本文整理汇总了PHP中check_nonce函数的典型用法代码示例。如果您正苦于以下问题:PHP check_nonce函数的具体用法?PHP check_nonce怎么用?PHP check_nonce使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了check_nonce函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: admin_view
/**
* Callback attached in `admin_menu`: admin settings
* @callback
*/
public function admin_view()
{
$data = array();
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$action = $_POST['_action'];
$data['action'] = $action;
// Obligatory CSRF check
if (check_nonce($_POST['_nonce'], $action, $this->_info['id'])) {
// Take action!
switch ($action) {
case 'save':
if ($this->_save($_POST)) {
$data['updated'] = 'Settings saved';
} else {
$data['error'] = 'There was a problem saving data';
}
break;
}
} elseif ($action) {
// Failed CSRF test
$data['error'] = 'Request timed out';
}
}
$this->_load_view('admin', $data);
}
示例2: instapaper_submit
function instapaper_submit()
{
$id = $_GET['id'];
$item = Items::get_instance()->get_item($id);
if (false === $item) {
throw new Exception(_r('Invalid item ID specified', 'instapaper'));
}
$user = get_option('instapaper_user');
if (empty($user)) {
throw new Exception(sprintf(_r('Please set your username and password in the <a href="%s">settings</a>.', 'instapaper'), get_option('baseurl') . 'admin/settings.php'));
}
if (!check_nonce($_GET['_nonce'])) {
throw new Exception(_r('Nonces did not match. Try again.', 'instapaper'));
}
$data = array('username' => get_option('instapaper_user', ''), 'password' => get_option('instapaper_pass', ''), 'url' => $item->permalink, 'title' => apply_filters('the_title', $item->title));
$request = new HTTPRequest('', 2);
$response = $request->post("https://www.instapaper.com/api/add", array(), $data);
switch ($response->status_code) {
case 400:
throw new Exception(_r('Internal error. Please report this.', 'instapaper'));
case 403:
throw new Exception(sprintf(_r('Invalid username/password. Please check your details in the <a href="%s">settings</a>.', 'instapaper'), get_option('baseurl') . 'admin/settings.php'));
case 500:
throw new Exception(_r('An error occurred when contacting Instapaper. Please try again later.', 'instapaper'));
}
instapaper_page_head();
?>
<div id="message">
<h1><?php
_e('Success!');
?>
</h1>
<p class="sidenote"><?php
_e('Closing window in...', 'instapaper');
?>
</p>
<p class="sidenote" id="counter">3</p>
</div>
<script>
$(document).ready(function () {
setInterval(countdown, 1000);
});
function countdown() {
if(timer > 0) {
$('#counter').text(timer);
timer--;
}
else {
self.close();
}
}
var timer = 2;
</script>
<?php
instapaper_page_foot();
die;
}
示例3: check_for_csrf
/**
* check for csrfs
* @param string $action action to pass to check_nonce
* @param string $file file to pass to check_nonce
* @param bool $die if false return instead of die
* @return
*/
function check_for_csrf($action, $file = "", $die = true)
{
// check for csrf
if (!getDef('GSNOCSRF', true) || GSNOCSRF == FALSE) {
$nonce = $_REQUEST['nonce'];
if (!check_nonce($nonce, $action, $file)) {
if ($die) {
die("CSRF detected!");
}
return true;
}
}
}
示例4: check_for_csrf
/**
* check for csrfs
* @param string $action action to pass to check_nonce
* @param string $file file to pass to check_nonce
* @param bool $die if false return instead of die
* @return bool returns true if csrf check fails
*/
function check_for_csrf($action, $file = "", $die = true)
{
// check for csrf
if (!getDef('GSNOCSRF', true)) {
$nonce = $_REQUEST['nonce'];
if (!check_nonce($nonce, $action, $file)) {
exec_action('csrf');
// @hook csrf a csrf was detected
if (requestIsAjax()) {
$error = i18n_r("CSRF", "CRSF Detected!");
echo "<div>";
// jquery bug will not parse 1 html element so we wrap it
include 'template/error_checking.php';
echo "</div>";
die;
}
if ($die) {
die(i18n_r("CSRF", "CRSF Detected!"));
}
return true;
}
}
}
示例5: check_nonce
<?php
$resp = \shgysk8zer0\Core\JSON_Response::load();
check_nonce();
switch (trim($_POST['form'])) {
case 'login':
$invalid = check_inputs(['user' => is_email($_POST['user']), 'password' => pattern('password')]);
if (is_null($invalid)) {
$login->loginWith(['user' => $_POST['user'], 'password' => $_POST['password']]);
if ($login->logged_in) {
$session->setUser($login->user)->setPassword($login->password)->setRole($login->role)->setLogged_In(true);
$resp->close('#loginDialog')->disable('#main_menu [label=Login]')->enable('#main_menu menuitem[label=Logout]')->attributes('body > main', 'contextmenu', 'admin_menu')->notify('Welcome back,', $login->user);
} else {
$resp->notify('Login not accepted', 'Check your email & password', 'images/icons/people.png');
}
} else {
$resp->notify('Login not accepted', 'Check your email & password', 'images/icons/people.png');
}
break;
case 'compose_email':
require_login('admin');
$email = new \shgysk8zer0\Core\email(array_map('trim', explode(',', $_POST['compose_email']['to'])), trim($_POST['compose_email']['subject']), $_POST['compose_email']['message']);
if ($email->send(true)) {
$resp->notify('Success!', 'Email Sent', 'images/icons/envelope.png')->remove('#email_dialog');
} else {
$resp->notify('Failed!', 'Unable to send email, check your Internet connection', 'images/icons/envelope.png');
}
break;
case 'email_admin':
if (is_email($_POST['email_admin']['from'])) {
$email = new \shgysk8zer0\Core\email($_SERVER['SERVER_ADMIN'], $_POST['email_admin']['subject'], strip_tags($_POST['email_admin']['message']));
示例6: strippath
if (isset($_GET['t'])) {
$_GET['t'] = strippath($_GET['t']);
if ($_GET['t'] && is_dir($relative . 'theme/' . $_GET['t'] . '/')) {
$TEMPLATE = $_GET['t'];
}
}
if (isset($_GET['f'])) {
$_GET['f'] = strippath($_GET['f']);
if ($_GET['f'] && is_file($relative . 'theme/' . $TEMPLATE . '/' . $_GET['f'])) {
$TEMPLATE_FILE = $_GET['f'];
}
}
// Save?
if (isset($_POST['submitsave'])) {
$nonce = $_POST['nonce'];
if (!check_nonce($nonce, "save")) {
die("CSRF detected!");
}
$SavedFile = $_POST['edited_file'];
$FileContents = stripslashes(htmlspecialchars_decode($_POST['content'], ENT_QUOTES));
$fh = fopen($relative . 'theme/' . $SavedFile, 'w') or die("can't open file");
fwrite($fh, $FileContents);
fclose($fh);
$success = sprintf($i18n['TEMPLATE_FILE'], $SavedFile);
}
// No template file?
if (!$TEMPLATE_FILE) {
$TEMPLATE_FILE = 'template.php';
}
// Setup
$themes_path = $relative . 'theme';
示例7: getXML
$xml = getXML($file);
$private = $xml->xpath('/item/private');
$oldprivate = (string) $private[0];
if ($oldprivate == null) {
$private[0][0] = "Y";
echo "P1";
} else {
$private[0][0] = '';
echo "P0";
}
$bakfile = GSBACKUPSPATH . "pages/" . $id . ".bak.xml";
copy($file, $bakfile);
XMLsave($xml, $file);
create_pagesxml(true);
}
if (check_nonce($nonce, "menu", "toggle.php")) {
$file = GSDATAPAGESPATH . $id . ".xml";
$xml = getXML($file);
$status = $xml->xpath('/item/menuStatus');
$oldstatus = (string) $status[0];
if ($oldstatus == null) {
$status[0][0] = "Y";
echo "M1";
} else {
$status[0][0] = '';
echo "M0";
}
$bakfile = GSBACKUPSPATH . "pages/" . $id . ".bak.xml";
copy($file, $bakfile);
XMLsave($xml, $file);
create_pagesxml(true);
示例8: unset
}
if (!validate_plugin($plugin_file)) {
return false;
}
unset($current_plugins[md5($plugin_file)]);
$data = new DataHandler();
$data->save('plugins.data', serialize($current_plugins));
return true;
}
if (isset($_REQUEST['activate_plugin'])) {
activate_plugin($_REQUEST['activate_plugin']);
} elseif (isset($_REQUEST['deactivate_plugin'])) {
deactivate_plugin($_REQUEST['deactivate_plugin']);
}
if (!empty($_POST['action']) && $_POST['action'] == 'settings' && !empty($_POST['_nonce'])) {
if (!check_nonce($_POST['_nonce'])) {
lilina_nice_die('Nonces do not match.');
}
clear_html_cache();
/** Needs better validation */
if (!empty($_POST['sitename'])) {
update_option('sitename', $_REQUEST['sitename']);
}
if (!empty($_POST['template'])) {
update_option('template', $_REQUEST['template']);
}
if (!empty($_POST['locale'])) {
update_option('locale', $_REQUEST['locale']);
}
if (!empty($_POST['timezone'])) {
update_option('timezone', $_REQUEST['timezone']);
示例9: htmlentities
// Include common.php
include 'inc/common.php';
// check form referrer - needs siteurl and edit.php in it.
if (isset($_SERVER['HTTP_REFERER'])) {
if (!(strpos(str_replace('http://www.', '', $SITEURL), $_SERVER['HTTP_REFERER']) === false) || !(strpos("edit.php", $_SERVER['HTTP_REFERER']) === false)) {
echo "<b>Invalid Referer</b><br />-------<br />";
echo 'Invalid Referer: ' . htmlentities($_SERVER['HTTP_REFERER'], ENT_QUOTES);
die('Invalid Referer');
}
}
login_cookie_check();
if (isset($_POST['submitted'])) {
// check for csrf
if (!defined('GSNOCSRF') || GSNOCSRF == FALSE) {
$nonce = $_POST['nonce'];
if (!check_nonce($nonce, "edit", "edit.php")) {
die("CSRF detected!");
}
}
if (trim($_POST['post-title']) == '') {
redirect("edit.php?upd=edit-err&type=" . urlencode(i18n_r('CANNOT_SAVE_EMPTY')));
} else {
$url = "";
$title = "";
$metad = "";
$metak = "";
$cont = "";
// is a slug provided?
if ($_POST['post-id']) {
$url = $_POST['post-id'];
if (isset($i18n['TRANSLITERATION']) && is_array($translit = $i18n['TRANSLITERATION']) && count($translit > 0)) {
示例10: die
}
if ($p == 'delete') {
// check for csrf
if (!defined('GSNOCSRF') || GSNOCSRF == FALSE) {
$nonce = $_GET['nonce'];
if (!check_nonce($nonce, "delete", "backup-edit.php")) {
die("CSRF detected!");
}
}
delete_bak($id);
redirect("backups.php?upd=bak-success&id=" . $id);
} elseif ($p == 'restore') {
// check for csrf
if (!defined('GSNOCSRF') || GSNOCSRF == FALSE) {
$nonce = $_GET['nonce'];
if (!check_nonce($nonce, "restore", "backup-edit.php")) {
die("CSRF detected!");
}
}
if (isset($_GET['new'])) {
updateSlugs($_GET['new'], $id);
restore_bak($id);
$existing = GSDATAPAGESPATH . $_GET['new'] . ".xml";
$bakfile = GSBACKUPSPATH . "pages/" . $_GET['new'] . ".bak.xml";
copy($existing, $bakfile);
unlink($existing);
redirect("edit.php?id=" . $id . "&old=" . $_GET['new'] . "&upd=edit-success&type=restore");
} else {
restore_bak($id);
redirect("edit.php?id=" . $id . "&upd=edit-success&type=restore");
}
示例11: foreach
$success = $msg . '<br />';
}
}
if (sizeof($errors) != 0) {
foreach ($errors as $msg) {
$error = $msg . '<br />';
}
}
}
}
// if creating new folder
if (isset($_GET['newfolder'])) {
// check for csrf
if (!defined('GSNOCSRF') || GSNOCSRF == FALSE) {
$nonce = $_GET['nonce'];
if (!check_nonce($nonce, "createfolder")) {
die("CSRF detected!");
}
}
$newfolder = $_GET['newfolder'];
// check for invalid chars
$cleanname = clean_url(to7bit(strippath($newfolder), "UTF-8"));
if (file_exists($path . $cleanname) || $cleanname == '') {
$error = i18n_r('ERROR_FOLDER_EXISTS');
} else {
if (defined('GSCHMOD')) {
$chmod_value = GSCHMOD;
} else {
$chmod_value = 0755;
}
if (mkdir($path . $cleanname, $chmod_value)) {
示例12: die
/**
* Reset Password
*
* Resets the password for GetSimple control panel access
*
* @package GetSimple
* @subpackage Login
*/
# setup inclusions
$load['plugin'] = true;
include 'inc/common.php';
if (isset($_POST['submitted'])) {
// check for csrf
if (!defined('GSNOCSRF') || GSNOCSRF == FALSE) {
$nonce = $_POST['nonce'];
if (!check_nonce($nonce, "reset_password")) {
die("CSRF detected!");
}
}
$randSleep = rand(250000, 2000000);
// random sleep for .25 to 2 seconds
if (isset($_POST['username']) and !empty($_POST['username'])) {
# user filename
$file = _id($_POST['username']) . '.xml';
# get user information from existing XML file
if (filepath_is_safe(GSUSERSPATH . $file, GSUSERSPATH)) {
$data = simplexml_load_file(GSUSERSPATH . $file);
$USR = strtolower($data->USR);
$EMAIL = $data->EMAIL;
if (strtolower($_POST['username']) == $USR) {
# create new random password
示例13: do_action
require_once 'admin.php';
require_once LILINA_PATH . '/admin/includes/settings.php';
do_action('register_options');
if (isset($_REQUEST['activate_plugin'])) {
activate_plugin($_REQUEST['activate_plugin']);
header('HTTP/1.1 302 Found', true, 302);
header('Location: ' . get_option('baseurl') . 'admin/settings.php?activated=1');
die;
} elseif (isset($_REQUEST['deactivate_plugin'])) {
deactivate_plugin($_REQUEST['deactivate_plugin']);
header('HTTP/1.1 302 Found', true, 302);
header('Location: ' . get_option('baseurl') . 'admin/settings.php?deactivated=1');
die;
}
if (!empty($_POST['action']) && $_POST['action'] == 'settings' && !empty($_POST['_nonce'])) {
if (!check_nonce('settings', $_POST['_nonce'])) {
lilina_nice_die('Nonces do not match.');
}
$updatable_options = AdminOptions::instance()->whitelisted;
foreach ($updatable_options as $option) {
if (!empty($_POST[$option])) {
$value = apply_filters('options-sanitize-' . $option, $_POST[$option]);
update_option($option, $value);
}
}
do_action('settings_after_update');
header('HTTP/1.1 302 Found', true, 302);
header('Location: ' . get_option('baseurl') . 'admin/settings.php?updated=1');
die;
}
require_once LILINA_INCPATH . '/core/file-functions.php';
示例14: admin_view
/**
* Callback attached in `admin_menu`: admin settings
* @callback
*/
public function admin_view()
{
$data = array('archivers' => $this->_scan_archivers(), 'providers' => $this->_scan_providers(), 'frequencies' => $this->scheduler->frequencies());
$view = 'admin';
if ($this->_view !== NULL) {
// FIXME: this could be prettier.
return $this->_load_view($this->_view[0], $this->_view[1]);
}
// force authorization before plugin may be used.
if (!$this->is_authorized()) {
// show "authorize me" page
return $this->_load_view('authorize', $data);
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$action = $_POST['_action'];
$data['action'] = $action;
// Obligatory CSRF check
if (check_nonce($_POST['_nonce'], $action, $this->_info['id'])) {
// Take action!
switch ($action) {
//
// Create a backup
//
case 'backup':
if ($error = $this->backup()) {
$data['error'] = $error;
} else {
$data['updated'] = 'Site backed up';
}
break;
//
// Update/save settings
//
//
// Update/save settings
//
case 'settings':
$this->_save($_POST);
break;
}
} elseif ($action) {
// Failed CSRF test
$data['error'] = 'Request timed out';
}
}
// show "admin" page
$this->_load_view($view, $data);
}
示例15: generate_sitemap
generate_sitemap();
# redirect back to yourself to show the new restored data
redirect('settings.php?restored=true');
}
# was this page restored?
if (isset($_GET['restored'])) {
$restored = 'true';
} else {
$restored = 'false';
}
# was the form submitted?
if (isset($_POST['submitted'])) {
# first check for csrf
if (!defined('GSNOCSRF') || GSNOCSRF == FALSE) {
$nonce = $_POST['nonce'];
if (!check_nonce($nonce, "save_settings")) {
die("CSRF detected!");
}
}
# website-specific fields
if (isset($_POST['sitename'])) {
$SITENAME = htmlentities($_POST['sitename'], ENT_QUOTES, 'UTF-8');
}
if (isset($_POST['siteurl'])) {
$SITEURL = tsl($_POST['siteurl']);
}
if (isset($_POST['permalink'])) {
$PERMALINK = trim($_POST['permalink']);
}
if (isset($_POST['template'])) {
$TEMPLATE = $_POST['template'];