MyShaarli/tpl/loginform.html
ArthurHoaro 5f85fcd863 Working on shaarli/Shaarli#224
I reviewed character escaping everywhere with the following ideas:

  * use a single common function to escape user data: `escape` using `htmlspecialchars`.
  * sanitize fields in `index.php` after reading them from datastore and before sending them to templates.
  	It means no escaping function in Twig templates.
    2 reasons:
    * it reduces risks of security issue for future user made templates
    * more readable templates
  * sanitize user configuration fields after loading them.
2015-06-23 16:35:36 +02:00

28 lines
1 KiB
HTML

<!DOCTYPE html>
<html>
<head>{include="includes"}</head>
<body{if="ban_canLogin()"} onload="document.loginform.login.focus();"{/if}>
<div id="pageheader">
{include="page.header"}
<div id="headerform">
{if="!ban_canLogin()"}
You have been banned from login after too many failed attempts. Try later.
{else}
<form method="post" name="loginform">
<label for="login">Login: <input type="text" id="login" name="login" tabindex="1"></label>
<label for="password">Password: <input type="password" id="password" name="password" tabindex="2"></label>
<input type="submit" value="Login" class="bigbutton" tabindex="4">
<label for="longlastingsession">
<input type="checkbox" name="longlastingsession" id="longlastingsession" tabindex="3">
Stay signed in (Do not check on public computers)</label>
<input type="hidden" name="token" value="{$token}">
{if="$returnurl"}<input type="hidden" name="returnurl" value="{$returnurl}">{/if}
</form>
{/if}
</div>
</div>
{include="page.footer"}
</body>
</html>