From: stronk7 <stronk7>
Date: Sat, 2 Oct 2004 19:50:16 +0000 (+0000)
Subject: admin/auth.php is now using sesskey.
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=df0d5501d93c4442e8771eb8cf0e2880d6b1ca64;p=moodle.git

admin/auth.php is now using sesskey.

Merged from MOODLE_14_STABLE
---

diff --git a/admin/auth.php b/admin/auth.php
index 2a1c93dcf5..6a808835c0 100644
--- a/admin/auth.php
+++ b/admin/auth.php
@@ -12,6 +12,9 @@
         error("Only the admin can use this page");
     }
 
+    if (!confirm_sesskey()) {
+        error(get_string('confirmsesskeybad', 'error'));
+    }
 
 /// If data submitted, then process and store.
 
@@ -27,7 +30,7 @@
                     notify("Problem saving config $name as $value");
                 }
             }
-            redirect("auth.php", get_string("changessaved"), 1);
+            redirect("auth.php?sesskey=$USER->sesskey", get_string("changessaved"), 1);
             exit;
 
         } else {
@@ -94,9 +97,10 @@
 
     echo "<center><p><b>";
     echo "<form target=\"{$CFG->framename}\" name=\"authmenu\" method=\"post\" action=\"auth.php\">";
+    echo "<input type=\"hidden\" name=\"sesskey\" value=\"".$USER->sesskey."\">";
     print_string("chooseauthmethod","auth");
 
-    choose_from_menu ($options, "auth", $auth, "","document.location='auth.php?auth='+document.authmenu.auth.options[document.authmenu.auth.selectedIndex].value", "");
+    choose_from_menu ($options, "auth", $auth, "","document.location='auth.php?sesskey=$USER->sesskey&auth='+document.authmenu.auth.options[document.authmenu.auth.selectedIndex].value", "");
 
     echo "</b></p></center>";
         
diff --git a/admin/index.php b/admin/index.php
index 1a8d1da947..1809bdd084 100644
--- a/admin/index.php
+++ b/admin/index.php
@@ -310,7 +310,7 @@
                             $configdata);
 
 
-    $userdata = "<font size=+1>&nbsp;</font><a href=\"auth.php\">".get_string("authentication")."</a> - <font size=\"1\">".
+    $userdata = "<font size=+1>&nbsp;</font><a href=\"auth.php?sesskey=$USER->sesskey\">".get_string("authentication")."</a> - <font size=\"1\">".
                  get_string("adminhelpauthentication")."</font><br />";
     $userdata .= "<font size=+1>&nbsp;</font><a href=\"user.php\">".get_string("edituser")."</a> - <font size=\"1\">".
                  get_string("adminhelpedituser")."</font><br />";
diff --git a/admin/users.php b/admin/users.php
index 71bb38d91b..e9f72fb8a7 100644
--- a/admin/users.php
+++ b/admin/users.php
@@ -22,7 +22,7 @@
 
     $table->align = array ("right", "left");
 
-    $table->data[] = array("<b><a href=\"auth.php\">".get_string("authentication")."</a></b>",
+    $table->data[] = array("<b><a href=\"auth.php?sesskey=$USER->sesskey\">".get_string("authentication")."</a></b>",
                            get_string("adminhelpauthentication"));
 
     $table->data[] = array("<b><a href=\"user.php\">".get_string("edituser")."</a></b>",