diff options
author | Lukas Fleischer <lfleischer@archlinux.org> | 2020-01-30 11:52:32 +0100 |
---|---|---|
committer | Lukas Fleischer <lfleischer@archlinux.org> | 2020-01-30 13:25:15 +0100 |
commit | 8fc8898fef39af20a24c9928464fd8420481d819 (patch) | |
tree | 34cf8f9eeeb9b642e074d2a5b1186ecbf6b8b3a1 /web/template/account_delete.php | |
parent | 7aa420d24da7e8c2c214ab421d44b4684d42e73e (diff) | |
download | aur-8fc8898fef39af20a24c9928464fd8420481d819.tar.gz aur-8fc8898fef39af20a24c9928464fd8420481d819.tar.xz |
Require password when deleting an account
Further reduce the attack surface in case of a stolen session ID.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Diffstat (limited to 'web/template/account_delete.php')
-rw-r--r-- | web/template/account_delete.php | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/web/template/account_delete.php b/web/template/account_delete.php index 718b172f..d0c6e74d 100644 --- a/web/template/account_delete.php +++ b/web/template/account_delete.php @@ -12,8 +12,15 @@ <input type="hidden" name="token" value="<?= htmlspecialchars($_COOKIE['AURSID']) ?>" /> </fieldset> <fieldset> - <p><label class="confirmation"><input type="checkbox" name="confirm" value="1" /> - <?= __("Confirm deletion") ?></label></p> + <p> + <label for="id_passwd"><?= __("Password") ?>:</label> + <input type="password" size="30" name="passwd" id="id_passwd" value="" /> + </p> + + <p> + <label class="confirmation"><input type="checkbox" name="confirm" value="1" /> + <?= __("Confirm deletion") ?></label> + </p> <p> <input type="submit" class="button" value="<?= __("Delete") ?>" /> |