Malin/domnitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enhance user actions with CSRF protection and POST requests

Browse Source 
Added CSRF protection and enforced POST requests for user delete and toggle status actions in UserController. Updated the users index view to use JavaScript for submitting POST forms with CSRF tokens for these actions, improving security and user experience. Also improved login success messages to include the user's full name.
This commit is contained in:
Hosteroid
2025-12-15 17:48:55 +02:00
parent bcd956a495
commit 1e98b8a047
4 changed files with 64 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/Controllers/AuthController.php
View File

@@ -167,6 +167,11 @@ class AuthController extends Controller
$_SESSION['email'] = $user['email'];
$_SESSION['role'] = $user['role'];
// Clear any existing session messages before successful login
unset($_SESSION['error']);
unset($_SESSION['success']);
unset($_SESSION['info']);
// Session is automatically tracked by DatabaseSessionHandler
// No need to manually create session record
@@ -178,6 +183,9 @@ class AuthController extends Controller
// Update last login
$this->userModel->updateLastLogin($user['id']);
// Set success message for login
$_SESSION['success'] = 'Login successful! Welcome back, ' . htmlspecialchars($user['full_name']) . '.';
// Redirect to dashboard
$this->redirect('/');
}