Project-Pro/shopPRO
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
shopPRO/admin/templates/users/user-2fa.php
Jacek 5598888716 security: faza 4 - ochrona CSRF panelu administracyjnego 
- Nowa klasa \Shared\Security\CsrfToken (generate/validate/regenerate)
- Token CSRF we wszystkich formularzach edycji (form-edit.php)
- Walidacja CSRF w FormRequestHandler::handleSubmit()
- Token CSRF w formularzu logowania i formularzach 2FA
- Walidacja CSRF w App::special_actions() dla żądań POST
- Regeneracja tokenu po udanym logowaniu (bezpośrednia i przez 2FA)
- Fix XSS: htmlspecialchars na $alert w unlogged-layout.php
- 7 nowych testów CsrfTokenTest (817 testów łącznie)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-12 10:06:40 +01:00

20 lines
1.0 KiB
PHP
Raw Permalink Blame History

<form method="POST" action="/admin/" class="form-horizontal" rol="form">
<input type="hidden" name="s-action" value="user-2fa-verify">
<input type="hidden" name="_csrf_token" value="<?= htmlspecialchars(\Shared\Security\CsrfToken::getToken()) ?>">
<div class="form-group row">
<label class="col col-sm-4 control-label" for="login">Kod z e-maila:</label>
<div class="col col-sm-8">
<input type="text" name="twofa" id="twofa" class="form-control" inputmode="numeric" pattern="\d{6}" maxlength="6" autocomplete="one-time-code" required>
</div>
</div>
<div class="form-group row">
<div class="col col-sm-12">
<button class="btn btn-primary btn-block">Potwierdź</button>
</div>
</div>
</form>
<form method="POST" action="/admin/" style="margin-top:10px">
<input type="hidden" name="s-action" value="user-2fa-resend">
<input type="hidden" name="_csrf_token" value="<?= htmlspecialchars(\Shared\Security\CsrfToken::getToken()) ?>">
<button class="btn btn-danger">Wyślij kod ponownie</button>
</form>
Reference in New Issue View Git Blame Copy Permalink