lindeas
/
jilo-web
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases 6 Wiki Activity

Fixes CSRF issue after login with 2fa code

main
Yasen Pramatarov 2025-04-12 16:28:33 +03:00
parent 2ca1714992
commit d28d69d350
1 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
app/includes/csrf_middleware.php
View File

@ -12,10 +12,18 @@ function applyCsrfMiddleware() {
return true; return true;
} }
// Skip CSRF check for initial login, registration, and 2FA verification attempts
if ($_SERVER['REQUEST_METHOD'] === 'POST' &&
isset($_GET['page']) && isset($_GET['action']) &&
$_GET['page'] === 'login' && $_GET['action'] === 'verify' &&
isset($_SESSION['2fa_pending_user_id'])) {
return true;
}
// Skip CSRF check for initial login and registration attempts // Skip CSRF check for initial login and registration attempts
if ($_SERVER['REQUEST_METHOD'] === 'POST' && if ($_SERVER['REQUEST_METHOD'] === 'POST' &&
isset($_GET['page']) && isset($_GET['page']) &&
in_array($_GET['page'], ['login', 'register']) && in_array($_GET['page'], ['login', 'register']) &&
!isset($_SESSION['username'])) { !isset($_SESSION['username'])) {
return true; return true;
} }