本文整理汇总了PHP中drupal_valid_token函数的典型用法代码示例。如果您正苦于以下问题:PHP drupal_valid_token函数的具体用法?PHP drupal_valid_token怎么用?PHP drupal_valid_token使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了drupal_valid_token函数的10个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: authenticate
/**
* Implements RestfulAuthenticationInterface::authenticate().
*/
public function authenticate(array $request = array(), $method = \RestfulInterface::GET) {
if (!drupal_session_started() && !$this->isCli()) {
return;
}
global $user;
$account = user_load($user->uid);
if (!\RestfulBase::isWriteMethod($method) || empty($request['__application']['rest_call'])) {
// Request is done via API not CURL, or not a write operation, so we don't
// need to check for a CSRF token.
return $account;
}
if (empty($request['__application']['csrf_token'])) {
throw new \RestfulBadRequestException('No CSRF token passed in the HTTP header.');
}
if (!drupal_valid_token($request['__application']['csrf_token'], \RestfulBase::TOKEN_VALUE)) {
throw new \RestfulForbiddenException('CSRF token validation failed.');
}
// CSRF validation passed.
return $account;
}示例2: access
/**
* Access handler for an operation on a specific item.
*
* @param string $op
* The operation in question.
* @param UltimateCronJob $item
* The cron job.
*
* @return bool
* TRUE if access FALSE if not.
*/
public function access($op, $item)
{
switch ($op) {
case 'list':
return user_access('administer ultimate cron') || user_access($this->plugin['access']);
}
// More fine-grained access control:
$key = $op . ' access';
if (!empty($this->plugin[$key])) {
if (!user_access($this->plugin[$key])) {
return FALSE;
}
}
// If we need to do a token test, do it here.
if (empty($this->notoken) && !empty($this->plugin['allowed operations'][$op]['token']) && (!isset($_GET['token']) || !drupal_valid_token($_GET['token'], $op))) {
return FALSE;
}
switch ($op) {
case 'import':
return user_access('use PHP for settings');
case 'revert':
return $item->export_type & EXPORT_IN_DATABASE && $item->export_type & EXPORT_IN_CODE;
case 'delete':
return $item->export_type & EXPORT_IN_DATABASE && !($item->export_type & EXPORT_IN_CODE);
case 'disable':
return empty($item->disabled);
case 'enable':
return !empty($item->disabled);
case 'configure':
if (!empty($item->hook['configure'])) {
$cache = cache_get($item->hook['configure'], 'cache_menu');
if ($cache) {
$router_item = menu_get_item($item->hook['configure'], $cache->data);
} else {
$router_item = menu_get_item($item->hook['configure']);
cache_set($item->hook['configure'], $router_item, 'cache_menu');
}
return $router_item['access'];
}
return TRUE;
default:
return TRUE;
}
}示例3: access
/**
* Menu callback to determine if an operation is accessible.
*
* This function enforces a basic access check on the configured perm
* string, and then additional checks as needed.
*
* @param $op
* The 'op' of the menu item, which is defined by 'allowed operations'
* and embedded into the arguments in the menu item.
* @param $item
* If an op that works on an item, then the item object, otherwise NULL.
*
* @return
* TRUE if the current user has access, FALSE if not.
*/
function access($op, $item)
{
if (!user_access($this->plugin['manage access'])) {
return FALSE;
}
// More fine-grained access control:
if ($op == 'add' && !user_access($this->plugin['create access'])) {
return FALSE;
}
// More fine-grained access control:
if ($op == 'delete' && !user_access($this->plugin['delete access'])) {
return FALSE;
}
// More fine-grained access control:
if (($op == 'revert' || $op == 'revertto' || $op == 'revision') && !user_access($this->plugin['manage access'])) {
return FALSE;
}
// More fine-grained access control:
if (($op == 'export' || $op == 'clone') && !user_access($this->plugin['access'])) {
return FALSE;
}
// If we need to do a token test, do it here.
if (!empty($this->plugin['allowed operations'][$op]['token']) && (!isset($_GET['token']) || !drupal_valid_token($_GET['token'], $op))) {
return FALSE;
}
switch ($op) {
case 'import':
return user_access('use PHP for settings');
case 'revert':
return $item->export_type & EXPORT_IN_DATABASE && $item->export_type & EXPORT_IN_CODE;
case 'delete':
return $item->export_type & EXPORT_IN_DATABASE && !($item->export_type & EXPORT_IN_CODE);
case 'disable':
return empty($item->disabled);
case 'enable':
return !empty($item->disabled);
default:
return TRUE;
}
}示例4: authenticate
/**
* {@inheritdoc}
*/
public function authenticate(RequestInterface $request)
{
if (!drupal_session_started() && !$this->isCli($request)) {
return NULL;
}
global $user;
$account = user_load($user->uid);
if (!$request::isWriteMethod($request->getMethod()) || $request->getApplicationData('rest_call')) {
// Request is done via API not CURL, or not a write operation, so we don't
// need to check for a CSRF token.
return $account;
}
if (!RestfulManager::isRestfulPath($request)) {
return $account;
}
if (!$request->getCsrfToken()) {
throw new BadRequestException('No CSRF token passed in the HTTP header.');
}
if (!drupal_valid_token($request->getCsrfToken(), Authentication::TOKEN_VALUE)) {
throw new ForbiddenException('CSRF token validation failed.');
}
// CSRF validation passed.
return $account;
}示例5: filedepot_dispatcher
//.........这里部分代码省略.........
$retval .= '<retcode>200</retcode>';
$retval .= '<displayhtml>' . htmlspecialchars(nexdocsrv_generateFileListing($cid, $level, $foldernumber), ENT_QUOTES, 'utf-8') . '</displayhtml>';
$retval .= '</result>';
firelogmsg("Completed generating AJAX return data - cid: {$cid}");
break;
case 'rendernewfilefolderoptions':
$cid = intval($_POST['cid']);
$data['displayhtml'] = theme('filedepot_newfiledialog_folderoptions', array('cid' => $cid));
break;
case 'rendernewfolderform':
$cid = intval($_POST['cid']);
$data['displayhtml'] = theme('filedepot_newfolderdialog', array('cid' => $cid));
break;
case 'createfolder':
$node = (object) array('uid' => $user->uid, 'name' => $user->name, 'type' => 'filedepot_folder', 'title' => $_POST['catname'], 'parentfolder' => intval($_POST['catparent']), 'folderdesc' => $_POST['catdesc'], 'inherit' => intval($_POST['catinherit']));
if ($node->parentfolder == 0 and !user_access('administer filedepot')) {
$data['errmsg'] = t('Error creating Folder - invalid parent folder');
$data['retcode'] = 500;
} else {
node_save($node);
if ($node->nid) {
$data['displaycid'] = $filedepot->cid;
$data['retcode'] = 200;
} else {
$data['errmsg'] = t('Error creating Folder');
$data['retcode'] = 500;
}
}
break;
case 'deletefolder':
$data = array();
$cid = intval($_POST['cid']);
$token = isset($_POST['token']) ? $_POST['token'] : NULL;
if ($token == NULL || !drupal_valid_token($token, FILEDEPOT_TOKEN_FOLDERMGMT)) {
$data['retcode'] = 403;
// Forbidden
} else {
$query = db_query("SELECT cid,pid,nid FROM {filedepot_categories} WHERE cid=:cid", array(':cid' => $cid));
$A = $query->fetchAssoc();
if ($cid > 0 and $A['cid'] = $cid) {
if ($filedepot->checkPermission($cid, 'admin')) {
node_delete($A['nid']);
$filedepot->cid = $A['pid'];
// Set the new active directory to the parent folder
$data['retcode'] = 200;
$data['activefolder'] = theme('filedepot_activefolder');
$data['displayhtml'] = filedepot_displayFolderListing($filedepot->cid);
$data = filedepotAjaxServer_generateLeftSideNavigation($data);
} else {
$data['retcode'] = 403;
// Forbidden
}
} else {
$data['retcode'] = 404;
// Not Found
}
}
break;
case 'updatefolder':
$token = isset($_POST['token']) ? $_POST['token'] : NULL;
if ($token == NULL || !drupal_valid_token($token, FILEDEPOT_TOKEN_FOLDERMGMT)) {
$data['retcode'] = 403;
// Forbidden
} else {
$data = filedepotAjaxServer_updateFolder();
}示例6: drupal_session_start
if (!empty($update_free_access) || $user->uid == 1) {
drupal_session_start();
include_once './includes/install.inc';
include_once './includes/batch.inc';
drupal_load_updates();
update_fix_d6_requirements();
update_fix_compatibility();
$op = isset($_REQUEST['op']) ? $_REQUEST['op'] : '';
switch ($op) {
case 'selection':
if (isset($_GET['token']) && drupal_valid_token($_GET['token'], 'update')) {
$output = update_selection_page();
break;
}
case 'Update':
if (isset($_GET['token']) && drupal_valid_token($_GET['token'], 'update')) {
update_batch();
break;
}
// update.php ops
// update.php ops
case 'info':
$output = update_info_page();
break;
case 'results':
$output = update_results_page();
break;
// Regular batch ops : defer to batch processing API
// Regular batch ops : defer to batch processing API
default:
update_task_list('run');示例7: save
function save()
{
if (!drupal_valid_token($this->_security_token, 'maestro_admin')) {
return array('message' => t('Illegal save attempt.'), 'success' => 0, 'task_id' => $this->_task_id);
}
$actions = $_POST['actions'];
$hook = 'fire_trigger_task' . $this->_task_id;
$res = db_delete('trigger_assignments')->condition('hook', $hook)->execute();
$weight = 1;
foreach ($actions as $aid) {
$rec = new stdClass();
$rec->hook = $hook;
$rec->aid = check_plain($aid);
$rec->weight = $weight++;
drupal_write_record('trigger_assignments', $rec);
}
return parent::save();
}示例8: drupal_maintenance_theme
drupal_maintenance_theme();
// Turn error reporting back on. From now on, only fatal errors (which are
// not passed through the error handler) will cause a message to be printed.
ini_set('display_errors', TRUE);
// Access check:
if ($access_check == FALSE || $user->uid == 1) {
include_once './includes/install.inc';
update_fix_schema_version();
update_fix_watchdog_115();
update_fix_watchdog();
update_fix_sessions();
$op = isset($_REQUEST['op']) ? $_REQUEST['op'] : '';
switch ($op) {
case 'Update':
// Check for a valid form token to protect against cross site request forgeries.
if (drupal_valid_token($_REQUEST['edit']['form_token'], 'update_script_selection_form', TRUE)) {
$output = update_update_page();
} else {
form_set_error('form_token', t('Validation error, please try again. If this error persists, please contact the site administrator.'));
$output = update_selection_page();
}
break;
case 'finished':
$output = update_finished_page(true);
break;
case 'error':
$output = update_finished_page(false);
break;
case 'do_update':
$output = update_do_update_page();
break;示例9: valid_token
function valid_token()
{
$token = isset($_POST['csrf']) ? $_POST['csrf'] : '';
return drupal_valid_token($token, 'mytinytodo');
}示例10: isCsrfTokenValid
/**
* Checks the validity of a CSRF token.
*
* @param string $id The id used when generating the token
* @param string $token The actual token sent with the request that should be validated
*
* @return bool
*/
protected function isCsrfTokenValid($id, $token)
{
// We are still in Drupal
return drupal_valid_token($token, $id);
}