Jakach/jakach-login
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

adding enhanced csrf protection
Deploy / deploy (push) Successful in 33s
Details

Browse Source
This commit is contained in:
janis steiner
2026-05-06 09:07:48 +02:00
parent 7ae7df0a11
commit d82a08f77b
25 changed files with 132 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app-code/api/login/set_username.php
+4
View File
@@ -2,6 +2,10 @@
include "../utils/security.php";
secure_session_start();
require_same_origin_request();
require_csrf_token();
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
json_response(['success' => false, 'message' => 'Invalid request method.'], 405);
}
$_SESSION["needs_auth"]=true;
$_SESSION["logged_in"]=false;
$username = strtolower((string) ($_POST["username"] ?? ""));