diff options
| author | Simon Rettberg | 2025-05-22 16:07:03 +0200 |
|---|---|---|
| committer | Simon Rettberg | 2025-05-22 16:07:03 +0200 |
| commit | 19160ec62cec3b6e436590b16ebb2b329ef5d55b (patch) | |
| tree | bdfc8a89829fde79133b839d4cb52a27c7b3e520 /modules-available/session | |
| parent | [locationinfo] URLpanel: Browser accept-language and screen rotation (diff) | |
| download | slx-admin-19160ec62cec3b6e436590b16ebb2b329ef5d55b.tar.gz slx-admin-19160ec62cec3b6e436590b16ebb2b329ef5d55b.tar.xz slx-admin-19160ec62cec3b6e436590b16ebb2b329ef5d55b.zip | |
Add audit logging of POST actions
Diffstat (limited to 'modules-available/session')
| -rw-r--r-- | modules-available/session/page.inc.php | 19 |
1 files changed, 8 insertions, 11 deletions
diff --git a/modules-available/session/page.inc.php b/modules-available/session/page.inc.php index 5f5e5d28..c59af63a 100644 --- a/modules-available/session/page.inc.php +++ b/modules-available/session/page.inc.php @@ -19,6 +19,7 @@ class Page_Session extends Page } // Login credentials wrong - delay and show error message sleep(1); + http_response_code(403); Message::addError('loginfail'); } elseif ($action === 'logout') { // Log user out (or do nothing if not logged in) @@ -27,25 +28,21 @@ class Page_Session extends Page if (!User::isLoggedIn()) { Util::redirect('?do=main'); } - // Now check if the user supplied the corrent current password, and the new password twice - $old = Request::post('old', false, 'string'); - $new = Request::post('newpass1', false, 'string'); - if ($old === false || $new === false) { - Message::addError('main.empty-field'); - Util::redirect('?do=session'); - } + // Now check if the user supplied the current password, and the new password twice + $old = Request::post('old', Request::REQUIRED, 'string'); + $new = Request::post('newpass1', Request::REQUIRED, 'string'); if (!User::testPassword(User::getId(), $old)) { sleep(1); Message::addError('wrong-password'); - Util::redirect('?do=session'); + Util::redirect('?do=session', 403); } if (strlen($new) < 4) { Message::addError('pass-too-short'); - Util::redirect('?do=session'); + Util::redirect('?do=session', 400); } if ($new !== Request::post('newpass2', false, 'string')) { Message::addError('adduser.password-mismatch'); - Util::redirect('?do=session'); + Util::redirect('?do=session', 400); } if (Request::post('kill-other-sessions', false, 'bool')) { Session::deleteAllButCurrent(); @@ -55,7 +52,7 @@ class Page_Session extends Page } else { Message::addWarning('password-unchanged'); } - Util::redirect('?do=session'); + Util::redirect('?do=session', 200); } else { // No action, change title to session list Render::setTitle(Dictionary::translate('page-title-session-list')); |