FGFS-4.1/phpvms
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make sure login uses Form to get the csrf token

Browse Source
This commit is contained in:
Nabeel Shahzad
2018-03-12 22:17:58 -05:00
parent 05655632cc
commit acb289f6d0
3 changed files with 44 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
CHANGELOG.md
View File

@@ -1,3 +1,18 @@
## Alpha 3
!! Please do a complete reinstall, with a new database
- Finances! The finance portions have been implemented, you can [read about them here](http://docs.phpvms.net/concepts/finances)
- Changed theme system to using [laravel-theme](https://github.com/igaster/laravel-theme), there are changes to making theming much simpler with much more flexibility.
- Fixed several security vulnerabilities (thanks magicflyer!)
- Fuel units changed to lbs/kgs [#193](https://github.com/nabeelio/phpvms/issues/193)
- Airports can be restricted to only hubs on registration/user profile
- Cleaned up a lot unused icons and files [#195](https://github.com/nabeelio/phpvms/issues/195)
- Rank restrictions for PIREPs are respected [#170](https://github.com/nabeelio/phpvms/issues/170)
- API: Added the ability to get/update/delete user bids [#172](https://github.com/nabeelio/phpvms/issues/172)
- Artisan: Added a `phpvms:export [tables]` to export tables to YAML files which can be re-imported using `phpvms:import`
- Numerous bug fixes
## Alpha 2 (2018-02-23, v7.0.0-alpha2)
!! Please do a full reinstall, with recreating the database

36
resources/views/layouts/default/auth/login.blade.php
View File

@@ -1,10 +1,10 @@
@extends("auth.layout")
@section('title', 'log in')
@extends('auth.layout')
@section('title', 'Log In')
@section('content')
<div class="col-md-4 content-center">
<div class="card card-login card-plain">
<form class="form" method="POST" action="{{ url('/login') }}">
{{ Form::open(['url' => url('/login'), 'method' => 'post']) }}
<div class="header header-primary text-center">
<div class="logo-container" style="width: 320px;">
<img src="{{ public_asset('/assets/frontend/img/logo.svg') }}" width="320" height="320" style="background: #FFF">
@@ -15,12 +15,14 @@
<span class="input-group-addon">
<i class="now-ui-icons users_circle-08"></i>
</span>
<input id="email" type="email"
class="form-control"
name="email"
value="{{ old('email') }}"
placeholder="Email"
required>
{{
Form::text('email', old('email'), [
'id' => 'email',
'placeholder' => 'Email',
'class' => 'form-control',
'required' => true,
])
}}
</div>
@if ($errors->has('email'))
<span class="help-block">
@@ -32,12 +34,14 @@
<span class="input-group-addon">
<i class="now-ui-icons ui-1_lock-circle-open"></i>
</span>
<input id="password"
type="password"
name="password"
class="form-control"
placeholder="Password"
required>
{{
Form::password('password', [
'name' => 'password',
'class' => 'form-control',
'placeholder' => 'Password',
'required' => true,
])
}}
</div>
@if ($errors->has('password'))
<span class="help-block">
@@ -59,7 +63,7 @@
<a href="{{ url('/password/reset') }}" class="link">Forgot Password?</a>
</h6>
</div>
</form>
{{ Form::close() }}
</div>
</div>
@endsection

14
resources/views/layouts/default/auth/passwords/reset.blade.php
View File

@@ -1,4 +1,5 @@
@extends('app')
@section('title', 'Reset Password')
@section('content')
<div class="container">
@@ -6,11 +7,14 @@
<div class="col-md-8 col-md-offset-2">
<div class="panel panel-default">
<div class="panel-heading">Reset Password</div>
<div class="panel-body">
<form class="form-horizontal" role="form" method="POST" action="{{ url('/password/reset') }}">
{{ csrf_field() }}
{{ Form::open([
'url' => url('/password/reset'),
'method' => 'post',
'role' => 'form',
'class' => 'form-horizontal',
])
}}
<input type="hidden" name="token" value="{{ $token }}">
<div class="form-group{{ $errors->has('email') ? ' has-error' : '' }}">
@@ -61,7 +65,7 @@
</button>
</div>
</div>
</form>
{{ Form::close() }}
</div>
</div>
</div>