CSRFトークンの追加

2025-12-08 03:18:12 +09:00
parent d810b7155f
commit 4085b77f6a
5 changed files with 61 additions and 44 deletions
--- a/src/Site/Controller/User.php
+++ b/src/Site/Controller/User.php
@@ -18,10 +18,16 @@ class User {
        exit();
      }

-      $doLogin = count($_POST) > 0;
+      $doLogin = $_SERVER['REQUEST_METHOD'] === 'POST';
      $error = '';

      if ($doLogin) {
+        if (!\verify_csrf_token($_POST['csrf_token'])) {
+          header('Location: /');
+          exit();
+        }
+        unset($_POST['csrf_token']);
+
        $a = [];
        if (count($_POST) === 2) {
          $i = 0;
@@ -91,6 +97,12 @@ class User {
      $nyuE = '';

      if ($doRegister) {
+        if (!\verify_csrf_token($_POST['csrf_token'])) {
+          header('Location: /');
+          exit();
+        }
+        unset($_POST['csrf_token']);
+
        $a = [];
        if (count($_POST) === 4) {
          $i = 0;