From 938dc4ea79bac5200c1192ac0fc8ec80f707ff60 Mon Sep 17 00:00:00 2001 From: Iris System Date: Thu, 2 Sep 2021 12:39:29 +1200 Subject: [PATCH] Reset verification numbers in session on each POST --- lib/IndexController.php | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/lib/IndexController.php b/lib/IndexController.php index 12d63bf..2962a6d 100644 --- a/lib/IndexController.php +++ b/lib/IndexController.php @@ -84,17 +84,20 @@ class IndexController extends Controller { return $response->withHeader('Location', '/register'); } + // Get the numbers from the session, and then reset them $numbers = array_map((function($i) { return intval($i); }), explode(',', $session->session_data['numbers'])); - $query_values = (array) $request->getParsedBody(); + unset($session->session_data['numbers']); + + $form_values = (array) $request->getParsedBody(); // Check CSRF $csrf_token = null; - if (array_key_exists('_csrf', $query_values)) $csrf_token = trim($query_values['_csrf']); - $this->container->get('csrf')->check('csrf', $csrf_token); + if (array_key_exists('_csrf', $form_values)) $csrf_token = trim($form_values['_csrf']); + $this->container->get('csrf')->check('csrf', $csrf_token); // Check the math question $given_sum = null; - if (array_key_exists('verify', $query_values)) $given_sum = intval(trim($query_values['verify'])); + if (array_key_exists('verify', $form_values)) $given_sum = intval(trim($form_values['verify'])); if ($given_sum != $numbers[0] + $numbers[1]) { return $this->requestGET($request, $response, array_merge($args, [ 'message' => 'The provided verification was incorrect.', @@ -103,9 +106,9 @@ class IndexController extends Controller { // We're good, send the notifications HookMachine::execute([self::class, 'sendAlert'], [ - $query_values['username'], - $query_values['tilde'], - $query_values['message'] ?? '[no message provided]', + $form_values['username'], + $form_values['tilde'], + $form_values['message'] ?? '[no message provided]', ]); // And return a success message