a/Sean/views/otp.ejs
+++ b/Sean/views/otp.ejs
@ -69,6 +69,7 @@
        <label for="otp">OTP:</label>
        <input type="text" id="otp" name="otp" required>
        <br>
+        <input type="hidden" name="csrf_token" value="<%= csrfToken %>">
        <button type="submit">Submit OTP</button>
    </form>
 </body>