add CSRF Token on customer login

2024-10-09 17:58:35 +01:00
parent 9bc3ccc02b
commit 3eaa302128
4 changed files with 17 additions and 5 deletions
--- a/ui/ui/customer/login-noreg.tpl
+++ b/ui/ui/customer/login-noreg.tpl
@ -14,6 +14,7 @@
            <div class="panel-heading">{Lang::T('Login / Activate Voucher')}</div>
            <div class="panel-body">
                <form action="{$_url}login/activation" method="post">
+                    <input type="hidden" name="csrf_token" value="{$csrf_token}">
                    <div class="form-group">
                        <label>{if $_c['country_code_phone']!= ''}{Lang::T('Phone Number')}{else}{Lang::T('Username')}{/if}</label>
                        <div class="input-group">
@ -52,6 +53,7 @@
            <div class="panel-heading">{Lang::T('Activate Voucher')}</div>
            <div class="panel-body">
                <form action="{$_url}login/activation" method="post">
+                    <input type="hidden" name="csrf_token" value="{$csrf_token}">
                    <div class="form-group">
                        <label>{Lang::T('Enter voucher code here')}</label>
                        <div class="input-group">
--- a/ui/ui/customer/login.tpl
+++ b/ui/ui/customer/login.tpl
@ -18,6 +18,7 @@
            <div class="panel-heading">{Lang::T('Log in to Member Panel')}</div>
            <div class="panel-body">
                <form action="{$_url}login/post" method="post">
+                    <input type="hidden" name="csrf_token" value="{$csrf_token}">
                    <div class="form-group">
                        <label>{if $_c['country_code_phone']!= ''}{Lang::T('Phone Number')}{else}{Lang::T('Username')}{/if}</label>
                        <div class="input-group">