本文整理汇总了PHP中csrf_check_token函数的典型用法代码示例。如果您正苦于以下问题:PHP csrf_check_token函数的具体用法?PHP csrf_check_token怎么用?PHP csrf_check_token使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了csrf_check_token函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: submitFormAction
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\Operator\GroupsController::showFormAction()}
* method.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
* @throws NotFoundException If the operator with specified ID is not found
* in the system.
*/
public function submitFormAction(Request $request)
{
csrf_check_token($request);
$operator = $this->getOperator();
$operator_in_isolation = in_isolation($operator);
$op_id = $request->attributes->getInt('operator_id');
// Check if the target operator exists
$op = operator_by_id($op_id);
if (!$op) {
throw new NotFoundException('The operator is not found.');
}
// Get all groups that are available for the target operator.
$groups = $operator_in_isolation ? get_groups_for_operator($operator) : get_all_groups();
// Build list of operator's new groups.
$new_groups = array();
foreach ($groups as $group) {
if ($request->request->get('group' . $group['groupid']) == 'on') {
$new_groups[] = $group['groupid'];
}
}
// Update operator's group and redirect the current operator to the same
// page using GET method.
update_operator_groups($op['operatorid'], $new_groups);
$redirect_to = $this->generateUrl('operator_groups', array('operator_id' => $op_id, 'stored' => true));
return $this->redirect($redirect_to);
}
示例2: submitFormAction
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\LoginController::showFormAction()} method.
*
* Triggers 'operatorLogin' event after operator logged in and pass to it an
* associative array with following items:
* - 'operator': array of the logged in operator info;
* - 'remember': boolean, indicates if system should remember operator.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
*/
public function submitFormAction(Request $request)
{
csrf_check_token($request);
$login = $request->request->get('login');
$password = $request->request->get('password');
$remember = $request->request->get('isRemember') == 'on';
$errors = array();
$operator = operator_by_login($login);
$operator_can_login = $operator && isset($operator['vcpassword']) && check_password_hash($operator['vclogin'], $password, $operator['vcpassword']) && !operator_is_disabled($operator);
if ($operator_can_login) {
// Login the operator to the system
$this->getAuthenticationManager()->loginOperator($operator, $remember);
// Redirect the current operator to the needed page.
$target = isset($_SESSION[SESSION_PREFIX . 'backpath']) ? $_SESSION[SESSION_PREFIX . 'backpath'] : $request->getUriForPath('/operator');
return $this->redirect($target);
} else {
if (operator_is_disabled($operator)) {
$errors[] = getlocal('Your account is temporarily blocked. Please contact system administrator.');
} else {
$errors[] = getlocal("Entered login/password is incorrect");
}
}
// Rebuild login form
$request->attributes->set('errors', $errors);
return $this->showFormAction($request);
}
示例3: submitFormAction
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\Operator\PermissionsController::showFormAction()}
* method.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
* @throws NotFoundException If the operator with specified ID is not found
* in the system.
*/
public function submitFormAction(Request $request)
{
csrf_check_token($request);
$operator = $this->getOperator();
$op_id = $request->attributes->getInt('operator_id');
// Check if the target operator exists
$op = operator_by_id($op_id);
if (!$op) {
throw new NotFoundException('The operator is not found.');
}
$new_permissions = isset($op['iperm']) ? $op['iperm'] : 0;
foreach (permission_ids() as $perm => $id) {
if ($request->request->get('permissions' . $id) == 'on') {
$new_permissions |= 1 << $perm;
} else {
$new_permissions &= ~(1 << $perm);
}
}
// Update operator's permissions in the database and in cached
// authentication manager data if it is needed.
update_operator_permissions($op['operatorid'], $new_permissions);
if ($operator['operatorid'] == $op_id) {
$operator['iperm'] = $new_permissions;
$this->getAuthenticationManager()->setOperator($operator);
}
// Redirect the current operator to the same page using GET method.
$redirect_to = $this->generateUrl('operator_permissions', array('operator_id' => $op_id, 'stored' => true));
return $this->redirect($redirect_to);
}
示例4: deleteAction
/**
* Removes a group from the database.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
*/
public function deleteAction(Request $request)
{
csrf_check_token($request);
// Remove the group and all its relations.
$group_id = $request->attributes->getInt('group_id');
delete_group($group_id);
// Redirect user to canned messages list. Use only "sortby" and
// "sortdirection" get params for the target URL.
$parameters = array_intersect_key($request->query->all(), array_flip(array('sortby', 'sortdirection')));
return $this->redirect($this->generateUrl('groups', $parameters));
}
示例5: submitFormAction
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\Settings\FeaturesController::showFormAction()}
* method.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
*/
public function submitFormAction(Request $request)
{
csrf_check_token($request);
// Update options in the database.
$options = $this->getOptionsList();
foreach ($options as $opt) {
$value = $request->request->get($opt) == 'on' ? '1' : '0';
Settings::set($opt, $value);
}
// Redirect the current operator to the same page using GET method.
$redirect_to = $this->generateUrl('settings_features', array('stored' => true));
return $this->redirect($redirect_to);
}
示例6: submitFormAction
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\TranslationImportController::showFormAction()}
* method.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
*/
public function submitFormAction(Request $request)
{
csrf_check_token($request);
$errors = array();
$target = $request->request->get('target');
if (!preg_match("/^[\\w-]{2,5}\$/", $target)) {
$target = get_current_locale();
}
$override = (bool) $request->request->get('override', false);
// Validate uploaded file
$file = $request->files->get('translation_file');
if ($file) {
// Process uploaded file.
$orig_filename = $file->getClientOriginalName();
$file_size = $file->getSize();
if ($file_size == 0 || $file_size > Settings::get('max_uploaded_file_size')) {
$errors[] = failed_uploading_file($orig_filename, "Uploaded file size exceeded");
} elseif ($file->getClientOriginalExtension() != 'po') {
$errors[] = failed_uploading_file($orig_filename, "Invalid file type");
}
} else {
$errors[] = getlocal("No file selected");
}
// Try to process uploaded file
if (count($errors) == 0) {
try {
// Try to import new messages.
import_messages($target, $file->getRealPath(), $override);
// Remove cached client side translations.
$this->getCache()->getItem('translation/js/' . $target)->clear();
// The file is not needed any more. Remove it.
unlink($file->getRealPath());
} catch (\Exception $e) {
$errors[] = $e->getMessage();
}
}
if (count($errors) != 0) {
$request->attributes->set('errors', $errors);
// The form should be rebuild. Invoke appropriate action.
return $this->showFormAction($request);
}
// Redirect the operator to the same page using GET method.
$redirect_to = $this->generateUrl('translation_import', array('stored' => true));
return $this->redirect($redirect_to);
}
示例7: submitFormAction
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\TranslationExportController::showFormAction()}
* method.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
*/
public function submitFormAction(Request $request)
{
csrf_check_token($request);
$target = $request->request->get('target');
if (!preg_match("/^[\\w-]{2,5}\$/", $target)) {
$target = get_current_locale();
}
$messages = load_messages($target);
ksort($messages);
$catalogue = new MessageCatalogue($target, array('messages' => $messages));
$dumper = new PoFileDumper();
$output = $dumper->format($catalogue);
$response = new Response();
$response->headers->set('Content-type', 'application/octet-stream');
$response->headers->set('Content-Disposition', sprintf('attachment; filename=translation-%s.po', $target));
$response->headers->set('Content-Length', strlen($output));
$response->headers->set('Content-Transfer-Encoding', 'binary');
$response->setContent($output);
return $response;
}
示例8: submitFormAction
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\GroupController::showMembersFormAction()} method.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
* @throws NotFoundException If the operator's group with specified ID is
* not found in the system.
*/
public function submitFormAction(Request $request)
{
csrf_check_token($request);
$operators = get_operators_list();
$group_id = $request->attributes->getInt('group_id');
$group = group_by_id($group_id);
// Check if specified group exists
if (!$group) {
throw new NotFoundException('The group is not found.');
}
// Update members list
$new_members = array();
foreach ($operators as $op) {
if ($request->request->get('op' . $op['operatorid']) == 'on') {
$new_members[] = $op['operatorid'];
}
}
update_group_members($group_id, $new_members);
// Redirect opeartor to group members page.
$parameters = array('group_id' => $group_id, 'stored' => true);
return $this->redirect($this->generateUrl('group_members', $parameters));
}
示例9: submitEditFormAction
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\BanController::showEditFormAction()} method.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
* @throws NotFoundException If the ban with specified ID is not found in
* the system.
*/
public function submitEditFormAction(Request $request)
{
csrf_check_token($request);
$operator = $this->getOperator();
$errors = array();
$page = array('banId' => '', 'saved' => false);
// Get form fields and validate them
$ban_id = $request->attributes->getInt('ban_id');
$address = $request->request->get('address');
$days = $request->request->get('days');
$comment = $request->request->get('comment');
if (!$address) {
$errors[] = no_field('Visitor\'s Address');
}
if (!preg_match("/^\\d+\$/", $days)) {
$errors[] = wrong_field('Days');
}
if (!$comment) {
$errors[] = no_field('Comment');
}
// Check if the ban already exists in the database
$existing_ban = Ban::loadByAddress($address);
$ban_duplicate = !$ban_id && $existing_ban || $ban_id && $existing_ban && $ban_id != $existing_ban->id;
if ($ban_duplicate) {
$ban_url = $this->generateUrl('ban_edit', array('ban_id' => $existing_ban->id));
$errors[] = getlocal('The specified address is already in use. Click <a href="{1}">here</a> if you want to edit it.', array($address, $ban_url));
}
if (count($errors) != 0) {
$request->attributes->set('errors', $errors);
// The form should be rebuild. Invoke appropriate action.
return $this->showEditFormAction($request);
}
// Save ban into the database
if (!$ban_id) {
$ban = new Ban();
$ban->created = time();
} else {
$ban = Ban::load($ban_id);
if (!$ban) {
throw new NotFoundException('The ban is not found.');
}
}
$ban->till = time() + $days * 24 * 60 * 60;
$ban->address = $address;
$ban->comment = $comment;
$ban->save();
// Rerender the form page
$page['saved'] = true;
$page['address'] = $address;
$page['title'] = getlocal('Block address');
$page = array_merge($page, prepare_menu($operator, false));
return $this->render('ban', $page);
}
示例10: submitEditFormAction
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\Localization\LocaleController::showEditFormAction()}
* method.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
* @throws NotFoundException If the locale with specified code is not found
* in the system.
*/
public function submitEditFormAction(Request $request)
{
csrf_check_token($request);
$errors = array();
$locale = $request->attributes->get('locale');
$time_locale = $request->request->get('timelocale');
$date_format_full = $request->request->get('dateformatfull');
$date_format_date = $request->request->get('dateformatdate');
$date_format_time = $request->request->get('dateformattime');
if (!$locale) {
throw new NotFoundException();
}
if (!$time_locale) {
$errors[] = no_field('Time locale');
}
if (!$date_format_full) {
$errors[] = no_field('Date format (full)');
}
if (!$date_format_date) {
$errors[] = no_field('Date format (date)');
}
if (!$date_format_time) {
$errors[] = no_field('Date format (time)');
}
if (count($errors) != 0) {
$request->attributes->set('errors', $errors);
// The form should be rebuild. Invoke appropriate action.
return $this->showEditFormAction($request);
}
$locale_info = get_locale_info($locale);
$locale_info['time_locale'] = $time_locale;
$locale_info['date_format'] = array('full' => $date_format_full, 'date' => $date_format_date, 'time' => $date_format_time);
// Save the locale
set_locale_info($locale, $locale_info);
// Redirect the user to edit page again to use GET method instead of
// POST.
$redirect_to = $this->generateUrl('locale_edit', array('locale' => $locale, 'stored' => true));
return $this->redirect($redirect_to);
}
示例11: resetAction
/**
* Resets operators password and provides an ability to set the new one.
*
* @param Request $request
* @return string Rendered page content
*/
public function resetAction(Request $request)
{
$page = array('version' => MIBEW_VERSION, 'showform' => true, 'title' => getlocal('Change your password'), 'headertitle' => getlocal('Mibew Messenger'), 'show_small_login' => true, 'fixedwrap' => true, 'errors' => array());
if ($request->isMethod('POST')) {
// When HTTP GET method is used the form is just rendered but the
// user does not pass any data. Thus we need to prevent CSRF attacks
// only for POST requests
csrf_check_token($request);
}
// Make sure user id is specified and its format is correct.
$op_id = $request->isMethod('GET') ? $request->query->get('id') : $request->request->get('id');
if (!preg_match("/^\\d{1,9}\$/", $op_id)) {
throw new BadRequestException();
}
// Make sure token is specified and its format is correct.
$token = $request->isMethod('GET') ? $request->query->get('token') : $request->request->get('token');
if (!preg_match("/^[\\dabcdef]+\$/", $token)) {
throw new BadRequestException();
}
$operator = operator_by_id($op_id);
if (!$operator) {
$page['errors'][] = 'No such operator';
$page['showform'] = false;
} elseif ($token != $operator['vcrestoretoken']) {
$page['errors'][] = 'Wrong token';
$page['showform'] = false;
}
if (count($page['errors']) == 0 && $request->isMethod('POST') && $request->request->has('password')) {
$password = $request->request->get('password');
$password_confirm = $request->request->get('passwordConfirm');
if (!$password) {
$page['errors'][] = no_field('Password');
}
if ($password != $password_confirm) {
$page['errors'][] = getlocal('Entered passwords do not match');
}
if (count($page['errors']) == 0) {
$page['isdone'] = true;
// Update the operator
$operator['vcrestoretoken'] = '';
$operator['vcpassword'] = calculate_password_hash($operator['vclogin'], $password);
update_operator($operator);
$page['loginname'] = $operator['vclogin'];
return $this->render('password_recovery_reset', $page);
}
}
$page['id'] = $op_id;
$page['token'] = $token;
$page['isdone'] = false;
return $this->render('password_recovery_reset', $page);
}
示例12: updateAction
/**
* Updates a plugin.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
* @throws NotFoundException If the plugin with specified name is not found
* in the system.
*/
public function updateAction(Request $request)
{
csrf_check_token($request);
$plugin_name = $request->attributes->get('plugin_name');
if (!PluginUtils::pluginExists($plugin_name)) {
throw new NotFoundException('The plugin is not found.');
}
// Update the plugin
if (!PluginManager::getInstance()->update($plugin_name)) {
$error = getlocal('Plugin "{0}" cannot be updated.', array($plugin_name));
$request->attributes->set('errors', array($error));
// The plugin cannot be updated by some reasons. Just rebuild
// index page and show errors there.
return $this->indexAction($request);
}
return $this->redirect($this->generateUrl('plugins'));
}
示例13: submitFormAction
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\OperatorController::showEditFormAction()} method.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
*/
public function submitFormAction(Request $request)
{
csrf_check_token($request);
$errors = array();
$operator = $this->getOperator();
$op_id = $request->attributes->getInt('operator_id');
$login = $request->request->get('login');
$email = $request->request->get('email');
$password = $request->request->get('password');
$password_confirm = $request->request->get('passwordConfirm');
$local_name = $request->request->get('name');
$common_name = $request->request->get('commonname');
$code = $request->request->get('code');
if (!$local_name) {
$errors[] = no_field('Name');
}
if (!$common_name) {
$errors[] = no_field('International name (Latin)');
}
// The login is needed only for new operators. If login is changed for
// existing operator the stored password hash becomes invalid.
if (!$op_id) {
if (!$login) {
$errors[] = no_field('Login');
} elseif (!preg_match("/^[\\w_\\.]+\$/", $login)) {
$errors[] = getlocal('Login should contain only latin characters, numbers and underscore symbol.');
}
}
if (!$email || !MailUtils::isValidAddress($email)) {
$errors[] = wrong_field('E-mail');
}
if ($code && !preg_match("/^[A-Za-z0-9_]+\$/", $code)) {
$errors[] = getlocal('Code should contain only latin characters, numbers and underscore symbol.');
}
if (!$op_id && !$password) {
$errors[] = no_field('Password');
}
if ($password != $password_confirm) {
$errors[] = getlocal('Entered passwords do not match');
}
$existing_operator = operator_by_login($login);
$duplicate_login = !$op_id && $existing_operator || $op_id && $existing_operator && $op_id != $existing_operator['operatorid'];
if ($duplicate_login) {
$errors[] = getlocal('Please choose another login because an operator with that login is already registered in the system.');
}
// Check if operator with specified email already exists in the database.
$existing_operator = operator_by_email($email);
$duplicate_email = !$op_id && $existing_operator || $op_id && $existing_operator && $op_id != $existing_operator['operatorid'];
if ($duplicate_email) {
$errors[] = getlocal('Please choose another email because an operator with that email is already registered in the system.');
}
if (count($errors) != 0) {
$request->attributes->set('errors', $errors);
// The form should be rebuild. Invoke appropriate action.
return $this->showFormAction($request);
}
if (!$op_id) {
// Create new operator and redirect the current operator to avatar
// page.
$new_operator = create_operator($login, $email, $password, $local_name, $common_name, '', $code);
$redirect_to = $this->generateUrl('operator_avatar', array('operator_id' => $new_operator['operatorid']));
return $this->redirect($redirect_to);
}
// Mix old operator's fields with updated values
$target_operator = array('vcemail' => $email, 'vclocalename' => $local_name, 'vccommonname' => $common_name, 'code' => $code) + operator_by_id($op_id);
// Set the password only if it's not an empty string.
if ($password !== '') {
$target_operator['vcpassword'] = calculate_password_hash($target_operator['vclogin'], $password);
}
// Update operator's fields in the database.
update_operator($target_operator);
// Operator's data are cached in the authentication manager, thus we need
// to manually update them.
if ($target_operator['operatorid'] == $operator['operatorid']) {
// Check if the admin has set his password for the first time.
$to_dashboard = check_password_hash($operator['vclogin'], '', $operator['vcpassword']) && $password != '';
// Update operator's fields.
$this->getAuthenticationManager()->setOperator($target_operator);
// Redirect the admin to the home page if needed.
if ($to_dashboard) {
return $this->redirect($this->generateUrl('home_operator'));
}
}
// Redirect the operator to edit page again to use GET method instead of
// POST.
$redirect_to = $this->generateUrl('operator_edit', array('operator_id' => $op_id, 'stored' => true));
return $this->redirect($redirect_to);
}
示例14: submitFormAction
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\Settings\PerformanceController::showFormAction()}
* method.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
*/
public function submitFormAction(Request $request)
{
csrf_check_token($request);
$errors = array();
$params = array();
$params['online_timeout'] = $request->request->get('onlinetimeout');
if (!is_numeric($params['online_timeout'])) {
$errors[] = wrong_field("Operator online time threshold");
}
$params['connection_timeout'] = $request->request->get('connectiontimeout');
if (!is_numeric($params['connection_timeout'])) {
$errors[] = wrong_field("Connection timeout for messaging window");
}
$params['updatefrequency_operator'] = $request->request->get('frequencyoperator');
if (!is_numeric($params['updatefrequency_operator'])) {
$errors[] = wrong_field("Operator's console refresh time");
}
$params['updatefrequency_chat'] = $request->request->get('frequencychat');
if (!is_numeric($params['updatefrequency_chat'])) {
$errors[] = wrong_field("Chat refresh time");
}
$params['max_connections_from_one_host'] = $request->request->get('onehostconnections');
if (!is_numeric($params['max_connections_from_one_host'])) {
$errors[] = getlocal("\"Max number of threads\" field should be a number");
}
$params['thread_lifetime'] = $request->request->get('threadlifetime');
if (!is_numeric($params['thread_lifetime'])) {
$errors[] = getlocal("\"Thread lifetime\" field should be a number");
}
if (Settings::get('enabletracking')) {
$params['updatefrequency_tracking'] = $request->request->get('frequencytracking');
if (!is_numeric($params['updatefrequency_tracking'])) {
$errors[] = wrong_field("Tracking refresh time");
}
$params['visitors_limit'] = $request->request->get('visitorslimit');
if (!is_numeric($params['visitors_limit'])) {
$errors[] = wrong_field("Limit for tracked visitors list");
}
$params['invitation_lifetime'] = $request->request->get('invitationlifetime');
if (!is_numeric($params['invitation_lifetime'])) {
$errors[] = wrong_field("Invitation lifetime");
}
$params['tracking_lifetime'] = $request->request->get('trackinglifetime');
if (!is_numeric($params['tracking_lifetime'])) {
$errors[] = wrong_field("Track lifetime");
}
}
$params['max_uploaded_file_size'] = $request->request->get('maxuploadedfilesize');
if (!is_numeric($params['max_uploaded_file_size'])) {
$errors[] = wrong_field("Maximum size of uploaded files");
}
if (count($errors) != 0) {
$request->attributes->set('errors', $errors);
// The form should be rebuild. Invoke appropriate action.
return $this->showFormAction($request);
}
// Update settings in the database
foreach ($params as $key => $value) {
Settings::set($key, $value);
}
// Redirect the current operator to the same page using get method.
$redirect_to = $this->generateUrl('settings_performance', array('stored' => true));
return $this->redirect($redirect_to);
}
示例15: submitEditFormAction
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\MailTemplateController::showFormAction()}
* method.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
*/
public function submitEditFormAction(Request $request)
{
csrf_check_token($request);
$name = $request->attributes->get('name');
$lang = $this->extractLocale($request);
$errors = array();
$subject = $request->request->get('subject');
if (!$subject) {
$errors[] = no_field('Mail subject');
}
$body = $request->request->get('body');
if (!$body) {
$errors[] = no_field('Mail body');
}
if (count($errors) != 0) {
// On or more errors took place. We cannot continue the saving
// process. Just attach errors to the request and rerender the edit
// form.
$request->attributes->set('errors', $errors);
return $this->showEditFormAction($request);
}
// Get the instance of mail template that should be modified.
$template = MailTemplate::loadByName($name, $lang, true);
if (!$template) {
// The template cannot be loaded. Create a new one.
$template = new MailTemplate($name, $lang);
}
$template->subject = $subject;
$template->body = $body;
$template->save();
$redirect_to = $this->generateUrl('mail_templates', array('lang' => $lang, 'stored' => true));
return $this->redirect($redirect_to);
}