Files
paul a3546b4c01 Security hardening: env-based config, CSRF protection, secure code generation, plus presenter management and email communications system
- Move all credentials from hardcoded to .env with python-dotenv (add .env.example template and .gitignore)
- Add CSRF token generation and validation on all state-changing requests
- Replace random.choices with secrets.choice for all secure code generation
- Add session cookie security headers (HttpOnly, Secure, SameSite)
- Add presenter management: assign/remove presenters to breakout sessions, presenter QR scanning
- Add email communications system: templates per event, custom email sending, sent email tracking
- Add staff/organizer profile pages with staff code display
- New DB tables: event_email_templates, sent_emails, user_communications
- New DB columns: staff.reminder_count/reminder_dates, breakout_session_organizers.presenter_code
- Expand English translation strings across all new features

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-26 20:34:48 +00:00

34 lines
1.4 KiB
HTML

{% extends "base.html" %}
{% block title %}{{ 'complete_registration'|t }} - NetEvents{% endblock %}
{% block content %}
<div class="invite-page">
<div class="invite-box">
<h1>{{ 'youre_invited'|t }} {{ event.name }}</h1>
<p class="invite-info">{{ 'set_password_complete'|t }}</p>
<form method="POST" action="{{ url_for('staff_invite', token=staff.invite_token) }}" class="invite-form">
<div class="form-group">
<label for="password">{{ 'password'|t }}</label>
<input type="password" id="password" name="password" required minlength="8">
</div>
<div class="form-group">
<label for="confirm_password">{{ 'confirm_password'|t }}</label>
<input type="password" id="confirm_password" name="confirm_password" required minlength="8">
</div>
{% if recaptcha_site_key %}
<div class="form-group recaptcha-container">
<div class="g-recaptcha" data-sitekey="{{ recaptcha_site_key }}"></div>
</div>
{% endif %}
<div class="form-actions">
<button type="submit" class="btn btn-primary">{{ 'complete_registration'|t }}</button>
</div>
</form>
</div>
</div>
{% if recaptcha_site_key %}
<script src="https://www.google.com/recaptcha/api.js" async defer></script>
{% endif %}
{% endblock %}