[WIP] Add csrfProtect()

system/pages/account/lost/check-code.php

@@ -1,6 +1,8 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 
+csrfProtect();
+
 $title = 'Lost Account';
 
 $code = isset($_REQUEST['code']) ? trim($_REQUEST['code']) : '';

system/pages/account/lost/email/send-code.php

@@ -1,6 +1,8 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 
+csrfProtect();
+
 require __DIR__ . '/../base.php';
 
 $title = 'Lost Account';

system/pages/account/lost/email/set-new-password.php

@@ -1,6 +1,8 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 
+csrfProtect();
+
 $title = 'Lost Account';
 
 $newPassword = $_REQUEST['passor'];

system/pages/account/lost/email/step-1.php

@@ -3,6 +3,8 @@ defined('MYAAC') or die('Direct access not allowed!');
 
 require __DIR__ . '/../base.php';
 
+csrfProtect();
+
 $title = 'Lost Account';
 
 if($account->isLoaded()) {

system/pages/account/lost/recovery-key/step-1.php

@@ -1,6 +1,8 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 
+csrfProtect();
+
 $title = 'Lost Account';
 
 if($account->isLoaded()) {

system/pages/account/lost/recovery-key/step-2.php

@@ -1,6 +1,8 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 
+csrfProtect();
+
 $title = 'Lost Account';
 
 $recKey = trim($_REQUEST['key']);

system/pages/account/lost/recovery-key/step-3.php

@@ -1,6 +1,8 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 
+csrfProtect();
+
 $title = 'Lost Account';
 
 $recKey = trim($_REQUEST['key']);

system/pages/account/lost/step-1.php

@@ -1,6 +1,8 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 
+csrfProtect();
+
 $title = 'Lost Account';
 
 $nick = stripslashes($_REQUEST['nick']);

system/templates/account/lost/check-code.finish.html.twig

@@ -1,5 +1,8 @@
 Please enter new password to your account and repeat to make sure you remember password.<BR>
 <form action="{{ getLink('account/lost/email/set-new-password') }}" method="post">
+
+	{{ csrf() }}
+
 	<input type="hidden" name="character" value="{{ character }}">
 	<input type="hidden" name="code" value="{{ code }}">
 	<table class="myaac-table" style="width: 100%;">

system/templates/account/lost/check-code.html.twig

@@ -1,5 +1,8 @@
 Please enter code from e-mail and name of one character from account. Then press Submit.<br/>
 <form action="{{ getLink('account/lost/check-code') }}" method="post">
+
+	{{ csrf() }}
+
 	<table class="myaac-table" style="width: 100%;">
 		<thead>
 		<tr>

system/templates/account/lost/email.html.twig

@@ -1,5 +1,8 @@
 Please enter e-mail to account with this character.<br/>
 <form action="{{ getLink('account/lost/email/send-code') }}" method="post">
+
+	{{ csrf() }}
+
 	<input type=hidden name="character">
 	<table class="myaac-table" style="width: 100%;">
 

system/templates/account/lost/form.html.twig

@@ -1,6 +1,8 @@
 The Lost Account Interface can help you to get back your account name and password. Please enter your character name and select what you want to do.<br/>
 <form action="{{ getLink('account/lost/step-1') }}" method="post">
+
 	{{ csrf() }}
+
 	<input type="hidden" name="character" value="">
 	<table class="myaac-table" style="width: 100%">
 		<thead>

system/templates/account/lost/recovery-key.html.twig

@@ -1,5 +1,8 @@
 If you enter right recovery key you will see form to set new e-mail and password to account. To this e-mail will be send your new password and account name.<BR>
 <form action="{{ getLink('account/lost/recovery-key/step-2') }}" method="post">
+
+	{{ csrf() }}
+
 	<table class="myaac-table" style="width: 100%;">
 
 		<thead>