本文整理汇总了PHP中checkCSRF函数的典型用法代码示例。如果您正苦于以下问题:PHP checkCSRF函数的具体用法?PHP checkCSRF怎么用?PHP checkCSRF使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了checkCSRF函数的10个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: procDocumentManageCheckedDocument
/**
* Move/ Delete the document in the seession
* @return void|Object
*/
function procDocumentManageCheckedDocument()
{
@set_time_limit(0);
if (!Context::get('is_logged')) {
return new Object(-1, 'msg_not_permitted');
}
if (!checkCSRF()) {
return new Object(-1, 'msg_invalid_request');
}
$type = Context::get('type');
$target_module = Context::get('target_module');
$module_srl = Context::get('module_srl');
if ($target_module && !$module_srl) {
$module_srl = $target_module;
}
$category_srl = Context::get('target_category');
// send default message - misol 2015-07-23
$send_default_message = Context::get('send_default_message');
if ($send_default_message === 'Y') {
$logged_info = Context::get('logged_info');
$message_content = '';
$default_message_verbs = lang('default_message_verbs');
if (isset($default_message_verbs[$type]) && is_string($default_message_verbs[$type])) {
$message_content = sprintf(lang('default_message_format'), $logged_info->nick_name, $default_message_verbs[$type]);
}
} else {
$message_content = Context::get('message_content');
if ($message_content) {
$message_content = nl2br($message_content);
}
}
$cart = Context::get('cart');
if (!is_array($cart)) {
$document_srl_list = explode('|@|', $cart);
} else {
$document_srl_list = $cart;
}
$document_srl_count = count($document_srl_list);
$oDocumentModel = getModel('document');
$document_items = array();
foreach ($document_srl_list as $document_srl) {
$oDocument = $oDocumentModel->getDocument($document_srl);
$document_items[] = $oDocument;
if (!$oDocument->isGranted()) {
return $this->stop('msg_not_permitted');
}
}
// Set a spam-filer not to be filtered to spams
$oSpamController = getController('spamfilter');
$oSpamController->setAvoidLog();
$oDocumentAdminController = getAdminController('document');
if ($type == 'move') {
if (!$module_srl) {
return new Object(-1, 'fail_to_move');
}
$output = $oDocumentAdminController->moveDocumentModule($document_srl_list, $module_srl, $category_srl);
if (!$output->toBool()) {
return new Object(-1, 'fail_to_move');
}
$msg_code = 'success_moved';
} else {
if ($type == 'copy') {
if (!$module_srl) {
return new Object(-1, 'fail_to_move');
}
$output = $oDocumentAdminController->copyDocumentModule($document_srl_list, $module_srl, $category_srl);
if (!$output->toBool()) {
return new Object(-1, 'fail_to_move');
}
$msg_code = 'success_copied';
} else {
if ($type == 'delete') {
$oDB =& DB::getInstance();
$oDB->begin();
for ($i = 0; $i < $document_srl_count; $i++) {
$document_srl = $document_srl_list[$i];
$output = $this->deleteDocument($document_srl, true);
if (!$output->toBool()) {
return new Object(-1, 'fail_to_delete');
}
}
$oDB->commit();
$msg_code = 'success_deleted';
} else {
if ($type == 'trash') {
$args = new stdClass();
$args->description = $message_content;
$oDB =& DB::getInstance();
$oDB->begin();
for ($i = 0; $i < $document_srl_count; $i++) {
$args->document_srl = $document_srl_list[$i];
$output = $this->moveDocumentToTrash($args);
if (!$output || !$output->toBool()) {
return new Object(-1, 'fail_to_trash');
}
}
//.........这里部分代码省略.........
示例2: procMemberAdminInsert
/**
* Add a user (Administrator)
* @return void|Object (void : success, Object : fail)
*/
function procMemberAdminInsert()
{
// if(Context::getRequestMethod() == "GET") return new Object(-1, "msg_invalid_request");
// Extract the necessary information in advance
$logged_info = Context::get('logged_info');
if ($logged_info->is_admin != 'Y' || !checkCSRF()) {
return new Object(-1, 'msg_invalid_request');
}
$args = Context::gets('member_srl', 'email_address', 'find_account_answer', 'allow_mailing', 'allow_message', 'denied', 'is_admin', 'description', 'group_srl_list', 'limit_date');
$oMemberModel =& getModel('member');
$config = $oMemberModel->getMemberConfig();
$getVars = array();
if ($config->signupForm) {
foreach ($config->signupForm as $formInfo) {
if ($formInfo->isDefaultForm && ($formInfo->isUse || $formInfo->required || $formInfo->mustRequired)) {
$getVars[] = $formInfo->name;
}
}
}
foreach ($getVars as $val) {
$args->{$val} = Context::get($val);
}
$args->member_srl = Context::get('member_srl');
if (Context::get('reset_password')) {
$args->password = Context::get('reset_password');
} else {
unset($args->password);
}
// Remove some unnecessary variables from all the vars
$all_args = Context::getRequestVars();
unset($all_args->module);
unset($all_args->act);
unset($all_args->mid);
unset($all_args->error_return_url);
unset($all_args->success_return_url);
unset($all_args->ruleset);
if (!isset($args->limit_date)) {
$args->limit_date = "";
}
unset($all_args->password);
unset($all_args->password2);
unset($all_args->reset_password);
// Add extra vars after excluding necessary information from all the requested arguments
$extra_vars = delObjectVars($all_args, $args);
$args->extra_vars = serialize($extra_vars);
// Check if an original member exists having the member_srl
if ($args->member_srl) {
// Create a member model object
$oMemberModel = getModel('member');
// Get memebr profile
$columnList = array('member_srl');
$member_info = $oMemberModel->getMemberInfoByMemberSrl($args->member_srl, 0, $columnList);
// If no original member exists, make a new one
if ($member_info->member_srl != $args->member_srl) {
unset($args->member_srl);
}
}
// remove whitespace
$checkInfos = array('user_id', 'nick_name', 'email_address');
$replaceStr = array("\r\n", "\r", "\n", " ", "\t", "");
foreach ($checkInfos as $val) {
if (isset($args->{$val})) {
$args->{$val} = str_replace($replaceStr, '', $args->{$val});
}
}
$oMemberController = getController('member');
// Execute insert or update depending on the value of member_srl
if (!$args->member_srl) {
$args->password = Context::get('password');
$output = $oMemberController->insertMember($args);
$msg_code = 'success_registed';
} else {
$output = $oMemberController->updateMember($args);
$msg_code = 'success_updated';
}
if (!$output->toBool()) {
return $output;
}
// Save Signature
$signature = Context::get('signature');
$oMemberController->putSignature($args->member_srl, $signature);
// Return result
$this->add('member_srl', $args->member_srl);
$this->setMessage($msg_code);
$profile_image = $_FILES['profile_image'];
if (is_uploaded_file($profile_image['tmp_name'])) {
$oMemberController->insertProfileImage($args->member_srl, $profile_image['tmp_name']);
}
$image_mark = $_FILES['image_mark'];
if (is_uploaded_file($image_mark['tmp_name'])) {
$oMemberController->insertImageMark($args->member_srl, $image_mark['tmp_name']);
}
$image_name = $_FILES['image_name'];
if (is_uploaded_file($image_name['tmp_name'])) {
$oMemberController->insertImageName($args->member_srl, $image_name['tmp_name']);
}
//.........这里部分代码省略.........
示例3: updateComment
/**
* Fix the comment
* @param object $obj
* @param bool $is_admin
* @param bool $manual_updated
* @return object
*/
function updateComment($obj, $is_admin = FALSE, $manual_updated = FALSE)
{
if (!$manual_updated && !checkCSRF()) {
return new Object(-1, 'msg_invalid_request');
}
if (!is_object($obj)) {
$obj = new stdClass();
}
$obj->__isupdate = TRUE;
// call a trigger (before)
$output = ModuleHandler::triggerCall('comment.updateComment', 'before', $obj);
if (!$output->toBool()) {
return $output;
}
// create a comment model object
$oCommentModel = getModel('comment');
// get the original data
$source_obj = $oCommentModel->getComment($obj->comment_srl);
if (!$source_obj->getMemberSrl()) {
$obj->member_srl = $source_obj->get('member_srl');
$obj->user_name = $source_obj->get('user_name');
$obj->nick_name = $source_obj->get('nick_name');
$obj->email_address = $source_obj->get('email_address');
$obj->homepage = $source_obj->get('homepage');
}
// check if permission is granted
if (!$is_admin && !$source_obj->isGranted()) {
return new Object(-1, 'msg_not_permitted');
}
if ($obj->password) {
$obj->password = getModel('member')->hashPassword($obj->password);
}
if ($obj->homepage) {
$obj->homepage = removeHackTag($obj->homepage);
if (!preg_match('/^[a-z]+:\\/\\//i', $obj->homepage)) {
$obj->homepage = 'http://' . $obj->homepage;
}
}
// set modifier's information if logged-in and posting author and modifier are matched.
if (Context::get('is_logged')) {
$logged_info = Context::get('logged_info');
if ($source_obj->member_srl == $logged_info->member_srl) {
$obj->member_srl = $logged_info->member_srl;
$obj->user_name = $logged_info->user_name;
$obj->nick_name = $logged_info->nick_name;
$obj->email_address = $logged_info->email_address;
$obj->homepage = $logged_info->homepage;
}
}
// if nick_name of the logged-in author doesn't exist
if ($source_obj->get('member_srl') && !$obj->nick_name) {
$obj->member_srl = $source_obj->get('member_srl');
$obj->user_name = $source_obj->get('user_name');
$obj->nick_name = $source_obj->get('nick_name');
$obj->email_address = $source_obj->get('email_address');
$obj->homepage = $source_obj->get('homepage');
}
if (!$obj->content) {
$obj->content = $source_obj->get('content');
}
// remove XE's wn tags from contents
$obj->content = preg_replace('!<\\!--(Before|After)(Document|Comment)\\(([0-9]+),([0-9]+)\\)-->!is', '', $obj->content);
if (Mobile::isFromMobilePhone()) {
if ($obj->use_html != 'Y') {
$obj->content = htmlspecialchars($obj->content, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
}
$obj->content = nl2br($obj->content);
}
// remove iframe and script if not a top administrator on the session
if ($logged_info->is_admin != 'Y') {
$obj->content = removeHackTag($obj->content);
}
// begin transaction
$oDB = DB::getInstance();
$oDB->begin();
// Update
$output = executeQuery('comment.updateComment', $obj);
if (!$output->toBool()) {
$oDB->rollback();
return $output;
}
// call a trigger (after)
if ($output->toBool()) {
$trigger_output = ModuleHandler::triggerCall('comment.updateComment', 'after', $obj);
if (!$trigger_output->toBool()) {
$oDB->rollback();
return $trigger_output;
}
}
// commit
$oDB->commit();
$output->add('comment_srl', $obj->comment_srl);
return $output;
//.........这里部分代码省略.........
示例4: requireData
/**
* Handle launch and/or set up the LTI session and global variables
*
* Make sure we have the values we need in the LTI session
* This routine will not start a session if none exists. It will
* die is there if no session_name() (PHPSESSID) cookie or
* parameter. No need to create any fresh sessions here.
*
* @param $needed (optional, mixed) Indicates which of
* the data structures are * needed. If this is omitted,
* this assumes that CONTEXT, LINK, and USER data are required.
* If LTIX::NONE is present, then none of the three are rquired.
* If some combination of the three are needed, this accepts
* an array of the LTIX::CONTEXT, LTIX: LINK, and LTIX::USER
* can be passed in.
*
*/
public static function requireData($needed = self::ALL)
{
global $CFG, $USER, $CONTEXT, $LINK;
if ($needed == self::NONE) {
$needed = array();
}
if ($needed == self::ALL) {
$needed = array(self::CONTEXT, self::LINK, self::USER);
}
if (is_string($needed)) {
$needed = array($needed);
}
// Check if we are processing an LTI launch. If so, handle it
self::launchCheck();
// Check to see if the session already exists.
$sess = session_name();
if (ini_get('session.use_cookies') != '0') {
if (!isset($_COOKIE[$sess])) {
send403();
die_with_error_log("Missing session cookie - please re-launch");
}
} else {
// non-cookie session
if (isset($_POST[$sess]) || isset($_GET[$sess])) {
// We tried to set a session..
} else {
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
send403();
die_with_error_log('Missing ' . $sess . ' from POST data');
} else {
send403();
die_with_error_log('This tool should be launched from a learning system using LTI');
}
}
}
// Start a session if it has not been started..
if (session_id() == "") {
session_start();
// Should reassociate
}
// This happens from time to time when someone closes and reopens a laptop
// Or their computer goes to sleep and wakes back up hours later.
// So it is just a warning - nothing much we can do except tell them.
if (!isset($_SESSION['lti'])) {
// $debug = safe_var_dump($_SESSION);
// error_log($debug);
send403();
error_log('Session expired - please re-launch ' . session_id());
die('Session expired - please re-launch');
// with error_log
}
// Check the referrer...
$trusted = checkReferer() || checkCSRF();
// Check to see if we switched browsers or IP addresses
// TODO: Change these to warnings once we get more data
if (!$trusted && isset($_SESSION['HTTP_USER_AGENT'])) {
if (!isset($_SERVER['HTTP_USER_AGENT']) || $_SESSION['HTTP_USER_AGENT'] != $_SERVER['HTTP_USER_AGENT']) {
send403();
die_with_error_log("Session has expired", " " . session_id() . " HTTP_USER_AGENT " . $_SESSION['HTTP_USER_AGENT'] . ' ::: ' . isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : 'Empty user agent', 'DIE:');
}
}
// We only check the first three octets as some systems wander throught the addresses on
// class C - Perhaps it is even NAT - who knows - but we forgive those on the same Class C
if (!$trusted && isset($_SESSION['REMOTE_ADDR']) && isset($_SERVER['REMOTE_ADDR'])) {
$sess_pieces = explode('.', $_SESSION['REMOTE_ADDR']);
$serv_pieces = explode('.', $_SERVER['REMOTE_ADDR']);
if (count($sess_pieces) == 4 && count($serv_pieces) == 4) {
if ($sess_pieces[0] != $serv_pieces[0] || $sess_pieces[1] != $serv_pieces[1] || $sess_pieces[2] != $serv_pieces[2]) {
send403();
die_with_error_log('Session address has expired', " " . session_id() . " REMOTE_ADDR " . $_SESSION['REMOTE_ADDR'] . ' ' . $_SERVER['REMOTE_ADDR'], 'DIE:');
}
}
}
// Check to see if the user has navigated to a new place in the hierarchy
if (isset($_SESSION['script_path']) && getScriptPath() != 'core/blob' && strpos(getScriptPath(), $_SESSION['script_path']) !== 0) {
send403();
die_with_error_log('Improper navigation detected', " " . session_id() . " script_path " . $_SESSION['script_path'] . ' / ' . getScriptPath(), 'DIE:');
}
$LTI = $_SESSION['lti'];
if (is_array($needed)) {
foreach ($needed as $feature) {
if (isset($LTI[$feature])) {
continue;
//.........这里部分代码省略.........
示例5: str_normalize
$email = str_normalize($validator->optionalPostVar('email'));
$title = trim($validator->optionalPostVar('title'));
$rm_groups = $validator->optionalPostVar('remove_groups');
$add_groups = $validator->optionalPostVar('add_groups');
$enabled = $validator->optionalPostVar('enabled');
$primary_group_id = $validator->optionalPostVar('primary_group_id');
// For updating passwords. The user's current password must also be included (passwordcheck) if they are resetting their own password.
$password = $validator->optionalPostVar('password');
$passwordc = $validator->optionalPostVar('passwordc');
$passwordcheck = $validator->optionalPostVar('passwordcheck');
// Add alerts for any failed input validation
foreach ($validator->errors as $error) {
addAlert("danger", $error);
}
// Validate csrf token
checkCSRF($ajax, $csrf_token);
if (count($validator->errors) > 0) {
apiReturnError($ajax, getReferralPage());
}
// Special case to update the logged in user (self)
$self = false;
if ($user_id == "0") {
$self = true;
$user_id = $loggedInUser->user_id;
}
//Check if selected user exists
if (!$user_id or !userIdExists($user_id)) {
addAlert("danger", lang("ACCOUNT_INVALID_USER_ID"));
apiReturnError($ajax, getReferralPage());
}
$userdetails = fetchUserAuthById($user_id);示例6: session_start
<?php
session_start();
include_once "testlogin.php";
redirectIfNotLoggedIn("https://127.0.0.1/");
?>
<html>
<body>
<?php
include_once "../nonPublic/csrftoken.php";
if (!checkCSRF()) {
if (!function_exists("redirect")) {
function redirect($url)
{
$h = "Location: " . $url;
header($h);
die;
}
redirect("https://127.0.0.1/searchView.php");
}
}
//Visa valda produkter.
echo "If confirmed, the following items will be purchased:<br/>";
echo "<table>";
for ($x = 1; $x <= $_SESSION['purchaseNbr']; $x++) {
$username = $_SESSION["username"];
$itemId = $_SESSION["purchasesId" . $x];
$itemName = $_SESSION["purchases" . $x];
echo "<tr><th> " . $itemName . " </th>";示例7: insertComment
/**
* Enter comments
* @param object $obj
* @param bool $manual_inserted
* @return object
*/
function insertComment($obj, $manual_inserted = FALSE)
{
if (!$manual_inserted && !checkCSRF()) {
return new Object(-1, 'msg_invalid_request');
}
if (!is_object($obj)) {
$obj = new stdClass();
}
// check if comment's module is using comment validation and set the publish status to 0 (false)
// for inserting query, otherwise default is 1 (true - means comment is published)
$using_validation = $this->isModuleUsingPublishValidation($obj->module_srl);
if (!$manual_inserted) {
if (Context::get('is_logged')) {
$logged_info = Context::get('logged_info');
if ($logged_info->is_admin == 'Y') {
$is_admin = TRUE;
} else {
$is_admin = FALSE;
}
}
} else {
$is_admin = FALSE;
}
if (!$using_validation) {
$obj->status = 1;
} else {
if ($is_admin) {
$obj->status = 1;
} else {
$obj->status = 0;
}
}
$obj->__isupdate = FALSE;
// call a trigger (before)
$output = ModuleHandler::triggerCall('comment.insertComment', 'before', $obj);
if (!$output->toBool()) {
return $output;
}
// check if a posting of the corresponding document_srl exists
$document_srl = $obj->document_srl;
if (!$document_srl) {
return new Object(-1, 'msg_invalid_document');
}
// get a object of document model
$oDocumentModel = getModel('document');
// even for manual_inserted if password exists, hash it.
if ($obj->password) {
$obj->password = getModel('member')->hashPassword($obj->password);
}
// get the original posting
if (!$manual_inserted) {
$oDocument = $oDocumentModel->getDocument($document_srl);
if ($document_srl != $oDocument->document_srl) {
return new Object(-1, 'msg_invalid_document');
}
if ($oDocument->isLocked()) {
return new Object(-1, 'msg_invalid_request');
}
if ($obj->homepage) {
$obj->homepage = removeHackTag($obj->homepage);
if (!preg_match('/^[a-z]+:\\/\\//i', $obj->homepage)) {
$obj->homepage = 'http://' . $obj->homepage;
}
}
// input the member's information if logged-in
if (Context::get('is_logged')) {
$logged_info = Context::get('logged_info');
$obj->member_srl = $logged_info->member_srl;
// user_id, user_name and nick_name already encoded
$obj->user_id = htmlspecialchars_decode($logged_info->user_id);
$obj->user_name = htmlspecialchars_decode($logged_info->user_name);
$obj->nick_name = htmlspecialchars_decode($logged_info->nick_name);
$obj->email_address = $logged_info->email_address;
$obj->homepage = $logged_info->homepage;
}
}
// error display if neither of log-in info and user name exist.
if (!$logged_info->member_srl && !$obj->nick_name) {
return new Object(-1, 'msg_invalid_request');
}
if (!$obj->comment_srl) {
$obj->comment_srl = getNextSequence();
} elseif (!$is_admin && !$manual_inserted && !checkUserSequence($obj->comment_srl)) {
return new Object(-1, 'msg_not_permitted');
}
// determine the order
$obj->list_order = getNextSequence() * -1;
// remove XE's own tags from the contents
$obj->content = preg_replace('!<\\!--(Before|After)(Document|Comment)\\(([0-9]+),([0-9]+)\\)-->!is', '', $obj->content);
if (Mobile::isFromMobilePhone()) {
if ($obj->use_html != 'Y') {
$obj->content = htmlspecialchars($obj->content, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
}
$obj->content = nl2br($obj->content);
//.........这里部分代码省略.........
示例8: procModule
/**
* get a module instance and execute an action
* @return ModuleObject executed module instance
* */
function procModule()
{
$oModuleModel = getModel('module');
$display_mode = Mobile::isFromMobilePhone() ? 'mobile' : 'view';
// If error occurred while preparation, return a message instance
if ($this->error) {
$this->_setInputErrorToContext();
$oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode);
$oMessageObject->setError(-1);
$oMessageObject->setMessage($this->error);
$oMessageObject->dispMessage();
if ($this->httpStatusCode) {
$oMessageObject->setHttpStatusCode($this->httpStatusCode);
}
return $oMessageObject;
}
// Get action information with conf/module.xml
$xml_info = $oModuleModel->getModuleActionXml($this->module);
// If not installed yet, modify act
if ($this->module == "install") {
if (!$this->act || !$xml_info->action->{$this->act}) {
$this->act = $xml_info->default_index_act;
}
}
// if act exists, find type of the action, if not use default index act
if (!$this->act) {
$this->act = $xml_info->default_index_act;
}
// still no act means error
if (!$this->act) {
$this->error = 'msg_module_is_not_exists';
$this->httpStatusCode = '404';
$this->_setInputErrorToContext();
$oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode);
$oMessageObject->setError(-1);
$oMessageObject->setMessage($this->error);
$oMessageObject->dispMessage();
if ($this->httpStatusCode) {
$oMessageObject->setHttpStatusCode($this->httpStatusCode);
}
return $oMessageObject;
}
// get type, kind
$type = $xml_info->action->{$this->act}->type;
$ruleset = $xml_info->action->{$this->act}->ruleset;
$kind = stripos($this->act, 'admin') !== FALSE ? 'admin' : '';
if (!$kind && $this->module == 'admin') {
$kind = 'admin';
}
// check REQUEST_METHOD in controller
if ($type == 'controller') {
$allowedMethod = $xml_info->action->{$this->act}->method;
if (!$allowedMethod) {
$allowedMethodList[0] = 'POST';
} else {
$allowedMethodList = explode('|', strtoupper($allowedMethod));
}
if (!in_array(strtoupper($_SERVER['REQUEST_METHOD']), $allowedMethodList)) {
$this->error = "msg_invalid_request";
$oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode);
$oMessageObject->setError(-1);
$oMessageObject->setMessage($this->error);
$oMessageObject->dispMessage();
return $oMessageObject;
}
}
if ($this->module_info->use_mobile != "Y") {
Mobile::setMobile(FALSE);
}
$logged_info = Context::get('logged_info');
// check CSRF for POST actions
if (Context::getRequestMethod() === 'POST' && Context::isInstalled() && $this->act !== 'procFileUpload' && !checkCSRF()) {
$this->error = 'msg_invalid_request';
$oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode);
$oMessageObject->setError(-1);
$oMessageObject->setMessage($this->error);
$oMessageObject->dispMessage();
return $oMessageObject;
}
// Admin ip
if ($kind == 'admin' && $_SESSION['denied_admin'] == 'Y') {
$this->_setInputErrorToContext();
$this->error = "msg_not_permitted_act";
$oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode);
$oMessageObject->setError(-1);
$oMessageObject->setMessage($this->error);
$oMessageObject->dispMessage();
return $oMessageObject;
}
// if(type == view, and case for using mobilephone)
if ($type == "view" && Mobile::isFromMobilePhone() && Context::isInstalled()) {
$orig_type = "view";
$type = "mobile";
// create a module instance
$oModule = $this->getModuleInstance($this->module, $type, $kind);
if (!is_object($oModule) || !method_exists($oModule, $this->act)) {
//.........这里部分代码省略.........
示例9: session_start
<?php
session_start();
include_once "testlogin.php";
redirectIfNotLoggedIn("https://127.0.0.1/");
?>
<html>
<body>
<?php
include_once "../nonPublic/csrftoken.php";
include_once "database.php";
if (checkCSRF()) {
$database = new Database();
echo "If confirmed, the following items will be purchased:<br/>";
echo "<table>";
for ($x = 2; $x <= $_SESSION['purchaseNbr']; $x++) {
$username = $_SESSION["username"];
$itemId = $_SESSION["purchasesId" . $x];
$itemName = $_SESSION["purchases" . $x];
echo "<tr><th> " . $itemName . " </th>";
$mysqli = $database->openConnection();
$sql = "INSERT INTO purchases (email,itemId,purchDate) VALUES ( ? , ?, NOW() )";
$stmt = $mysqli->prepare($sql);
if ($stmt->bind_param('ss', $username, $itemId)) {
if ($stmt->execute()) {
echo "<th> purchase successful </th></tr>";
}
}
$stmt->free_result();
$database->closeConnection($mysqli);
}示例10: dispLayoutPreview
/**
* Preview a layout
* @return void|Object (void : success, Object : fail)
*/
function dispLayoutPreview()
{
if (!checkCSRF()) {
$this->stop('msg_invalid_request');
return new Object(-1, 'msg_invalid_request');
}
// admin check
// this act is admin view but in normal view because do not load admin css/js files
$logged_info = Context::get('logged_info');
if ($logged_info->is_admin != 'Y') {
return $this->stop('msg_invalid_request');
}
$layout_srl = Context::get('layout_srl');
$code = Context::get('code');
$code_css = Context::get('code_css');
if (!$layout_srl || !$code) {
return new Object(-1, 'msg_invalid_request');
}
// Get the layout information
$oLayoutModel = getModel('layout');
$layout_info = $oLayoutModel->getLayout($layout_srl);
if (!$layout_info) {
return new Object(-1, 'msg_invalid_request');
}
// Separately handle the layout if its type is faceoff
if ($layout_info && $layout_info->type == 'faceoff') {
$oLayoutModel->doActivateFaceOff($layout_info);
}
// Apply CSS directly
Context::addHtmlHeader("<style type=\"text/css\" charset=\"UTF-8\">" . $code_css . "</style>");
// Set names and values of extra_vars to $layout_info
if ($layout_info->extra_var_count) {
foreach ($layout_info->extra_var as $var_id => $val) {
$layout_info->{$var_id} = $val->value;
}
}
// menu in layout information becomes an argument for Context:: set
if ($layout_info->menu_count) {
foreach ($layout_info->menu as $menu_id => $menu) {
$menu->php_file = FileHandler::getRealPath($menu->php_file);
if (FileHandler::exists($menu->php_file)) {
include $menu->php_file;
}
Context::set($menu_id, $menu);
}
}
Context::set('layout_info', $layout_info);
Context::set('content', lang('layout_preview_content'));
// Temporary save the codes
$edited_layout_file = _XE_PATH_ . 'files/cache/layout/tmp.tpl';
FileHandler::writeFile($edited_layout_file, $code);
// Compile
$oTemplate =& TemplateHandler::getInstance();
$layout_path = $layout_info->path;
$layout_file = 'layout';
$layout_tpl = $oTemplate->compile($layout_path, $layout_file, $edited_layout_file);
Context::set('layout', 'none');
// Convert widgets and others
$oContext =& Context::getInstance();
Context::set('layout_tpl', $layout_tpl);
// Delete Temporary Files
FileHandler::removeFile($edited_layout_file);
$this->setTemplateFile('layout_preview');
}