本文整理汇总了PHP中CSRFProtection::verifySecurityToken方法的典型用法代码示例。如果您正苦于以下问题:PHP CSRFProtection::verifySecurityToken方法的具体用法?PHP CSRFProtection::verifySecurityToken怎么用?PHP CSRFProtection::verifySecurityToken使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类CSRFProtection的用法示例。
在下文中一共展示了CSRFProtection::verifySecurityToken方法的7个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: before_filter
public function before_filter(&$action, &$args)
{
parent::before_filter($action, $args);
// Lock context to user id
$this->owner = $GLOBALS['user'];
$this->context_id = $this->owner->id;
$this->full_access = true;
if (Config::get()->PERSONALDOCUMENT_OPEN_ACCESS) {
$username = Request::username('username', $GLOBALS['user']->username);
$user = User::findByUsername($username);
if ($user && $user->id !== $GLOBALS['user']->id) {
$this->owner = $user;
$this->context_id = $user->id;
$this->full_access = Config::get()->PERSONALDOCUMENT_OPEN_ACCESS_ROOT_PRIVILEDGED && $GLOBALS['user']->perms === 'root';
URLHelper::bindLinkParam('username', $username);
}
}
$this->limit = $GLOBALS['user']->cfg->PERSONAL_FILES_ENTRIES_PER_PAGE ?: Config::get()->ENTRIES_PER_PAGE;
$this->userConfig = DocUsergroupConfig::getUserConfig($GLOBALS['user']->id);
if ($this->userConfig['area_close'] == 1) {
$this->redirect('document/closed/index');
}
if (Request::isPost()) {
CSRFProtection::verifySecurityToken();
}
if (($ticket = Request::get('studip-ticket')) && !check_ticket($ticket)) {
$message = _('Bei der Verarbeitung Ihrer Anfrage ist ein Fehler aufgetreten.') . "\n" . _('Bitte versuchen Sie es erneut.');
PageLayout::postMessage(MessageBox::error($message));
$this->redirect('document/files/index');
}
}示例2: remove_news
/**
* generates proper text for confirmation question and removes range_id from news
*
*
* @param $remove_array array with $news_id as key and array of range_ids as value
* @param string $range_id
* @return string text for confirmation question or empty string after removal
*/
function remove_news($remove_array)
{
$confirmed = false;
$question_text = array();
if (!is_array($remove_array)) {
return false;
}
if (Request::submitted('yes') and Request::isPost()) {
CSRFProtection::verifySecurityToken();
$confirmed = true;
}
foreach ($remove_array as $news_id => $ranges) {
$remove_news = new StudipNews($news_id);
$remove_news_title = $remove_news->getValue('topic');
if (!is_array($ranges)) {
$ranges = array($ranges);
}
// should we delete news completely
if (count($ranges) == count($remove_news->getRanges())) {
$text = delete_news($news_id);
if ($text) {
$question_text[] = $text;
}
// or just remove range_id(s)?
} else {
$text = '';
if ($confirmed and !$remove_news->isNew() and count($ranges)) {
foreach ($ranges as $key => $range_id) {
if ($remove_news->havePermission('unassign', $range_id)) {
$remove_news->deleteRange($range_id);
} else {
unset($ranges[$key]);
PageLayout::postMessage(MessageBox::error(sprintf(_('Keine Berechtigung zum Entfernen der Ankündigung "%s" aus diesem Bereich.'), htmlReady($remove_news->getValue('topic')))));
}
if (count($ranges)) {
if (count($ranges) == 1) {
PageLayout::postMessage(MessageBox::success(sprintf(_('Ankündigung "%s" wurde aus dem Bereich entfernt.'), htmlReady($remove_news->getValue('topic')))));
} else {
PageLayout::postMessage(MessageBox::success(sprintf(_('Ankündigung "%s" wurde aus %s Bereichen entfernt.'), htmlReady($remove_news->getValue('topic')), count($ranges))));
}
$remove_news->store();
}
}
} elseif (!$confirmed) {
if (count($ranges) == 1) {
$text = sprintf(_('- Die Ankündigung "%s" wird aus dem aktiven Bereich entfernt. ' . 'Sie wird dadurch nicht endgültig gelöscht. Es wird nur die Zuordnung entfernt.'), $remove_news_title) . "\n";
} elseif (count($ranges) > 1) {
$text = sprintf(_('- Die Ankündigung "%s" wird aus den %s gewählten Bereichen entfernt. ' . 'Sie wird dadurch nicht endgültig gelöscht. Es werden nur die Zuordnungen entfernt.'), $remove_news_title, count($ranges)) . "\n";
}
}
if ($text) {
$question_text[] = $text;
}
}
}
if (count($question_text) > 1) {
return _('Wollen Sie die folgenden Aktionen jetzt ausführen?') . "\n" . implode($question_text);
} elseif (count($question_text) == 1) {
return _('Wollen Sie diese Aktion jetzt ausführen?') . "\n" . implode($question_text);
}
}示例3: sortAlphabetic_action
/**
* Delete a group
*/
public function sortAlphabetic_action($group_id)
{
$this->check('edit');
$this->group = new Statusgruppen($group_id);
if (Request::submitted('confirm')) {
CSRFProtection::verifySecurityToken();
$this->group->sortMembersAlphabetic();
$this->redirect('admin/statusgroups/index');
}
}示例4: save_action
/**
* save tour data
*
* @param String $tour_id tour id
*/
function save_action($tour_id = '')
{
// check permission
$GLOBALS['perm']->check('root');
// initialize
Navigation::activateItem('/admin/config/tour');
$this->tour = new HelpTour($tour_id);
if ($tour_id and $this->tour->isNew()) {
throw new AccessDeniedException(_('Die Tour mit der angegebenen ID existiert nicht.'));
}
if (Request::submitted('save_tour_details')) {
CSRFProtection::verifySecurityToken();
$this->tour->name = trim(Request::get('tour_name'));
$this->tour->description = trim(Request::get('tour_description'));
if (Request::option('tour_language')) {
$this->tour->language = Request::option('tour_language');
}
$this->tour->type = Request::option('tour_type');
$this->tour->settings->access = Request::option('tour_access');
$this->tour->roles = implode(',', Request::getArray('tour_roles'));
if ($this->tour->isNew()) {
$this->tour->global_tour_id = md5(uniqid('help_tours', 1));
$this->tour->settings->active = 0;
}
$this->tour->author_email = $GLOBALS['user']->Email;
$this->tour->studip_version = $GLOBALS['SOFTWARE_VERSION'];
if ($this->tour->validate()) {
$this->tour->store();
if (!count($this->tour->steps)) {
$step_data = array('title' => '', 'tip' => _('(Neue Tour)'), 'interactive' => 0, 'route' => trim(Request::get('tour_startpage')), 'css_selector' => '', 'action_prev' => '', 'action_next' => '', 'orientation' => '', 'mkdate' => time(), 'author_email' => $GLOBALS['user']->Email);
$this->tour->addStep($step_data, 1);
$this->tour_startpage = trim(Request::get('tour_startpage'));
}
PageLayout::postMessage(MessageBox::success(_('Die Angaben wurden gespeichert.')));
} else {
$roles = '';
if (count(Request::getArray('tour_roles'))) {
foreach (Request::getArray('tour_roles') as $role) {
$roles .= '&tour_roles[]=' . $role;
}
}
$this->redirect('tour/admin_details?tour_name=' . Request::get('tour_name') . '&tour_language=' . Request::get('tour_language') . '&tour_description=' . Request::get('tour_description') . '&tour_type=' . Request::get('tour_type') . '&tour_access=' . Request::get('tour_access') . '&tour_startpage=' . Request::get('tour_startpage') . $roles);
}
}
$this->redirect('tour/admin_details/' . $this->tour->tour_id);
}示例5: delete_action
/**
* delete help content
*
* @param String $id id of help content
*/
function delete_action($id)
{
if (!$this->help_admin) {
return $this->render_nothing();
}
// Output as dialog (Ajax-Request) or as Stud.IP page?
if ($this->via_ajax) {
header('X-Title: ' . _('Hilfe-Text löschen'));
}
CSRFProtection::verifySecurityToken();
$this->help_content = HelpContent::GetContentByID($id);
if (is_object($this->help_content)) {
if (Request::submitted('delete_help_content')) {
PageLayout::postMessage(MessageBox::success(sprintf(_('Der Hilfe-Text zur Route "%s" wurde gelöscht.'), $this->help_content->route)));
$this->help_content->delete();
header('X-Dialog-Close: 1');
return $this->render_nothing();
}
}
// prepare delete dialog
$this->help_content_id = $id;
}示例6: share_action
public function share_action($range_id = null)
{
$this->range_id = $range_id ?: $this->range_id;
$this->calendar = new SingleCalendar($this->range_id);
$this->short_id = null;
if ($this->calendar->havePermission(Calendar::PERMISSION_OWN)) {
if (Request::submitted('delete_id')) {
CSRFProtection::verifySecurityToken();
IcalExport::deleteKey($GLOBALS['user']->id);
PageLayout::postMessage(MessageBox::success(_('Die Adresse, unter der Ihre Termine abrufbar sind, wurde gelöscht')));
}
if (Request::submitted('new_id')) {
CSRFProtection::verifySecurityToken();
$this->short_id = IcalExport::setKey($GLOBALS['user']->id);
PageLayout::postMessage(MessageBox::success(_('Eine Adresse, unter der Ihre Termine abrufbar sind, wurde erstellt.')));
} else {
$this->short_id = IcalExport::getKeyByUser($GLOBALS['user']->id);
}
if (Request::submitted('submit_email')) {
$email_reg_exp = '/^([-.0-9=?A-Z_a-z{|}~])+@([-.0-9=?A-Z_a-z{|}~])+\\.[a-zA-Z]{2,6}$/i';
if (preg_match($email_reg_exp, Request::get('email')) !== 0) {
$subject = '[' . get_config('UNI_NAME_CLEAN') . ']' . _('Exportadresse für Ihre Termine');
$text .= _("Diese Email wurde vom Stud.IP-System verschickt. Sie können\n auf diese Nachricht nicht antworten.") . "\n\n";
$text .= _('Über diese Adresse erreichen Sie den Export für Ihre Termine:') . "\n\n";
$text .= $GLOBALS['ABSOLUTE_URI_STUDIP'] . 'dispatch.php/ical/index/' . IcalExport::getKeyByUser($GLOBALS['user']->id);
StudipMail::sendMessage(Request::get('email'), $subject, $text);
PageLayout::postMessage(MessageBox::success(_('Die Adresse wurde verschickt!')));
} else {
PageLayout::postMessage(MessageBox::error(_('Bitte geben Sie eine gültige Email-Adresse an.')));
}
$this->short_id = IcalExport::getKeyByUser($GLOBALS['user']->id);
}
}
PageLayout::setTitle($this->getTitle($this->calendar, _('Kalender teilen oder einbetten')));
$this->createSidebar('share', $this->calendar);
$this->createSidebarFilter();
}示例7: edit_news_action
//.........这里部分代码省略.........
$this->comments_admin = true;
}
if (is_array($this->comments)) {
foreach ($this->comments as $key => $comment) {
if (Request::submitted('news_delete_comment_' . $comment['comment_id'])) {
$this->anker = 'news_comments';
$this->flash['question_text'] = delete_comments($comment['comment_id']);
$this->flash['question_param'] = array('mark_comments' => array($comment['comment_id']), 'delete_marked_comments' => 1);
}
}
}
// open / close category
foreach ($this->news_isvisible as $category => $value) {
if (Request::submitted('toggle_' . $category) or Request::get($category . '_js')) {
$this->news_isvisible[$category] = $this->news_isvisible[$category] ? false : true;
$this->anker = $category;
}
}
// add / remove areas
if (Request::submitted('news_add_areas') and is_array($this->area_options_selectable)) {
$this->anker = 'news_areas';
foreach (Request::optionArray('area_options_selectable') as $range_id) {
foreach ($this->area_options_selectable as $type => $data) {
if (isset($data[$range_id])) {
$this->area_options_selected[$type][$range_id] = $data[$range_id];
unset($this->area_options_selectable[$type][$range_id]);
}
}
}
}
if (Request::submitted('news_remove_areas') and is_array($this->area_options_selected)) {
$this->anker = 'news_areas';
foreach (Request::optionArray('area_options_selected') as $range_id) {
foreach ($this->area_options_selected as $type => $data) {
if (isset($data[$range_id])) {
$this->area_options_selectable[$type][$range_id] = $data[$range_id];
unset($this->area_options_selected[$type][$range_id]);
}
}
}
}
// prepare to save news
if (Request::submitted('save_news') and Request::isPost()) {
CSRFProtection::verifySecurityToken();
//prepare ranges array for already assigned news_ranges
foreach ($news->getRanges() as $range_id) {
$this->ranges[$range_id] = get_object_type($range_id, array('global', 'fak', 'inst', 'sem', 'user'));
}
// check if new ranges must be added
foreach ($this->area_options_selected as $type => $area_group) {
foreach ($area_group as $range_id => $area_title) {
if (!isset($this->ranges[$range_id])) {
if ($news->haveRangePermission('edit', $range_id)) {
$news->addRange($range_id);
$changed = true;
} else {
PageLayout::postMessage(MessageBox::error(sprintf(_('Sie haben keine Berechtigung zum Ändern der Bereichsverknüpfung für "%s".'), htmlReady($area_title))));
$error++;
}
}
}
}
// check if assigned ranges must be removed
foreach ($this->ranges as $range_id => $range_type) {
if ($range_type === 'fak' && !isset($this->area_options_selected['inst'][$range_id]) || $range_type !== 'fak' && !isset($this->area_options_selected[$range_type][$range_id])) {
if ($news->havePermission('unassign', $range_id)) {
$news->deleteRange($range_id);
$changed = true;
} else {
PageLayout::postMessage(MessageBox::error(_('Sie haben keine Berechtigung zum Ändern der Bereichsverknüpfung.')));
$error++;
}
}
}
// save news
if ($news->validate() and !$error) {
if ($news->getValue('user_id') != $GLOBALS['auth']->auth['uid']) {
$news->setValue('chdate_uid', $GLOBALS['auth']->auth['uid']);
setTempLanguage($news->getValue('user_id'));
$msg = sprintf(_('Ihre Ankündigung "%s" wurde von %s verändert.'), $news->getValue('topic'), get_fullname() . ' (' . get_username() . ')') . "\n";
$msg_object->insert_message($msg, get_username($news->getValue('user_id')), "____%system%____", FALSE, FALSE, "1", FALSE, _("Systemnachricht:") . " " . _("Ankündigung geändert"));
restoreLanguage();
} else {
$news->setValue('chdate_uid', '');
}
$news->store();
PageLayout::postMessage(MessageBox::success(_('Die Ankündigung wurde gespeichert.')));
// in fallback mode redirect to edit page with proper news id
if (!Request::isXhr() and !$id) {
$this->redirect('news/edit_news/' . $news->getValue('news_id'));
} elseif (Request::isXhr()) {
$this->render_nothing();
}
}
}
// check if user has full permission on news object
if ($news->havePermission('delete')) {
$this->may_delete = true;
}
}