1 (edited by RB 2008-12-22 13:16)

Topic: Outer Login Form

I have included in my site the code below to login to the board from every page of the site, but I can't login because of "Confirm action" message. I know it's CSRF problem, but what am I doing wrong?..

<form method="post" id="afocus" style="margin-top: 7px; margin-bottom: 0" action="/<? echo $fdir; ?>/login.php">
  <div style="float: left">
    <input type="hidden" name="form_sent" value="1" />
    <input type="hidden" name="redirect_url" value="/" />
    <input type="hidden" name="csrf_token" value="<? $one = str_replace('&amp;', '&', 'http://[...].ru'); $two = substr(sha1(uniqid(rand(), true)), 0, 40); echo sha1($one.$two); ?>" />
    <input type="hidden" name="save_pass" id="fld3" value="1" />
    <input type="text" name="req_username" id="fld1" class="textline" value="login" onclick="if (this.value=='login') { this.value=''; document.getElementById('fld2').value='' }" />
    <input type="password" name="req_password" id="fld2" class="textline" style="margin-top: 4px" value="password" onclick="if (this.value=='password') { this.value=''; document.getElementById('fld1').value='' }" />
    <input type="submit" name="login" class="button" value="Login" style="margin-top: 7px; width: 49px" />