Permalink
Browse files

admin/auth.php is now using sesskey.

  • Loading branch information...
1 parent 05c2036 commit 249c36eaa04dc648a750871ae10996f8fa9367e9 stronk7 committed Oct 2, 2004
Showing with 10 additions and 6 deletions.
  1. +8 −4 admin/auth.php
  2. +1 −1 admin/index.php
  3. +1 −1 admin/users.php
View
12 admin/auth.php
@@ -12,10 +12,13 @@
error("Only the admin can use this page");
}
+ if (!confirm_sesskey()) {
+ error(get_string('confirmsesskeybad', 'error'));
+ }
/// If data submitted, then process and store.
- if ($config = data_submitted()) {
+ if ($config = data_submitted()) {
$config = (array)$config;
validate_form($config, $err);
@@ -27,15 +30,15 @@
notify("Problem saving config $name as $value");
}
}
- redirect("auth.php", get_string("changessaved"), 1);
+ redirect("auth.php?sesskey=$USER->sesskey", get_string("changessaved"), 1);
exit;
} else {
foreach ($err as $key => $value) {
$focus = "form.$key";
}
}
- }
+ }
/// Otherwise fill and print the form.
@@ -94,9 +97,10 @@
echo "<CENTER><P><B>";
echo "<form TARGET=\"{$CFG->framename}\" NAME=\"authmenu\" method=\"post\" action=\"auth.php\">";
+ echo "<input type=\"hidden\" name=\"sesskey\" value=\"".$USER->sesskey."\">";
print_string("chooseauthmethod","auth");
- choose_from_menu ($options, "auth", $auth, "","document.location='auth.php?auth='+document.authmenu.auth.options[document.authmenu.auth.selectedIndex].value", "");
+ choose_from_menu ($options, "auth", $auth, "","document.location='auth.php?sesskey=$USER->sesskey&auth='+document.authmenu.auth.options[document.authmenu.auth.selectedIndex].value", "");
echo "</B></P></CENTER>";
View
2 admin/index.php
@@ -295,7 +295,7 @@
$configdata);
- $userdata = "<font size=+1>&nbsp;</font><a href=\"auth.php\">".get_string("authentication")."</a> - <font size=1>".
+ $userdata = "<font size=+1>&nbsp;</font><a href=\"auth.php?sesskey=$USER->sesskey\">".get_string("authentication")."</a> - <font size=1>".
get_string("adminhelpauthentication")."</font><br />";
$userdata .= "<font size=+1>&nbsp;</font><a href=\"user.php\">".get_string("edituser")."</a> - <font size=1>".
get_string("adminhelpedituser")."</font><br />";
View
2 admin/users.php
@@ -22,7 +22,7 @@
$table->align = array ("right", "left");
- $table->data[] = array("<b><a href=\"auth.php\">".get_string("authentication")."</a></b>",
+ $table->data[] = array("<b><a href=\"auth.php?sesskey=$USER->sesskey\">".get_string("authentication")."</a></b>",
get_string("adminhelpauthentication"));
$table->data[] = array("<b><a href=\"user.php\">".get_string("edituser")."</a></b>",

0 comments on commit 249c36e

Please sign in to comment.