From 54b8a8ce4e0934e491cb53d6e22fd0a53322d8d0 Mon Sep 17 00:00:00 2001
From: Jared Hancock <jared@osticket.com>
Date: Mon, 27 Jul 2015 16:34:54 -0500
Subject: [PATCH] csrf: Fix CRSF violation on client login

---
 login.php       | 13 -------------
 scp/css/scp.css |  4 ++--
 2 files changed, 2 insertions(+), 15 deletions(-)

diff --git a/login.php b/login.php
index 0d6f9e3d4..7971e1074 100644
--- a/login.php
+++ b/login.php
@@ -32,19 +32,6 @@ else
 
 $suggest_pwreset = false;
 
-// Check the CSRF token, and ensure that future requests will have to use a
-// different CSRF token. This will help ward off both parallel and serial
-// brute force attacks, because new tokens will have to be requested for
-// each attempt.
-if ($_POST) {
-    // Check CSRF token
-    if (!$ost->checkCSRFToken())
-        Http::response(400, __('Valid CSRF Token Required'));
-
-    // Rotate the CSRF token (original cannot be reused)
-    $ost->getCSRF()->rotate();
-}
-
 if ($_POST && isset($_POST['luser'])) {
     if (!$_POST['luser'])
         $errors['err'] = __('Valid username or email address is required');
diff --git a/scp/css/scp.css b/scp/css/scp.css
index dee26d771..f01bbcba4 100644
--- a/scp/css/scp.css
+++ b/scp/css/scp.css
@@ -1249,7 +1249,7 @@ ul.tabs.alt li.active {
     display:block;
     height:30px;
     position:absolute;
-    z-index:5;
+    z-index:10;
 }
 
 .tip_arrow {
@@ -1258,7 +1258,7 @@ ul.tabs.alt li.active {
     top:5px;
     left:-12px;
     width:12px;
-    z-index:102;
+    z-index:1;
 }
 
 .tip_box.right .tip_arrow {
-- 
GitLab