form security token for mod register ported from zap

2 files changed, 9 insertions, 4 deletions

diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php
index f9d81be0c..bc813f8e1 100644
--- a/Zotlabs/Module/Register.php
+++ b/Zotlabs/Module/Register.php
@@ -1,10 +1,11 @@
 <?php
 namespace Zotlabs\Module;
 
-require_once('include/channel.php');
+use Zotlabs\Web\Controller;
 
+require_once('include/security.php');
 
-class Register extends \Zotlabs\Web\Controller {
+class Register extends Controller {
 
 	function init() {
 	
@@ -39,7 +40,9 @@ class Register extends \Zotlabs\Web\Controller {
 	
 	
 	function post() {
-	
+
+		check_form_security_token_redirectOnErr('/register', 'register');
+
 		$max_dailies = intval(get_config('system','max_daily_registrations'));
 		if($max_dailies) {
 			$r = q("select count(account_id) as total from account where account_created > %s - INTERVAL %s",
@@ -269,7 +272,8 @@ class Register extends \Zotlabs\Web\Controller {
 		require_once('include/bbcode.php');
 	
 		$o = replace_macros(get_markup_template('register.tpl'), array(
-	
+
+			'$form_security_token' => get_form_security_token("register"),
 			'$title'        => t('Registration'),
 			'$reg_is'       => $registration_is,
 			'$registertext' => bbcode(get_config('system','register_text')),
diff --git a/view/tpl/register.tpl b/view/tpl/register.tpl
index 33ca46ba1..1054c7567 100755
--- a/view/tpl/register.tpl
+++ b/view/tpl/register.tpl
@@ -4,6 +4,7 @@
 	</div>
 	<div class="section-content-wrapper">
 		<form action="register" method="post" id="register-form">
+			<input type='hidden' name='form_security_token' value='{{$form_security_token}}'>
 			{{if $reg_is}}
 			<div class="section-content-warning-wrapper">
 				<div id="register-desc" class="descriptive-paragraph">{{$reg_is}}</div>