当前位置: 首页>>代码示例>>PHP>>正文


PHP Csrf类代码示例

本文整理汇总了PHP中Csrf的典型用法代码示例。如果您正苦于以下问题:PHP Csrf类的具体用法?PHP Csrf怎么用?PHP Csrf使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。


在下文中一共展示了Csrf类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: process

 public function process($parameters)
 {
     $activation = new Activation();
     $csfr = new Csrf();
     $userId = $parameters[0];
     if (!$activation->checkIfIsAdminOfUser($_SESSION['id_user'], $userId)) {
         $this->redirect('error');
     }
     if (isset($_POST['sent'])) {
         if (!Csrf::validateCsrfRequest($_POST['csrf'])) {
             $this->messages[] = ['s' => 'error', 'cs' => 'Možný CSRF útok! Zkuste prosím aktivaci znovu', 'en' => 'Possible CSRF attack! Please try activation again'];
             $this->redirect('error');
         }
         $tariffId = $activation->sanitize($_POST['tariff']);
         $startDate = $activation->sanitize($_POST['startDate']);
         $result = $activation->validateForceActivationData($tariffId, $startDate);
         if ($result['s'] == 'success') {
             $result = $activation->forceActivateUser($activation->getUserEmailFromId($userId), $tariffId, $startDate);
         }
         $this->messages[] = $result;
         if ($result['s'] == 'success') {
             $this->redirect('payments/' . $userId);
         }
     }
     $this->data['csrf'] = $csfr->getCsrfToken();
     $this->data['tariffs'] = $activation->returnTariffsData($this->language);
     $this->header['title'] = ['cs' => 'Aktivace uživatele', 'en' => 'User activation'];
     $this->view = 'forceActivation';
 }
开发者ID:ParalelniPolis,项目名称:TMS2,代码行数:29,代码来源:ForceActivationController.php

示例2: update

 public static function update()
 {
     // verify Csrf token
     if (Csrf::verify(Input::post('token')) === false) {
         Notifications::set('error', 'Invalid token');
         return false;
     }
     $post = Input::post(array('sitename', 'description', 'theme', 'twitter', 'home_page', 'posts_page', 'auto_published_comments', 'posts_per_page'));
     $errors = array();
     if (empty($post['sitename'])) {
         $errors[] = Lang::line('metadata.missing_sitename', 'You need a site sitename');
     }
     if (empty($post['description'])) {
         $errors[] = Lang::line('metadata.missing_sitedescription', 'You need a site description');
     }
     if (empty($post['theme'])) {
         $errors[] = Lang::line('metadata.missing_theme', 'You need a theme');
     }
     // auto publish comments
     $post['auto_published_comments'] = $post['auto_published_comments'] ? 1 : 0;
     // format posts per page, must be a whole number above 1 defaults to 10 if a invalid number is entered
     $post['posts_per_page'] = ($posts_per_page = intval($post['posts_per_page'])) > 0 ? $posts_per_page : 10;
     if (count($errors)) {
         Notifications::set('error', $errors);
         return false;
     }
     foreach ($post as $key => $value) {
         Db::update('meta', array('value' => $value), array('key' => $key));
     }
     Notifications::set('success', Lang::line('metadata.meta_success_updated', 'Your metadata has been updated'));
     return true;
 }
开发者ID:nathggns,项目名称:anchor-cms,代码行数:32,代码来源:metadata.php

示例3: login

 /**
  * The login action, when you do login/login
  */
 public function login()
 {
     // check if csrf token is valid
     if (!Csrf::isTokenValid()) {
         LoginModel::logout();
         Redirect::home();
         exit;
     }
     // perform the login method, put result (true or false) into $login_successful
     $login_successful = LoginModel::login(Request::post('user_name'), Request::post('user_password'), Request::post('set_remember_me_cookie'));
     // check login status: if true, then redirect user to user/index, if false, then to login form again
     if ($login_successful) {
         if (Request::post('redirect')) {
             Redirect::toPreviousViewedPageAfterLogin(ltrim(urldecode(Request::post('redirect')), '/'));
         } else {
             Redirect::to('user/index');
         }
     } else {
         if (Request::post('redirect')) {
             Redirect::to('login?redirect=' . ltrim(urlencode(Request::post('redirect')), '/'));
         } else {
             Redirect::to('login/index');
         }
     }
 }
开发者ID:panique,项目名称:huge,代码行数:28,代码来源:LoginController.php

示例4: editUsername_action

 /**
  * Edit user name (perform the real action after form has been submitted)
  */
 public function editUsername_action()
 {
     // check if csrf token is valid
     if (!Csrf::isTokenValid()) {
         LoginModel::logout();
         Redirect::home();
         exit;
     }
     UserModel::editUserName(Request::post('user_name'));
     Redirect::to('user/editUsername');
 }
开发者ID:AstroTheCoder,项目名称:huge,代码行数:14,代码来源:UserController.php

示例5: process

 function process($parameters)
 {
     $checkUsers = new CheckUsers();
     $userId = $_SESSION['id_user'];
     if (!$checkUsers->checkIfAdmin($userId)) {
         $this->redirect('error');
     }
     $members = $checkUsers->getMembers($userId, $this->language);
     $this->data['csrf'] = Csrf::getCsrfToken();
     $this->data['activeMemberMailList'] = $checkUsers->getActiveMemberMailList($members);
     $this->data['members'] = $members;
     $this->header['title'] = ['cs' => 'Ostatní členové', 'en' => 'Other members'];
     $this->view = 'checkUsers';
 }
开发者ID:vane00ssa,项目名称:TMS2,代码行数:14,代码来源:CheckUsersController.php

示例6: process

 public function process($parameters)
 {
     $deactivation = new Activation();
     $userId = $parameters[0];
     if (!$deactivation->checkIfIsAdminOfUser($_SESSION['id_user'], $userId)) {
         $this->redirect('error');
     }
     $csrfToken = $parameters[1];
     if (!Csrf::validateCsrfRequest($csrfToken)) {
         $this->messages[] = ['s' => 'error', 'cs' => 'Možný CSRF útok! Zkuste prosím deaktivaci znovu', 'en' => 'Possible CSRF attack! Please try deactivation again'];
     } else {
         $email = $deactivation->getUserEmailFromId($userId);
         $result = $deactivation->deactivateUser($email);
         $this->messages[] = $result;
     }
     $this->redirect('checkUsers');
 }
开发者ID:vane00ssa,项目名称:TMS2,代码行数:17,代码来源:ForceDeactivationController.php

示例7: login

 public function login()
 {
     if (!Csrf::isTokenValid()) {
         self::logout();
     }
     $success = LoginModel::login(Request::post('user_name'), Request::post('user_password'), Request::post('set_remember_me_cookie'));
     // check login status: if true, then redirect user login/showProfile, if false, then to login form again
     if ($success) {
         if (Request::post('redirect')) {
             Redirect::to(ltrim(urldecode(Request::post('redirect')), '/'));
         } else {
             Redirect::to('login/showProfile');
         }
     } else {
         Redirect::to('login/index');
     }
 }
开发者ID:scienide00,项目名称:WebDev_ConferenceScheduler,代码行数:17,代码来源:LoginController.php

示例8: process

 function process($parameters)
 {
     $changePersonals = new ChangePersonals();
     if (!$changePersonals->checkLogin()) {
         $this->redirect('error');
     }
     //if empty parameter, add the current user
     if (isset($parameters[0])) {
         $userId = $parameters[0];
     } else {
         $userId = $_SESSION['id_user'];
     }
     //if not admin of the right place, throw error
     if ($userId != $_SESSION['id_user'] && !$changePersonals->checkIfIsAdminOfUser($_SESSION['id_user'], $userId)) {
         $this->redirect('error');
     }
     //if form is sent
     if (isset($_POST['sent'])) {
         $data = $changePersonals->sanitize(['firstname' => $_POST['firstname'], 'surname' => $_POST['surname'], 'telephone' => $_POST['telephone'], 'address' => $_POST['address'], 'ic' => $_POST['ic'], 'p' => $_POST['p'], 'csrf' => $_POST['csrf']]);
         if (!Csrf::validateCsrfRequest($data['csrf'])) {
             $this->messages[] = ['s' => 'error', 'cs' => 'Možný CSRF útok! Zkuste prosím změnit údaje znovu', 'en' => 'Possible CSRF attack! Please try to change your personals again'];
         } else {
             $result = $changePersonals->validateData($data);
             if ($result['s'] == 'success') {
                 $fakturoid = new FakturoidWrapper();
                 //add fakturoid_id into data
                 $data['fakturoid_id'] = $fakturoid->getFakturoidIdFromUserId($userId);
                 if ($fakturoid->updateCustomer($data) == false) {
                     $result = ['s' => 'error', 'cs' => 'Bohužel se nepovedlo uložit data do Faktuoidu; zkus to prosím za pár minut', 'en' => 'Sorry, we didn\'n safe your data into Fakturoid; try it again after a couple of minutes please'];
                 } else {
                     $result = $changePersonals->changePersonalData($data, $userId);
                 }
             }
             $this->messages[] = $result;
         }
     }
     //data for form
     $userData = $changePersonals->getUserData($userId);
     $this->data = $userData['user'];
     $this->data['csrf'] = Csrf::getCsrfToken();
     $this->header['title'] = ['cs' => 'Změna osobních údajů', 'en' => 'Change personal information'];
     $this->view = 'changePersonals';
 }
开发者ID:ParalelniPolis,项目名称:TMS2,代码行数:43,代码来源:ChangePersonalsController.php

示例9: process

 function process($parameters)
 {
     $changePersonals = new ChangePersonals();
     if (!$changePersonals->checkLogin()) {
         $this->redirect('error');
     }
     //if empty parameter, add there current user
     if (isset($parameters[0])) {
         $userId = $parameters[0];
     } else {
         $userId = $_SESSION['id_user'];
     }
     //if not admin of the right place, throw error
     if ($userId != $_SESSION['id_user'] && !$changePersonals->checkIfIsAdminOfUser($_SESSION['id_user'], $userId)) {
         $this->redirect('error');
     }
     //if form is sent
     if (isset($_POST['sent'])) {
         $data = $changePersonals->sanitize(['firstname' => $_POST['firstname'], 'surname' => $_POST['surname'], 'telephone' => $_POST['telephone'], 'address' => $_POST['address'], 'ic' => $_POST['ic'], 'p' => $_POST['p'], 'csrf' => $_POST['csrf']]);
         if (!Csrf::validateCsrfRequest($data['csrf'])) {
             $this->messages[] = ['s' => 'error', 'cs' => 'Možný CSRF útok! Zkuste prosím změnit údaje znovu', 'en' => 'Possible CSRF attack! Please try change your personals again'];
         } else {
             $result = $changePersonals->validateData($data);
             if ($result['s'] == 'success') {
                 $result = $changePersonals->changePersonalData($data, $userId);
             }
             $this->messages[] = $result;
         }
     }
     //data for form
     $user = $changePersonals->getUserData($userId, $this->language);
     $this->data = $user['user'];
     $this->data['csrf'] = Csrf::getCsrfToken();
     $this->header['title'] = ['cs' => 'Změna osobních údajů', 'en' => 'Change Personal info'];
     $this->view = 'changePersonals';
 }
开发者ID:vane00ssa,项目名称:TMS2,代码行数:36,代码来源:ChangePersonalsController.php

示例10: editUsername_action

 /**
  * Edit user name (perform the real action after form has been submitted)
  * Auth::checkAuthentication() makes sure that only logged in users can use this action
  */
 public function editUsername_action()
 {
     Auth::checkAuthentication();
     // check if csrf token is valid
     if (!Csrf::isTokenValid()) {
         self::logout();
     }
     UserModel::editUserName(Request::post('user_name'));
     Redirect::to('login/index');
 }
开发者ID:JavierTavera,项目名称:huge,代码行数:14,代码来源:LoginController.php

示例11: postContentLoad

 /**
  * Do something after content is loaded from DB
  *
  * @param \Cx\Core\ContentManager\Model\Entity\Page $page       The resolved page
  */
 public function postContentLoad(\Cx\Core\ContentManager\Model\Entity\Page $page)
 {
     global $objTemplate;
     Csrf::add_placeholder($objTemplate);
 }
开发者ID:Cloudrexx,项目名称:cloudrexx,代码行数:10,代码来源:ComponentController.class.php

示例12: render

 function render(Container $form, $data, $prefix = '')
 {
     if ($form->if) {
         $this->pushStack(new Test($prefix . $form->if), $data);
     }
     // Add the forms prefix on
     $prefix .= $form->prefix;
     // Group by the form name if it is set
     if ($form->name) {
         if (isset($data[$form->name])) {
             $data = $data[$form->name];
         } else {
             $data = array();
         }
     }
     // Render the <form> tag if it has an action
     if ($form->action) {
         print '<form' . Html::attributes(array('id' => $form->id, 'action' => $form->action, 'method' => $form->method, 'enctype' => $form->upload ? 'multipart/form-data' : NULL)) . '>' . "\n";
         // Send a _csrf field with the form
         print '<input' . Html::attributes(array('type' => 'hidden', 'name' => '_csrf', 'value' => Csrf::generate($form->intent, $form->expire))) . '>' . "\n";
     }
     // Render each of the elements
     foreach ($form->getElements() as $element) {
         $this->renderElement($element, $data, $prefix);
     }
     // Kill anything remaining on the stack
     $this->endStack(NULL);
     // Close the actual form
     if ($form->action) {
         print '</form>' . "\n";
     }
 }
开发者ID:qix,项目名称:phorms,代码行数:32,代码来源:Renderer.php

示例13: cleanRequestURI

            if ($objFWUser->objUser->login($backend)) {
                return true;
            }
        }
        return false;
    }
    /**
     * Remove the CSRF protection parameter from the query string and referrer
     */
    public static function cleanRequestURI()
    {
        // This will remove the parameter from the first position in the query string
        // and leave an URI like "index.php&name=value", which is invalid
        //$csrfUrlModifierPattern = '#(?:\&(?:amp\;)?|\?)?'.self::$formkey.'\=[a-zA-Z0-9_]+#';
        // Better cut the parameter plus trailing ampersand, if any.
        $csrfUrlModifierPattern = '/' . self::$formkey . '\\=[a-zA-Z0-9_]+\\&?/';
        // This will leave the URI valid, even if it's the last parameter;
        // a trailing question mark or ampersand does no harm.
        !empty($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] = preg_replace($csrfUrlModifierPattern, '', $_SERVER['QUERY_STRING']) : false;
        !empty($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] = preg_replace($csrfUrlModifierPattern, '', $_SERVER['REQUEST_URI']) : false;
        !empty($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] = preg_replace($csrfUrlModifierPattern, '', $_SERVER['HTTP_REFERER']) : false;
        !empty($_SERVER['argv']) ? $_SERVER['argv'] = preg_grep($csrfUrlModifierPattern, $_SERVER['argv'], PREG_GREP_INVERT) : false;
    }
    public static function setFrontendMode()
    {
        self::$frontend_mode = true;
        @ini_set('url_rewriter.tags', 'area=href,frame=src,iframe=src,input=src,form=,fieldset=');
    }
}
Csrf::cleanRequestURI();
开发者ID:hbdsklf,项目名称:LimeCMS,代码行数:30,代码来源:Csrf.class.php

示例14: add

 public static function add()
 {
     // verify Csrf token
     if (Csrf::verify(Input::post('token')) === false) {
         Notifications::set('error', 'Invalid token');
         return false;
     }
     $post = Input::post(array('slug', 'name', 'title', 'content', 'redirect', 'status'));
     $errors = array();
     if (empty($post['name'])) {
         $errors[] = Lang::line('pages.missing_name', 'Please enter a name');
     }
     if (empty($post['title'])) {
         $errors[] = Lang::line('pages.missing_title', 'Please enter a title');
     }
     // check for duplicate slug
     $sql = "select id from pages where slug = ?";
     if (Db::row($sql, array($post['slug']))) {
         $errors[] = Lang::line('pages.duplicate_slug', 'A pages with the same slug already exists, please change your page slug.');
     }
     if (count($errors)) {
         Notifications::set('error', $errors);
         return false;
     }
     if (empty($post['slug'])) {
         $post['slug'] = $post['name'];
     }
     $post['slug'] = Str::slug($post['slug']);
     Db::insert('pages', $post);
     Notifications::set('success', Lang::line('pages.page_success_created', 'Your new page has been added'));
     return true;
 }
开发者ID:nathggns,项目名称:anchor-cms,代码行数:32,代码来源:pages.php

示例15: function

/*
|--------------------------------------------------------------------------
| CSRF Protection Filter
|--------------------------------------------------------------------------
|
| The CSRF filter is responsible for protecting your application against
| cross-site request forgery attacks. If this special token in a user
| session does not match the one given in this request, we'll bail.
|
*/
Route::filter('csrf', function () {
    if (Request::isMethod('get') || Request::isMethod('options')) {
        return;
    }
    // throws exception if token invalid
    Csrf::check();
});
/*
|--------------------------------------------------------------------------
| X-Frame-Options Header Filter
|--------------------------------------------------------------------------
|
| Prevents pages being loaded in an iframe.
|
*/
Route::filter('setXFrameOptionsHeader', function ($route, $request, $response) {
    if (method_exists($response, "header")) {
        $response->header("X-Frame-Options", "deny");
    }
});
/*
开发者ID:joshhodgson,项目名称:Website,代码行数:31,代码来源:filters.php


注:本文中的Csrf类示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。