本文整理汇总了PHP中check_csrf函数的典型用法代码示例。如果您正苦于以下问题:PHP check_csrf函数的具体用法?PHP check_csrf怎么用?PHP check_csrf使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了check_csrf函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1:
if (!empty($LANG['categories_subtitle'])) {
echo '<span>' . $LANG['categories_subtitle'] . '</span>';
}
echo '</div>';
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['csrf']) && check_csrf($_POST['csrf'], 'categories_csrf')) {
if (isset($_POST['delete'])) {
if (isset($_POST['id'])) {
if (actions::delete_category(array_keys($_POST['id']))) {
echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
}
} else {
if (isset($_GET['action']) && isset($_GET['token']) && check_csrf($_GET['token'], 'categories_csrf')) {
if ($_GET['action'] == 'delete') {
if (isset($_GET['id'])) {
if (actions::delete_category($_GET['id'])) {
echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
}
}
}
$csrf = $_SESSION['categories_csrf'] = \site\utils::str_random(10);
echo '<div class="page-toolbar">
<form action="#" method="GET" autocomplete="off" novalidate>示例2:
if (!empty($LANG['banned_subtitle'])) {
echo '<span>' . $LANG['banned_subtitle'] . '</span>';
}
echo '</div>';
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['csrf']) && check_csrf($_POST['csrf'], 'banned_csrf')) {
if (isset($_POST['delete'])) {
if (isset($_POST['id'])) {
if (actions::delete_banned(array_keys($_POST['id']))) {
echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
}
} else {
if (isset($_GET['action']) && isset($_GET['token']) && check_csrf($_GET['token'], 'banned_csrf')) {
if ($_GET['action'] == 'delete') {
if (isset($_GET['id'])) {
if (actions::delete_banned($_GET['id'])) {
echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
}
}
}
$csrf = $_SESSION['banned_csrf'] = \site\utils::str_random(10);
echo '<div class="page-toolbar">
<form action="#" method="GET" autocomplete="off">示例3: date
<?php
if (!$GLOBALS['me']->is_admin) {
die;
}
if (isset($_GET['csrf']) && ($_GET['csrf'] == \query\main::get_option('cron_secret') || check_csrf($_GET['csrf'], 'slider_csrf'))) {
//do sync
$nofav = $_GET['nofav'];
$fav = $_GET['fav'];
$fav_anchor = $_GET['fav_anchor'];
$favitem = $_GET['favdeal'];
$favsale = $_GET['favsale'];
$root = $_GET['root'];
$template = $_GET['template'];
$template_nofav = file_get_contents($root . $nofav);
$template_fav = file_get_contents($root . $fav);
$template_favitem = file_get_contents($root . $favitem);
$template_favsale = file_get_contents($root . $favsale);
$now = date("Y-m-d H:i:s");
$seo_link = defined('SEO_LINKS') && SEO_LINKS ? true : false;
$seo_link_coupon = \query\main::get_option('seo_link_coupon');
$seo_link_product = \query\main::get_option('seo_link_product');
$seo_link_store = \query\main::get_option('seo_link_store');
$sendy_url = \query\main::get_option('sendy_url') . 'subscribe';
$sendy_list_id = \query\main::get_option('sendy_list_id');
$userdata = array();
$coupondata = array();
//list subscribers
$stmt = $db->stmt_init();
$search = "SELECT id,name,email FROM users WHERE " . DB_TABLE_PREFIX . "subscriber>0 and valid>0 and email<>''";
$stmt->prepare($search);示例4: substr
<input type="hidden" name="csrf" value="' . $csrf . '" />
</form>';
break;
/** SOCIAL NETWORKS */
/** SOCIAL NETWORKS */
case 'socialacc':
echo '<div class="title">
<h2>' . $LANG['settings_general_title'] . '</h2>';
if (!empty($LANG['settings_socnet_subtitle'])) {
echo '<span>' . $LANG['settings_socnet_subtitle'] . '</span>';
}
echo '</div>';
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['post']) && isset($_POST['csrf']) && check_csrf($_POST['csrf'], 'settings_csrf')) {
$post = array_map(function ($w) {
if (preg_match('/^http(s)?:\\/\\//i', $w)) {
return substr($w, 0, 200);
}
}, $_POST['post']);
if (actions::set_option(array('social_facebook' => $post['facebook'], 'social_google' => $post['google'], 'social_twitter' => $post['twitter'], 'social_flickr' => $post['flickr'], 'social_linkedin' => $post['linkedin'], 'social_vimeo' => $post['videmo'], 'social_youtube' => $post['youtube'], 'social_myspace' => $post['myspace'], 'social_reddit' => $post['reddit'], 'social_pinterest' => $post['pinterest']))) {
echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['settings_save_error'] . '</div>';
}
}
$csrf = $_SESSION['settings_csrf'] = \site\utils::str_random(10);
echo '<form action="#" method="POST">
<div class="form-table">示例5: switch
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_GET['action'])) {
switch ($_GET['action']) {
case 'general-settings':
if (isset($_POST['csrf']) && check_csrf($_POST['csrf'], 'settings_csrf')) {
include dirname(__DIR__) . '/' . IDIR . '/others/GMT_list.php';
if (isset($_POST['sitename']) && isset($_POST['siteurl']) && isset($_POST['description']) && isset($_POST['ipp']) && isset($_POST['registrations']) && isset($_POST['accounts_per_ip']) && isset($_POST['delete_old_coupons']) && isset($_POST['allow_revs']) && isset($_POST['auvalid_revs']) && isset($_POST['allow_stores']) && isset($_POST['allow_coupons']) && isset($_POST['site_lang']) && isset($_POST['adminpanel_lang']) && isset($_POST['timezone']) && isset($_POST['hour_format']) && isset($_POST['email_from_name']) && isset($_POST['email_answer_to']) && isset($_POST['email_contact']) && isset($_POST['mail_meth']) && isset($_POST['smtp_host']) && isset($_POST['smtp_port']) && isset($_POST['smtp_user']) && isset($_POST['smtp_pass']) && isset($_POST['sendmail_path']) && isset($_POST['admin_theme'])) {
$_SESSION['js_settings'] = true;
}
if (actions::set_option(array('sitename' => $_POST['sitename'], 'siteurl' => rtrim($_POST['siteurl'], '/'), 'sitedescription' => $_POST['description'], 'items_per_page' => (int) $_POST['ipp'], 'registrations' => $_POST['registrations'], 'delete_old_coupons' => (int) $_POST['delete_old_coupons'], 'accounts_per_ip' => (int) $_POST['accounts_per_ip'], 'allow_reviews' => (int) $_POST['allow_revs'], 'review_validate' => (bool) $_POST['auvalid_revs'], 'allow_stores' => (bool) $_POST['allow_stores'], 'store_validate' => (bool) $_POST['auvalid_stos'], 'allow_coupons' => (bool) $_POST['allow_coupons'], 'coupon_validate' => (bool) $_POST['auvalid_cous'], 'allow_products' => (bool) $_POST['allow_products'], 'product_validate' => (bool) $_POST['auvalid_prods'], 'sitelang' => $_POST['site_lang'], 'adminpanel_lang' => $_POST['adminpanel_lang'], 'timezone' => in_array($_POST['timezone'], array_keys($gmt)) ? $_POST['timezone'] : 'America/New_York', 'hour_format' => in_array($_POST['hour_format'], array(12, 24)) ? $_POST['hour_format'] : 24, 'email_from_name' => $_POST['email_from_name'], 'email_answer_to' => $_POST['email_answer_to'], 'email_contact' => $_POST['email_contact'], 'mail_method' => $_POST['mail_meth'], 'smtp_auth' => isset($_POST['smtp_auth']) ? 1 : 0, 'smtp_host' => $_POST['smtp_host'], 'smtp_port' => $_POST['smtp_port'], 'smtp_user' => $_POST['smtp_user'], 'smtp_password' => $_POST['smtp_pass'], 'sendmail_path' => $_POST['sendmail_path'], 'admintheme' => $_POST['admin_theme'], 'mail_signature' => $_POST['mailsign']))) {
echo '<script type="text/javascript">
window.location = "?route=settings.php&action=general&success=true";
</script>';
die;
} else {
echo '<script type="text/javascript">
window.location = "?route=settings.php&action=general&success=false";
</script>';
die;
}
}
break;
}
}
?>
<script type="text/javascript">
window.location = "?route=settings.php&action=general&success=false";
示例6: substr
<?php
if (!$GLOBALS['me']->is_admin) {
die;
}
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['csrf']) && check_csrf($_POST['csrf'], 'slider_csrf')) {
if (isset($_POST['sendy_brand_id']) && isset($_POST['sendy_list_id']) && isset($_POST['sendy_reply_to']) && isset($_POST['sendy_from_email']) && isset($_POST['sendy_from_name']) && isset($_POST['sendy_api_key']) && isset($_POST['sendy_url']) && isset($_POST['sendy_template_root'])) {
//update account
$sendy_url = substr($_POST['sendy_url'], -1) == '/' ? $_POST['sendy_url'] : $_POST['sendy_url'] . '/';
$sendy_template_root = substr($_POST['sendy_template_root'], -1) == '/' ? $_POST['sendy_template_root'] : $_POST['sendy_template_root'] . '/';
$sendy_query_string = isset($_POST['sendy_query_string']) ? $_POST['sendy_query_string'] : '';
if (actions::set_option(array('sendy_query_string' => $sendy_query_string, 'sendy_brand_id' => $_POST['sendy_brand_id'], 'sendy_list_id' => $_POST['sendy_list_id'], 'sendy_reply_to' => $_POST['sendy_reply_to'], 'sendy_from_email' => $_POST['sendy_from_email'], 'sendy_from_name' => $_POST['sendy_from_name'], 'sendy_api_key' => $_POST['sendy_api_key'], 'sendy_url' => $sendy_url, 'sendy_template_root' => $sendy_template_root))) {
echo '<div class="a-success">Saved!</div>';
} else {
echo '<div class="a-error">Error!</div>';
}
} else {
echo '<div class="a-error">Param Error (' . isset($_POST['sendy_brand_id']) . ',' . isset($_POST['sendy_list_id']) . ',' . isset($_POST['sendy_reply_to']) . ',' . isset($_POST['sendy_from_email']) . ',' . isset($_POST['sendy_from_name']) . ',' . isset($_POST['sendy_api_key']) . ',' . isset($_POST['sendy_url']) . ')</div>';
}
} else {
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
echo '<div class="a-error">Signature Error</div';
}
}
$csrf = $_SESSION['slider_csrf'] = \site\utils::str_random(10);
switch ($_GET['action']) {
default:
echo '
<div class="title">
<h2>Sendy settings</h2>示例7:
if (!empty($LANG['rewards_subtitle'])) {
echo '<span>' . $LANG['rewards_subtitle'] . '</span>';
}
echo '</div>';
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['csrf']) && check_csrf($_POST['csrf'], 'rewards_csrf')) {
if (isset($_POST['delete'])) {
if (isset($_POST['id'])) {
if (actions::delete_reward(array_keys($_POST['id']))) {
echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
}
} else {
if (isset($_GET['action']) && isset($_GET['token']) && check_csrf($_GET['token'], 'rewards_csrf')) {
if ($_GET['action'] == 'delete') {
if (isset($_GET['id'])) {
if (actions::delete_reward($_GET['id'])) {
echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
}
}
}
$csrf = $_SESSION['rewards_csrf'] = \site\utils::str_random(10);
echo '<div class="page-toolbar">
<form action="#" method="GET" autocomplete="off">示例8: foreach
<a href="#" id="modify_mt_but">Meta Tags</a>
</form>
</div>';
}
}
break;
/** IMPORT COUPONS */
/** IMPORT COUPONS */
case 'import_coupons':
if (empty($_POST['id'])) {
echo '<div class="a-error">Select coupons that you want to import.</div>';
echo '<a href="#" class="btn" onclick="window.history.go(-1)">Back</a>';
} else {
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['token']) && check_csrf($_POST['token'], 'cjapi_csrf')) {
$success = $error = 0;
foreach ($_POST['coupon'] as $coupon) {
$coupon = json_decode(urldecode($coupon), true);
$id = key($coupon);
$coupon = current($coupon);
if (isset($_POST['id'][$id])) {
if (($store = \plugin\CJApi\inc\import::store_imported($coupon['Advertiser'])) && \plugin\CJApi\inc\actions::add_item(array('cjID' => $id, 'store' => $store->ID, 'category' => $store->catID, 'popular' => 0, 'exclusive' => 0, 'name' => $coupon['Title'], 'link' => isset($coupon['Link']) && filter_var($coupon['Link'], FILTER_VALIDATE_URL) ? $coupon['Link'] : '', 'code' => isset($coupon['Code']) ? $coupon['Code'] : '', 'description' => '', 'tags' => '', 'start' => isset($coupon['SD']) ? $coupon['SD'] : '', 'end' => isset($coupon['ED']) ? $coupon['ED'] : date('Y-m-d', strtotime(\query\main::get_option('cj_exp') . ' days')), 'publish' => 1, 'meta_title' => '', 'meta_desc' => ''))) {
$success++;
} else {
$error++;
}
}
}
echo '<div class="a-message">Import procedure has been successfully finished.</div>';
echo '<ul class="announce-box">示例9: json_decode
<span>Here you can edit the details of this coupon before the import</span>
</div>';
if (isset($_GET['coupon'])) {
$coupon_p = json_decode(urldecode($_GET['coupon']), true);
$store_p = json_decode(urldecode($_GET['store']), true);
$id = $coupon_p['id'];
}
if (!isset($store_p) || $store_p['storeID'] == 0) {
echo '<div class="a-error">Sorry, the store is not imported.</div>';
} else {
if ($coupon_p['couponID'] > 0) {
echo '<div class="a-alert">Sorry, the coupon is already imported.</div>';
} else {
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['coupon'])) {
if (isset($_POST['csrf']) && check_csrf($_POST['csrf'], 'cjapi_csrf')) {
$data = array('store' => $store_p['storeID'], 'category' => $_POST['coupon']['Category'], 'popular' => isset($_POST['coupon']['Popular']) ? true : false, 'exclusive' => isset($_POST['coupon']['Exclusive']) ? true : false, 'name' => $_POST['coupon']['Title'], 'url' => !isset($_POST['coupon']['Ownlink']) && isset($_POST['coupon']['Link']) && filter_var($_POST['coupon']['Link'], FILTER_VALIDATE_URL) ? $_POST['coupon']['Link'] : '', 'code' => $_POST['coupon']['Code'], 'description' => $_POST['coupon']['Description'], 'tags' => $_POST['coupon']['Tags'], 'start_on' => implode($_POST['coupon']['SD'], ', '), 'end_on' => implode($_POST['coupon']['ED'], ', '), 'publish' => isset($_POST['coupon']['Publish']) ? true : false, 'meta_title' => $_POST['coupon']['MTitle'], 'meta_desc' => $_POST['coupon']['MDesc']);
if (\plugin\Popshop\inc\actions::add_item(array(array_merge($coupon_p, $data))) > 0) {
echo '<div class="a-success">Added!</div><button class="btn" onclick="window.history.go(-2);">Back</button>';
return;
} else {
echo '<div class="a-error">Error!</div>';
}
}
}
$csrf = $_SESSION['cjapi_csrf'] = \site\utils::str_random(10);
$store = \plugin\Popshop\inc\actions::get_import_store($store_p['storeID']);
echo '<div class="form-table">
<form action="#" method="POST" autocomplete="off">
<div class="row"><span>Category:</span>示例10: u_settings_save
/**
* Called when submitting a changed user
*
* Todo: rewrite, because it's incomprehensible.
*
* @see libsave_change_user()
*/
function u_settings_save()
{
global $Pivot_Vars;
// check against unauthorised direct access.
check_csrf();
libsave_change_user(0);
}示例11: session_start
<?php
require_once 'db.php';
require_once 'csrf.php';
session_start();
if ($_SERVER['REQUEST_METHOD'] == "POST") {
if (!check_csrf($_POST['CSRF'])) {
$error = "Sorry! Invalid request";
$_SESSION['err'] = $error;
//errorRedirect($error,"register.php");
} else {
if (!isset($_POST['name'], $_POST['password'])) {
$_SESSION['err'] = "Please enter both fields";
} else {
if (empty($_POST['name']) || empty($_POST['password'])) {
$_SESSION['err'] = "Fields cannot be empty";
}
}
}
//$name = mysql_real_escape_string( $_POST[ 'name' ] );
//$password = strip_tags( $_POST[ 'password' ] );
$name = $_POST['name'];
$query = "SELECT * FROM `users` WHERE name=?";
try {
$stmt = $db->prepare($query);
$stmt->execute(array($name));
} catch (PDOException $e) {
die("Query error " . $e->getMessage());
}
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
if (empty($result)) {示例12: main_blog_delete
/**
* The screen to delete a weblog..
*/
function main_blog_delete()
{
global $Weblogs, $Pivot_Vars;
// Did the user confirm that he wants to delete?
if ($Pivot_Vars['confirmed'] != 1) {
// Not confirmed, show the confirmation option..
// Keep the (internal) name urlencoded since it is stored in the weblogs
// array with an urlencoded key.
$internal_name = urlencode($Pivot_Vars['name']);
$vars = array('name', $internal_name, 'blog_delete', 1);
$msg = lang('weblog_config', 'confirm_delete');
$msg = str_replace("%1", $Weblogs[$internal_name]['name'], $msg);
ConfirmPage(lang('ufield_main', 'del_title'), $vars, $msg);
} else {
// Confirmed, so delete the weblog.
// check against unauthorised direct access.
check_csrf();
$name = $Pivot_Vars['name'];
unset($Weblogs[$name]);
save_serialize('pv_cfg_weblogs.php', $Weblogs);
$msg = lang('weblog_config', 'deleted');
main_blogs($msg);
}
}示例13: foreach
<div class="el-row-body"' . (!empty($show_chat) ? ' style="display: none;"' : '') . '>
<div id="post-chat">';
$chat_csrf = \site\utils::str_random(10);
if (ab_to(array('chat' => 'add'))) {
echo '<form action="#" method="POST">
<input type="text" name="text" value="" placeholder="' . $LANG['chat_write_input'] . '" />
<button class="btn">' . $LANG['chat_write_button'] . '</button>
<a href="#" class="btn useggfont" title="Reload">Z</a>
<input type="hidden" name="chat_csrf" value="' . $chat_csrf . '" />
</form>';
}
echo '</div>';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['chat_csrf']) && check_csrf($_POST['chat_csrf'], 'chat_csrf') && isset($_POST['text'])) {
actions::post_chat_message($_POST['text']);
}
}
$_SESSION['chat_csrf'] = $chat_csrf;
echo '<ul class="elements-list" id="chat-msgs-list">';
if ($chatmsgs = admin_query::chat_messages() > 0) {
foreach (admin_query::while_chat_messages(array('max' => 5, 'orderby' => 'date DESC')) as $item) {
echo '<li>
<div style="display: table;">
<img src="' . \query\main::user_avatar($item->user_avatar) . '" alt="" />
<div class="info-div"><h2>' . $item->user_name . '
<span class="fright date">' . date('Y.m.d, ' . (\query\main::get_option('hour_format') == 12 ? 'g:i A' : 'G:i'), strtotime($item->date)) . '</span></h2>
<div class="info-bar">' . \site\utils::bbcodes($item->text) . '</div>
</div></div>
</li>';示例14:
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
} else {
if (isset($_POST['set_action'])) {
if (isset($_POST['id']) && isset($_POST['action'])) {
if (actions::action_suggestions($_POST['action'], array_keys($_POST['id']))) {
echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
}
}
} else {
if (isset($_GET['action']) && isset($_GET['token']) && check_csrf($_GET['token'], 'suggestions_csrf')) {
if ($_GET['action'] == 'delete') {
if (isset($_GET['id'])) {
if (actions::delete_suggestion($_GET['id'])) {
echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
} else {
if ($_GET['type'] == 'read' || $_GET['type'] == 'unread') {
if (isset($_GET['id'])) {
if (actions::action_suggestions($_GET['type'], $_GET['id'])) {
echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';示例15:
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
} else {
if (isset($_POST['set_action'])) {
if (isset($_POST['id']) && isset($_POST['action'])) {
if (actions::action_plugin($_POST['action'], array_keys($_POST['id']))) {
echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
}
}
} else {
if (isset($_GET['action']) && isset($_GET['token']) && check_csrf($_GET['token'], 'plugins_csrf')) {
if ($_GET['action'] == 'delete') {
if (isset($_GET['id'])) {
if (actions::delete_plugin($_GET['id'])) {
echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
} else {
if ($_GET['type'] == 'publish' || $_GET['type'] == 'unpublish') {
if (isset($_GET['id'])) {
if (actions::action_plugin($_GET['type'], $_GET['id'])) {
echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';