Project-Pro/shopPRO
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
shopPRO/admin/templates/site/unlogged-layout.php
Jacek 5598888716 security: faza 4 - ochrona CSRF panelu administracyjnego 
- Nowa klasa \Shared\Security\CsrfToken (generate/validate/regenerate)
- Token CSRF we wszystkich formularzach edycji (form-edit.php)
- Walidacja CSRF w FormRequestHandler::handleSubmit()
- Token CSRF w formularzu logowania i formularzach 2FA
- Walidacja CSRF w App::special_actions() dla żądań POST
- Regeneracja tokenu po udanym logowaniu (bezpośrednia i przez 2FA)
- Fix XSS: htmlspecialchars na $alert w unlogged-layout.php
- 7 nowych testów CsrfTokenTest (817 testów łącznie)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-12 10:06:40 +01:00

92 lines
4.5 KiB
PHP
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!DOCTYPE html>
<html>
<head>
<title>shopPro</title>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="author" content="www.project-pro.pl - internetowe rozwiązania dla biznesu">
<link rel="stylesheet" type="text/css" href="/libraries/bootstrap-4.5.2-dist/css/bootstrap.css">
<link rel="stylesheet" type="text/css" href="/libraries/font-awesome-4.7.0/css/font-awesome.css">
<link rel="stylesheet" href="/admin/layout/style-css/style.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js"></script>
<script type="text/javascript" src="/libraries/bootstrap-4.5.2-dist/js/bootstrap.min.js"></script>
<script type="text/javascript" src="/libraries/bootstrap-4.5.2-dist/js/bootstrap.bundle.min.js"></script>
<link rel="preconnect" href="https://fonts.gstatic.com">
<link href="https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;0,800;1,300;1,400;1,600;1,700;1,800&display=swap" rel="stylesheet">
</head>
<body>
<div id="main">
<div class="container-fluid">
<div class="row">
<div class="col-sm-8 col-md-6 col-lg-4 unlogged-panel">
<div class="login-panel">
<div class="login-panel-content">
<div class="login-shoppro">
shop<b>Pro</b>
</div>
<div class="title">
Witaj ponownie!
</div>
<div class="subtitle">
Zaloguj się do panelu administratora <b>shopPro</b>.
</div>
<?
if ( $alert = \Shared\Helpers\Helpers::get_session( 'alert' ) ):
\Shared\Helpers\Helpers::alert( false );
?>
<div class="alert alert-danger alert-dismissable">
<button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button>
<i class="icon fa fa-ban "></i><?= htmlspecialchars($alert) ?>
</div>
<? endif;
?>
<form method="POST" action="/admin/" class="form-horizontal" rol="form">
<input type="hidden" name="s-action" value="user-logon" />
<input type="hidden" name="_csrf_token" value="<?= htmlspecialchars(\Shared\Security\CsrfToken::getToken()) ?>">
<div class="form-group form-inline row">
<div class="col-12">
<div class="input-group input-login">
<div class="input-group-prepend">
<span class="input-group-text icon"> <i class="fa fa-user"></i></span>
</div>
<input type="text" name="login" id="login" class="form-control"/>
</div>
</div>
</div>
<div class="form-group form-inline row">
<div class="col-12">
<div class="input-group input-password">
<div class="input-group-prepend">
<span class="input-group-text icon"><i class="fa fa-lock"></i></span>
</div>
<input type="password" name="password" id="password" class="form-control"/>
</div>
</div>
</div>
<div class="form-group">
<div class="col col-sm-12" style="align-items: center; display: flex;">
<input id="remember" type="checkbox" name="remember" value="1">
<label class="remember" style="margin-bottom: 0; margin-left: 5px;"> Pamiętaj mnie 14 dni</label>
</div>
</div>
<div class="sumbit">
<button class="btn">Zaloguj się</button>
</div>
</form>
<div class="copyright">
<a href="https://www.project-pro.pl/"> &copy; <?= date( 'Y' );?> Project-Pro</a>
</div>
</div>
</div>
</div>
<div class="col-sm-4 col-md-6 col-lg-8 unlogged-bg">
</div>
</div>
</div>
<div class="home">
<a href="/"><img src="/admin/layout/images/home.svg" alt="HOME"></a>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink