Added csrf token to login

paramecio2/modules/admin/app.py

@@ -13,6 +13,7 @@ import copy
 from os import path
 from paramecio2.modules.admin import admin_app, t
 from paramecio2.libraries.sendmail import SendMail
+from paramecio2.libraries.formsutils import check_csrf
 
 yes_recovery_login=False
 email_address='localhost'
@@ -66,6 +67,12 @@ def admin_prepare():
                     
                     return redirect(url_redirect)   
 
+    
+    """
+    if request.method=='POST':
+        check_csrf()
+    """
+
 @admin_app.after_request
 def admin_finished(response):
     
@@ -187,6 +194,8 @@ def login():
     
     if request.method=='POST':
         
+        check_csrf()
+        
         username=request.form['username']
 
         password=request.form['password']
@@ -279,6 +288,8 @@ def signup():
         
         if request.method=='POST':
             
+            check_csrf()
+            
             user_admin.conditions=['WHERE privileges=%s', [2]]
              
             forms=dict(request.form)
@@ -337,8 +348,10 @@ def auth_check():
 
     error=1
     
-    if 'login_admin' in session:
+    check_csrf()
     
+    if 'login_admin' in session:
+        
         code=request.form.get('code', '')
         
         user_admin=UserAdmin(g.connection)

paramecio2/modules/admin/templates/need_auth.phtml

@@ -8,6 +8,7 @@
     <div class="form">
         <p align="center">${lang('admin', 'check_your_email', 'Check your email for get instructions for complete login with double auth or')} <a href="${url_for('.logout')}">logout</a> and login again with other user</p>
         <p><label>${lang('admin', 'code', 'Code')} *</label><input type="text" class="" name="code" id="code_form" value="" /> <span class="error" id="code_error"></span></p>
+        ${csrf_token()|n}
     </div>
     <div id="submit_block">
         <input type="submit" value="${lang('common', 'send_code', 'Send code')}" class="submit" id="code_submit"/>