本文整理汇总了PHP中Csrf类的典型用法代码示例。如果您正苦于以下问题:PHP Csrf类的具体用法?PHP Csrf怎么用?PHP Csrf使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了Csrf类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: process
public function process($parameters)
{
$activation = new Activation();
$csfr = new Csrf();
$userId = $parameters[0];
if (!$activation->checkIfIsAdminOfUser($_SESSION['id_user'], $userId)) {
$this->redirect('error');
}
if (isset($_POST['sent'])) {
if (!Csrf::validateCsrfRequest($_POST['csrf'])) {
$this->messages[] = ['s' => 'error', 'cs' => 'Možný CSRF útok! Zkuste prosím aktivaci znovu', 'en' => 'Possible CSRF attack! Please try activation again'];
$this->redirect('error');
}
$tariffId = $activation->sanitize($_POST['tariff']);
$startDate = $activation->sanitize($_POST['startDate']);
$result = $activation->validateForceActivationData($tariffId, $startDate);
if ($result['s'] == 'success') {
$result = $activation->forceActivateUser($activation->getUserEmailFromId($userId), $tariffId, $startDate);
}
$this->messages[] = $result;
if ($result['s'] == 'success') {
$this->redirect('payments/' . $userId);
}
}
$this->data['csrf'] = $csfr->getCsrfToken();
$this->data['tariffs'] = $activation->returnTariffsData($this->language);
$this->header['title'] = ['cs' => 'Aktivace uživatele', 'en' => 'User activation'];
$this->view = 'forceActivation';
}示例2: update
public static function update()
{
// verify Csrf token
if (Csrf::verify(Input::post('token')) === false) {
Notifications::set('error', 'Invalid token');
return false;
}
$post = Input::post(array('sitename', 'description', 'theme', 'twitter', 'home_page', 'posts_page', 'auto_published_comments', 'posts_per_page'));
$errors = array();
if (empty($post['sitename'])) {
$errors[] = Lang::line('metadata.missing_sitename', 'You need a site sitename');
}
if (empty($post['description'])) {
$errors[] = Lang::line('metadata.missing_sitedescription', 'You need a site description');
}
if (empty($post['theme'])) {
$errors[] = Lang::line('metadata.missing_theme', 'You need a theme');
}
// auto publish comments
$post['auto_published_comments'] = $post['auto_published_comments'] ? 1 : 0;
// format posts per page, must be a whole number above 1 defaults to 10 if a invalid number is entered
$post['posts_per_page'] = ($posts_per_page = intval($post['posts_per_page'])) > 0 ? $posts_per_page : 10;
if (count($errors)) {
Notifications::set('error', $errors);
return false;
}
foreach ($post as $key => $value) {
Db::update('meta', array('value' => $value), array('key' => $key));
}
Notifications::set('success', Lang::line('metadata.meta_success_updated', 'Your metadata has been updated'));
return true;
}示例3: login
/**
* The login action, when you do login/login
*/
public function login()
{
// check if csrf token is valid
if (!Csrf::isTokenValid()) {
LoginModel::logout();
Redirect::home();
exit;
}
// perform the login method, put result (true or false) into $login_successful
$login_successful = LoginModel::login(Request::post('user_name'), Request::post('user_password'), Request::post('set_remember_me_cookie'));
// check login status: if true, then redirect user to user/index, if false, then to login form again
if ($login_successful) {
if (Request::post('redirect')) {
Redirect::toPreviousViewedPageAfterLogin(ltrim(urldecode(Request::post('redirect')), '/'));
} else {
Redirect::to('user/index');
}
} else {
if (Request::post('redirect')) {
Redirect::to('login?redirect=' . ltrim(urlencode(Request::post('redirect')), '/'));
} else {
Redirect::to('login/index');
}
}
}示例4: editUsername_action
/**
* Edit user name (perform the real action after form has been submitted)
*/
public function editUsername_action()
{
// check if csrf token is valid
if (!Csrf::isTokenValid()) {
LoginModel::logout();
Redirect::home();
exit;
}
UserModel::editUserName(Request::post('user_name'));
Redirect::to('user/editUsername');
}示例5: process
function process($parameters)
{
$checkUsers = new CheckUsers();
$userId = $_SESSION['id_user'];
if (!$checkUsers->checkIfAdmin($userId)) {
$this->redirect('error');
}
$members = $checkUsers->getMembers($userId, $this->language);
$this->data['csrf'] = Csrf::getCsrfToken();
$this->data['activeMemberMailList'] = $checkUsers->getActiveMemberMailList($members);
$this->data['members'] = $members;
$this->header['title'] = ['cs' => 'Ostatní členové', 'en' => 'Other members'];
$this->view = 'checkUsers';
}示例6: process
public function process($parameters)
{
$deactivation = new Activation();
$userId = $parameters[0];
if (!$deactivation->checkIfIsAdminOfUser($_SESSION['id_user'], $userId)) {
$this->redirect('error');
}
$csrfToken = $parameters[1];
if (!Csrf::validateCsrfRequest($csrfToken)) {
$this->messages[] = ['s' => 'error', 'cs' => 'Možný CSRF útok! Zkuste prosím deaktivaci znovu', 'en' => 'Possible CSRF attack! Please try deactivation again'];
} else {
$email = $deactivation->getUserEmailFromId($userId);
$result = $deactivation->deactivateUser($email);
$this->messages[] = $result;
}
$this->redirect('checkUsers');
}示例7: login
public function login()
{
if (!Csrf::isTokenValid()) {
self::logout();
}
$success = LoginModel::login(Request::post('user_name'), Request::post('user_password'), Request::post('set_remember_me_cookie'));
// check login status: if true, then redirect user login/showProfile, if false, then to login form again
if ($success) {
if (Request::post('redirect')) {
Redirect::to(ltrim(urldecode(Request::post('redirect')), '/'));
} else {
Redirect::to('login/showProfile');
}
} else {
Redirect::to('login/index');
}
}示例8: process
function process($parameters)
{
$changePersonals = new ChangePersonals();
if (!$changePersonals->checkLogin()) {
$this->redirect('error');
}
//if empty parameter, add the current user
if (isset($parameters[0])) {
$userId = $parameters[0];
} else {
$userId = $_SESSION['id_user'];
}
//if not admin of the right place, throw error
if ($userId != $_SESSION['id_user'] && !$changePersonals->checkIfIsAdminOfUser($_SESSION['id_user'], $userId)) {
$this->redirect('error');
}
//if form is sent
if (isset($_POST['sent'])) {
$data = $changePersonals->sanitize(['firstname' => $_POST['firstname'], 'surname' => $_POST['surname'], 'telephone' => $_POST['telephone'], 'address' => $_POST['address'], 'ic' => $_POST['ic'], 'p' => $_POST['p'], 'csrf' => $_POST['csrf']]);
if (!Csrf::validateCsrfRequest($data['csrf'])) {
$this->messages[] = ['s' => 'error', 'cs' => 'Možný CSRF útok! Zkuste prosím změnit údaje znovu', 'en' => 'Possible CSRF attack! Please try to change your personals again'];
} else {
$result = $changePersonals->validateData($data);
if ($result['s'] == 'success') {
$fakturoid = new FakturoidWrapper();
//add fakturoid_id into data
$data['fakturoid_id'] = $fakturoid->getFakturoidIdFromUserId($userId);
if ($fakturoid->updateCustomer($data) == false) {
$result = ['s' => 'error', 'cs' => 'Bohužel se nepovedlo uložit data do Faktuoidu; zkus to prosím za pár minut', 'en' => 'Sorry, we didn\'n safe your data into Fakturoid; try it again after a couple of minutes please'];
} else {
$result = $changePersonals->changePersonalData($data, $userId);
}
}
$this->messages[] = $result;
}
}
//data for form
$userData = $changePersonals->getUserData($userId);
$this->data = $userData['user'];
$this->data['csrf'] = Csrf::getCsrfToken();
$this->header['title'] = ['cs' => 'Změna osobních údajů', 'en' => 'Change personal information'];
$this->view = 'changePersonals';
}示例9: process
function process($parameters)
{
$changePersonals = new ChangePersonals();
if (!$changePersonals->checkLogin()) {
$this->redirect('error');
}
//if empty parameter, add there current user
if (isset($parameters[0])) {
$userId = $parameters[0];
} else {
$userId = $_SESSION['id_user'];
}
//if not admin of the right place, throw error
if ($userId != $_SESSION['id_user'] && !$changePersonals->checkIfIsAdminOfUser($_SESSION['id_user'], $userId)) {
$this->redirect('error');
}
//if form is sent
if (isset($_POST['sent'])) {
$data = $changePersonals->sanitize(['firstname' => $_POST['firstname'], 'surname' => $_POST['surname'], 'telephone' => $_POST['telephone'], 'address' => $_POST['address'], 'ic' => $_POST['ic'], 'p' => $_POST['p'], 'csrf' => $_POST['csrf']]);
if (!Csrf::validateCsrfRequest($data['csrf'])) {
$this->messages[] = ['s' => 'error', 'cs' => 'Možný CSRF útok! Zkuste prosím změnit údaje znovu', 'en' => 'Possible CSRF attack! Please try change your personals again'];
} else {
$result = $changePersonals->validateData($data);
if ($result['s'] == 'success') {
$result = $changePersonals->changePersonalData($data, $userId);
}
$this->messages[] = $result;
}
}
//data for form
$user = $changePersonals->getUserData($userId, $this->language);
$this->data = $user['user'];
$this->data['csrf'] = Csrf::getCsrfToken();
$this->header['title'] = ['cs' => 'Změna osobních údajů', 'en' => 'Change Personal info'];
$this->view = 'changePersonals';
}示例10: editUsername_action
/**
* Edit user name (perform the real action after form has been submitted)
* Auth::checkAuthentication() makes sure that only logged in users can use this action
*/
public function editUsername_action()
{
Auth::checkAuthentication();
// check if csrf token is valid
if (!Csrf::isTokenValid()) {
self::logout();
}
UserModel::editUserName(Request::post('user_name'));
Redirect::to('login/index');
}示例11: postContentLoad
/**
* Do something after content is loaded from DB
*
* @param \Cx\Core\ContentManager\Model\Entity\Page $page The resolved page
*/
public function postContentLoad(\Cx\Core\ContentManager\Model\Entity\Page $page)
{
global $objTemplate;
Csrf::add_placeholder($objTemplate);
}示例12: render
function render(Container $form, $data, $prefix = '')
{
if ($form->if) {
$this->pushStack(new Test($prefix . $form->if), $data);
}
// Add the forms prefix on
$prefix .= $form->prefix;
// Group by the form name if it is set
if ($form->name) {
if (isset($data[$form->name])) {
$data = $data[$form->name];
} else {
$data = array();
}
}
// Render the <form> tag if it has an action
if ($form->action) {
print '<form' . Html::attributes(array('id' => $form->id, 'action' => $form->action, 'method' => $form->method, 'enctype' => $form->upload ? 'multipart/form-data' : NULL)) . '>' . "\n";
// Send a _csrf field with the form
print '<input' . Html::attributes(array('type' => 'hidden', 'name' => '_csrf', 'value' => Csrf::generate($form->intent, $form->expire))) . '>' . "\n";
}
// Render each of the elements
foreach ($form->getElements() as $element) {
$this->renderElement($element, $data, $prefix);
}
// Kill anything remaining on the stack
$this->endStack(NULL);
// Close the actual form
if ($form->action) {
print '</form>' . "\n";
}
}示例13: cleanRequestURI
if ($objFWUser->objUser->login($backend)) {
return true;
}
}
return false;
}
/**
* Remove the CSRF protection parameter from the query string and referrer
*/
public static function cleanRequestURI()
{
// This will remove the parameter from the first position in the query string
// and leave an URI like "index.php&name=value", which is invalid
//$csrfUrlModifierPattern = '#(?:\&(?:amp\;)?|\?)?'.self::$formkey.'\=[a-zA-Z0-9_]+#';
// Better cut the parameter plus trailing ampersand, if any.
$csrfUrlModifierPattern = '/' . self::$formkey . '\\=[a-zA-Z0-9_]+\\&?/';
// This will leave the URI valid, even if it's the last parameter;
// a trailing question mark or ampersand does no harm.
!empty($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] = preg_replace($csrfUrlModifierPattern, '', $_SERVER['QUERY_STRING']) : false;
!empty($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] = preg_replace($csrfUrlModifierPattern, '', $_SERVER['REQUEST_URI']) : false;
!empty($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] = preg_replace($csrfUrlModifierPattern, '', $_SERVER['HTTP_REFERER']) : false;
!empty($_SERVER['argv']) ? $_SERVER['argv'] = preg_grep($csrfUrlModifierPattern, $_SERVER['argv'], PREG_GREP_INVERT) : false;
}
public static function setFrontendMode()
{
self::$frontend_mode = true;
@ini_set('url_rewriter.tags', 'area=href,frame=src,iframe=src,input=src,form=,fieldset=');
}
}
Csrf::cleanRequestURI();示例14: add
public static function add()
{
// verify Csrf token
if (Csrf::verify(Input::post('token')) === false) {
Notifications::set('error', 'Invalid token');
return false;
}
$post = Input::post(array('slug', 'name', 'title', 'content', 'redirect', 'status'));
$errors = array();
if (empty($post['name'])) {
$errors[] = Lang::line('pages.missing_name', 'Please enter a name');
}
if (empty($post['title'])) {
$errors[] = Lang::line('pages.missing_title', 'Please enter a title');
}
// check for duplicate slug
$sql = "select id from pages where slug = ?";
if (Db::row($sql, array($post['slug']))) {
$errors[] = Lang::line('pages.duplicate_slug', 'A pages with the same slug already exists, please change your page slug.');
}
if (count($errors)) {
Notifications::set('error', $errors);
return false;
}
if (empty($post['slug'])) {
$post['slug'] = $post['name'];
}
$post['slug'] = Str::slug($post['slug']);
Db::insert('pages', $post);
Notifications::set('success', Lang::line('pages.page_success_created', 'Your new page has been added'));
return true;
}示例15: function
/*
|--------------------------------------------------------------------------
| CSRF Protection Filter
|--------------------------------------------------------------------------
|
| The CSRF filter is responsible for protecting your application against
| cross-site request forgery attacks. If this special token in a user
| session does not match the one given in this request, we'll bail.
|
*/
Route::filter('csrf', function () {
if (Request::isMethod('get') || Request::isMethod('options')) {
return;
}
// throws exception if token invalid
Csrf::check();
});
/*
|--------------------------------------------------------------------------
| X-Frame-Options Header Filter
|--------------------------------------------------------------------------
|
| Prevents pages being loaded in an iframe.
|
*/
Route::filter('setXFrameOptionsHeader', function ($route, $request, $response) {
if (method_exists($response, "header")) {
$response->header("X-Frame-Options", "deny");
}
});
/*