In this article, I will teach you how to apply CSRF token for login action in your bootstrap template.
- Add a hidden CSRF token in the login page to defend against CSRF attack. System will validate the CSRF token when a request is sent to server to login into your store front.
- If the client token is different with the token saved in the server, the request will be ignored and redirect it to the login page again.
Steps to apply this plugin for your store
Note: this plugin is only available to bootstrap template. Please don’t apply it for the glass gray template.
Step 1. Download a package at https://www.dropbox.com/s/n9jwqo2z75cfev5/formsecurity.zip?dl=0.
Step 2. Open includes/content/account/login.php to edit as follow:
- Find following code snippet:
<div class="control-group">
<div class="controls">
<button type="submit" class="btn btn-small btn-success pull-right"><i class="icon-ok-sign icon-white"></i> <?php echo $osC_Language->get('button_sign_in'); ?>
</button>
</div>
</div>
- Add following code after it:
<input type="hidden" name="token" value="<?=$_SESSION['_token']?>" />
Step3 . Open templates/bootstrap/content/account/login.php to edit as follow:
- Find following line:
global $osC_Database, $osC_Session, $osC_Language, $osC_ShoppingCart, $messageStack, $osC_Customer, $osC_NavigationHistory, $toC_Wishlist;
- Add following code after it:
if ( ! isset($_POST['token']) || ! $osC_Session->validateToken($_POST['token'])) {
osc_redirect(osc_href_link(FILENAME_DEFAULT, null, 'AUTO'));
}
Done. I strongly recommend you to apply this plugin for your login form. This is significant to improve the security of your store.
Looking for quality TomatoCart hosting? Check out Arvixe Web Hosting
