Malin/domnitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enhance user actions with CSRF protection and POST requests

Browse Source 
Added CSRF protection and enforced POST requests for user delete and toggle status actions in UserController. Updated the users index view to use JavaScript for submitting POST forms with CSRF tokens for these actions, improving security and user experience. Also improved login success messages to include the user's full name.
This commit is contained in:
Hosteroid
2025-12-15 17:48:55 +02:00
parent bcd956a495
commit 1e98b8a047
4 changed files with 64 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
app/Controllers/UserController.php
View File

@@ -306,6 +306,14 @@ class UserController extends Controller
*/
public function delete($params = [])
{
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
$this->redirect('/users');
return;
}
// CSRF Protection
$this->verifyCsrf('/users');
$userId = $params['id'] ?? 0;
$user = $this->userModel->find($userId);
@@ -348,6 +356,14 @@ class UserController extends Controller
*/
public function toggleStatus($params = [])
{
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
$this->redirect('/users');
return;
}
// CSRF Protection
$this->verifyCsrf('/users');
$userId = $params['id'] ?? 0;
$user = $this->userModel->find($userId);