PEAK XOOPS - "Confirm screen" - Removable? 
"Confirm screen" - Removable?
- You cannot open a new topic into this forum
- Guests cannot post into this forum
Quantum
Posts: 16
Posts: 16
Sometimes, user would have to press "Go" to login automatically. Which (logically) is annoying. I tracked down the Go button to the code below. Experimentally I removed this code (commented it) and the autologin hack seemed to function perfectly.
Therefore my question: What are the consequences of removing this code? (I'm not a PHP programmer ;))
Quote:
Therefore my question: What are the consequences of removing this code? (I'm not a PHP programmer ;))
Quote:
} else {
// confirm if some queries exist (against GET CSRF)
include XOOPS_ROOT_PATH . '/header.php' ;
echo '
<div class="confirmMsg">
<h4>'._LOGIN.'</h4>
<form method="post" action="'.XOOPS_URL.'/user.php?op=login">
<input type="hidden" name="xoops_redirect" value="'.htmlspecialchars( $GLOBALS['xoopsRequestUri'], ENT_QUOTES ).'" />' ;
echo $GLOBALS['xoopsSecurity']->getTokenHTML();
echo '
<input type="submit" name="confirm_submit" value="'._GO.'" />
</form>
</div>';
include XOOPS_ROOT_PATH . '/footer.php' ;
exit ;
}
Votes:3
Average:3.33
GIJOE
Posts: 4110
Posts: 4110
It is described as comment 
If you want to know what is CSRF, use google.
(against GET CSRF)
Votes:1
Average:0.00
Quantum
Posts: 16
Posts: 16
Thanks ;). Silly question indeed.
(link for whoever doesn't know as well)
http://www.squarefree.com/securitytips/web-developers.html
Hopefully a more sensible question:
Would it be possible to have the script redirect automatically, instead of having to press the button manually?
(link for whoever doesn't know as well)
http://www.squarefree.com/securitytips/web-developers.html
Hopefully a more sensible question:
Would it be possible to have the script redirect automatically, instead of having to press the button manually?
Votes:1
Average:0.00
GIJOE
Posts: 4110
Posts: 4110
If the script redirect automatically, the feature of anti-CSRF make non-sense.
Learn what is CSRF
Learn what is CSRF
Votes:1
Average:0.00
Quantum
Posts: 16
Posts: 16
I don't want to understand it completely 
.
(I do understand it automatically does something for the user when he clicks on an innocent looking link from somewhere else.)
Also, if I understand the discussion on Slashdot correctly, this is something that can be fixed in Xoops. But it'd probably require alot more effort than is worth it for just the extra button.
.(I do understand it automatically does something for the user when he clicks on an innocent looking link from somewhere else.)
Also, if I understand the discussion on Slashdot correctly, this is something that can be fixed in Xoops. But it'd probably require alot more effort than is worth it for just the extra button.
Votes:1
Average:0.00
Previous post
-
Next post
|
Parent
-
No child
|
Posted on 2006/2/14 5:56
Quantum
Posts: 16
Posts: 16
Anyway, thanks for the fast replies!
Votes:1
Average:0.00
Login