mirror of
https://github.com/tmdinosaurcenter/kiosk-guestbook.git
synced 2026-06-04 03:50:14 -06:00
steve
ecdcc044b7
Installs Flask-WTF and enables CSRFProtect globally. Adds csrf_token hidden fields to all four POST forms (login, delete entry, add user, delete user, and the public guestbook form). Exempts the API endpoint which uses header-based key auth instead.
36 lines
1.6 KiB
HTML
36 lines
1.6 KiB
HTML
<!doctype html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="utf-8" />
|
|
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
|
<title>Guestbook Admin — Login</title>
|
|
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet" />
|
|
</head>
|
|
<body class="bg-light">
|
|
<div class="container py-5" style="max-width: 400px;">
|
|
<h1 class="h4 mb-4 text-center">Admin Login</h1>
|
|
<div class="card">
|
|
<div class="card-body">
|
|
{% if error %}
|
|
<div class="alert alert-danger py-2">{{ error }}</div>
|
|
{% endif %}
|
|
<form method="POST" action="{{ url_for('admin_login', next=request.args.get('next', '')) }}">
|
|
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
|
|
<div class="mb-3">
|
|
<label for="username" class="form-label">Username</label>
|
|
<input type="text" id="username" name="username" class="form-control"
|
|
autocomplete="username" required autofocus />
|
|
</div>
|
|
<div class="mb-3">
|
|
<label for="password" class="form-label">Password</label>
|
|
<input type="password" id="password" name="password" class="form-control"
|
|
autocomplete="current-password" required />
|
|
</div>
|
|
<button type="submit" class="btn btn-primary w-100">Log In</button>
|
|
</form>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html>
|