本文整理汇总了PHP中Security::getCurrentToken方法的典型用法代码示例。如果您正苦于以下问题:PHP Security::getCurrentToken方法的具体用法?PHP Security::getCurrentToken怎么用?PHP Security::getCurrentToken使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类Security
的用法示例。
在下文中一共展示了Security::getCurrentToken方法的11个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: edit_filter
function edit_filter($id, $url_params, $row)
{
global $charset;
$return = '<a href="user_fields_add.php?action=edit&field_id=' . $row[0] . '&field_type=' . $row[2] . '&sec_token=' . Security::getCurrentToken() . '">' . Display::return_icon('edit.png', get_lang('Edit')) . '</a>';
$return .= ' <a href="' . api_get_self() . '?action=delete&field_id=' . $row[0] . '&sec_token=' . Security::getCurrentToken() . '" onclick="javascript:if(!confirm(' . "'" . addslashes(get_lang("ConfirmYourChoice")) . "'" . ')) return false;">' . Display::return_icon('delete.png', get_lang('Delete')) . '</a>';
return $return;
}
示例2: api_not_allowed
$is_member = $usergroup->is_group_member($group_id);
if ($group_info['visibility'] == GROUP_PERMISSION_CLOSED && !$is_member) {
api_not_allowed(true);
}
}
if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
$group_role = $usergroup->get_user_group_role(api_get_user_id(), $group_id);
if (api_is_platform_admin() || in_array($group_role, array(GROUP_USER_PERMISSION_ADMIN, GROUP_USER_PERMISSION_MODERATOR))) {
$usergroup->delete_topic($group_id, $topic_id);
header("Location: groups.php?id={$group_id}&action=show_message&msg=topic_deleted");
exit;
}
}
$content = null;
// save message group
$currentToken = Security::getCurrentToken();
if (isset($_POST['action'])) {
$title = isset($_POST['title']) ? $_POST['title'] : null;
$content = $_POST['content'];
$group_id = intval($_POST['group_id']);
$parent_id = intval($_POST['parent_id']);
if ($_POST['action'] == 'reply_message_group') {
$title = Text::cut($content, 50);
}
if ($_POST['action'] == 'edit_message_group') {
$edit_message_id = intval($_POST['message_id']);
$res = MessageManager::send_message(0, $title, $content, $_FILES, '', $group_id, $parent_id, $edit_message_id, 0, $topic_id);
} else {
if ($_POST['action'] == 'add_message_group' && !$is_member) {
api_not_allowed();
}
示例3: get_lang
}
if ($active == '0') {
$action = 'unlock';
$image = 'wrong';
}
// you cannot lock the default
if ($row['id'] == '1') {
$status = Display::return_icon($image . '.gif', get_lang(ucfirst($action)));
} else {
$status = '<a href="access_urls.php?action=' . $action . '&url_id=' . $row['id'] . '&sec_token=' . Security::getCurrentToken() . '">' . Display::return_icon($image . '.gif', get_lang(ucfirst($action))) . '</a>';
}
//Actions
$url_id = $row['id'];
$actions = Display::url(Display::return_icon('edit.png', get_lang('Edit'), array(), ICON_SIZE_SMALL), "access_url_edit.php?url_id={$url_id}");
if ($url_id != '1') {
$actions .= '<a href="access_urls.php?action=delete_url&url_id=' . $url_id . '&sec_token=' . Security::getCurrentToken() . '" onclick="javascript:if(!confirm(' . "'" . addslashes(get_lang("ConfirmYourChoice")) . "'" . ')) return false;">' . Display::return_icon('delete.png', get_lang('Delete'), array(), ICON_SIZE_SMALL) . '</a>';
}
$urls[] = array($url, $name, $type, $tech, $contact, $status, $actions);
}
$table = new SortableTableFromArrayConfig($urls, 2, 50, 'urls');
$table->set_additional_parameters($parameters);
//$table->set_header(0, '');
$table->set_header(0, 'URL');
$table->set_header(1, get_lang('Name'));
$table->set_header(2, get_lang('URLType'));
$table->set_header(3, 'Dl/Ul/Delay in Kbit/s');
$table->set_header(4, get_lang('Contact'));
$table->set_header(5, get_lang('Active'));
$table->set_header(6, get_lang('Modify'), false);
$table->display();
/* FOOTER */
示例4: modify_filter
//.........这里部分代码省略.........
$user_is_anonymous = false;
$current_user_status_label = $row['7'];
if ($current_user_status_label == $statusname[ANONYMOUS]) {
$user_is_anonymous = true;
}
$result = '';
if (!$user_is_anonymous) {
$icon = Display::return_icon('course.png', get_lang('Courses'), array('onmouseout' => 'clear_course_list (\'div_' . $user_id . '\')'));
$result .= '<a href="javascript:void(0)" onclick="load_course_list(\'div_' . $user_id . '\',' . $user_id . ')" >
' . $icon . '
<div class="blackboard_hide" id="div_' . $user_id . '"> </div>
</a>';
$icon = Display::return_icon('session.png', get_lang('Sessions'), array('onmouseout' => 'clear_session_list (\'div_s_' . $user_id . '\')'));
$result .= '<a href="javascript:void(0)" onclick="load_session_list(\'div_s_' . $user_id . '\',' . $user_id . ')" >
' . $icon . '
<div class="blackboard_hide" id="div_s_' . $user_id . '"> </div>
</a>';
} else {
$result .= Display::return_icon('course_na.png', get_lang('Courses')) . ' ';
$result .= Display::return_icon('course_na.png', get_lang('Sessions')) . ' ';
}
if (api_is_platform_admin()) {
if (!$user_is_anonymous) {
$result .= '<a href="user_information.php?user_id=' . $user_id . '">' . Display::return_icon('synthese_view.gif', get_lang('Info')) . '</a> ';
} else {
$result .= Display::return_icon('synthese_view_na.gif', get_lang('Info')) . ' ';
}
}
//only allow platform admins to login_as, or session admins only for
// students (not teachers nor other admins), and only if all options
// match to say this user has the permission to do so
// $_configuration['login_as_forbidden_globally'], defined in
// configuration.php, is the master key to these conditions
global $_configuration;
if (empty($_configuration['login_as_forbidden_globally']) && (api_is_global_platform_admin() || api_get_setting('login_as_allowed') === 'true' && (api_is_platform_admin() || api_is_session_admin() && $current_user_status_label == $statusname[STUDENT]))) {
if (!$user_is_anonymous) {
if ($app['security']->isGranted('ROLE_GLOBAL_ADMIN')) {
// everything looks good, show "login as" link
if ($user_id != $userId) {
$result .= '<a href="' . api_get_path(WEB_PUBLIC_PATH) . '?_switch_user=' . $row[5] . '">' . Display::return_icon('login_as.gif', get_lang('LoginAs')) . '</a> ';
} else {
$result .= Display::return_icon('login_as_na.gif', get_lang('LoginAs')) . ' ';
}
} else {
// if this user in particular can't be edited, show disabled
$result .= Display::return_icon('login_as_na.gif', get_lang('LoginAs')) . ' ';
}
} else {
// if anonymous user but other users show the option, show disabled
$result .= Display::return_icon('login_as_na.gif', get_lang('LoginAs')) . ' ';
}
}
// Else don't show anything, because the option is not available at all
//$result .= Display::url('<i class="icon-key icon-large"></i>', 'roles');
if ($current_user_status_label != $statusname[STUDENT]) {
$result .= Display::return_icon('statistics_na.gif', get_lang('Reporting')) . ' ';
} else {
$result .= '<a href="../mySpace/myStudents.php?student=' . $user_id . '">' . Display::return_icon('statistics.gif', get_lang('Reporting')) . '</a> ';
}
if (api_is_platform_admin(true)) {
if (!$user_is_anonymous && api_global_admin_can_edit_admin($user_id, null, true)) {
$result .= '<a href="user_edit.php?user_id=' . $user_id . '">' . Display::return_icon('edit.png', get_lang('Edit'), array(), ICON_SIZE_SMALL) . '</a> ';
} else {
$result .= Display::return_icon('edit_na.png', get_lang('Edit'), array(), ICON_SIZE_SMALL) . '</a> ';
}
}
if ($is_admin) {
$result .= Display::return_icon('admin_star.png', get_lang('IsAdministrator'), array('width' => ICON_SIZE_SMALL, 'heigth' => ICON_SIZE_SMALL));
} else {
$result .= Display::return_icon('admin_star_na.png', get_lang('IsNotAdministrator'));
}
// actions for assigning sessions, courses or users
if (api_is_session_admin()) {
/*if ($row[0] == api_get_user_id()) {
$result .= '<a href="dashboard_add_sessions_to_user.php?user='.$user_id.'">'.Display::return_icon('view_more_stats.gif', get_lang('AssignSessions')).'</a> ';
}*/
} else {
if ($current_user_status_label == $statusname[DRH] || UserManager::is_admin($user_id)) {
$result .= '<a href="dashboard_add_users_to_user.php?user=' . $user_id . '">' . Display::return_icon('user_subscribe_course.png', get_lang('AssignUsers'), '', ICON_SIZE_SMALL) . '</a>';
$result .= '<a href="dashboard_add_courses_to_user.php?user=' . $user_id . '">' . Display::return_icon('course_add.gif', get_lang('AssignCourses')) . '</a> ';
$result .= '<a href="dashboard_add_sessions_to_user.php?user=' . $user_id . '">' . Display::return_icon('view_more_stats.gif', get_lang('AssignSessions')) . '</a> ';
} else {
if ($current_user_status_label == $statusname[SESSIONADMIN]) {
$result .= '<a href="dashboard_add_sessions_to_user.php?user=' . $user_id . '">' . Display::return_icon('view_more_stats.gif', get_lang('AssignSessions')) . '</a> ';
}
}
}
if (api_is_platform_admin()) {
$result .= ' <a href="' . api_get_path(WEB_AJAX_PATH) . 'agenda.ajax.php?a=get_user_agenda&user_id=' . $user_id . '" class="agenda_opener">' . Display::return_icon('month.png', get_lang('FreeBusyCalendar'), array(), ICON_SIZE_SMALL) . '</a>';
if ($delete_user_available) {
if ($user_id != api_get_user_id() && !$user_is_anonymous && api_global_admin_can_edit_admin($user_id)) {
// you cannot lock yourself out otherwise you could disable all the accounts including your own => everybody is locked out and nobody can change it anymore.
$result .= ' <a href="user_list.php?action=delete_user&user_id=' . $user_id . '&' . $url_params . '&sec_token=' . Security::getCurrentToken() . '" onclick="javascript:if(!confirm(' . "'" . addslashes(get_lang("ConfirmYourChoice")) . "'" . ')) return false;">' . Display::return_icon('delete.png', get_lang('Delete'), array(), ICON_SIZE_SMALL) . '</a>';
} else {
$result .= Display::return_icon('delete_na.png', get_lang('Delete'), array(), ICON_SIZE_SMALL);
}
}
}
return $result;
}
示例5: actions_filter
function actions_filter($option_id, $url_params, $row)
{
global $number_of_options;
if ($row[0] != 1) {
$return .= '<a href="' . api_get_self() . '?action=moveup&option_id=' . $option_id . '&field_id=' . Security::remove_XSS($_GET['field_id']) . '&sec_token=' . Security::getCurrentToken() . '">' . Display::return_icon('up.gif', get_lang('Up')) . '</a>';
} else {
$return .= Display::return_icon('blank.gif', '', array('width' => '21px'));
}
// the down icon only has to appear when the row can be moved down (all but the last row)
if ($row[0] != $number_of_options) {
$return .= '<a href="' . api_get_self() . '?action=movedown&option_id=' . $option_id . '&field_id=' . Security::remove_XSS($_GET['field_id']) . '&sec_token=' . Security::getCurrentToken() . '">' . Display::return_icon('down.gif', get_lang('Down')) . '</a>';
}
return $return;
}
示例6: array
// Breadcrumbs.
$interbreadcrumb[] = array('url' => api_get_path(WEB_PATH) . 'user_portal.php', 'name' => get_lang('MyCourses'));
if (empty($nameTools)) {
$nameTools = get_lang('CourseManagement');
} else {
if (!in_array($action, array('sortmycourses', 'createcoursecategory', 'display_random_courses', 'display_courses', 'subscribe'))) {
$interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH) . 'auth/courses.php', 'name' => get_lang('CourseManagement'));
}
if ($action == 'createcoursecategory') {
$interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH) . 'auth/courses.php?action=sortmycourses', 'name' => get_lang('SortMyCourses'));
}
$interbreadcrumb[] = array('url' => '#', 'name' => $nameTools);
}
// course description controller object
$courses_controller = new CoursesController();
$ctok = Security::getCurrentToken();
// We are moving a course or category of the user up/down the list (=Sort My Courses).
if (isset($_GET['move'])) {
if (isset($_GET['course'])) {
if ($ctok == $_GET['sec_token']) {
$courses_controller->move_course($_GET['move'], $_GET['course'], $_GET['category']);
}
}
if (isset($_GET['category']) && !$_GET['course']) {
if ($ctok == $_GET['sec_token']) {
$courses_controller->move_category($_GET['move'], $_GET['category']);
}
}
}
// We are moving the course of the user to a different user defined course category (=Sort My Courses).
if (isset($_POST['submit_change_course_category'])) {
示例7: check_token
/**
* This function checks that the token generated in get_token() has been kept (prevents
* Cross-Site Request Forgeries attacks)
* @param string $request_type The array in which to get the token ('get' or 'post')
*
* @return bool True if it's the right token, false otherwise
*
*/
public static function check_token($request_type = 'post')
{
$currentSessionToken = Security::getCurrentToken();
switch ($request_type) {
case 'request':
if (isset($currentSessionToken) && isset($_REQUEST['sec_token']) && $currentSessionToken === $_REQUEST['sec_token']) {
return true;
}
return false;
case 'get':
if (isset($currentSessionToken) && isset($_GET['sec_token']) && $currentSessionToken === $_GET['sec_token']) {
return true;
}
return false;
case 'post':
if (isset($currentSessionToken) && isset($_POST['sec_token']) && $currentSessionToken === $_POST['sec_token']) {
return true;
}
return false;
default:
if (isset($currentSessionToken) && isset($request_type) && $currentSessionToken === $request_type) {
return true;
}
return false;
}
return false;
// Just in case, don't let anything slip.
}
示例8: subscribe_user
/**
* Subscribe the user to a given course
* @param string Course code
* @return string Message about results
*/
public function subscribe_user($course_code)
{
$user_id = api_get_user_id();
$all_course_information = CourseManager::get_course_information($course_code);
if ($all_course_information['registration_code'] == '' || $_POST['course_registration_code'] == $all_course_information['registration_code']) {
if (api_is_platform_admin()) {
$status_user_in_new_course = COURSEMANAGER;
} else {
$status_user_in_new_course = null;
}
if (CourseManager::add_user_to_course($user_id, $all_course_information['real_id'], $status_user_in_new_course)) {
$send = api_get_course_setting('email_alert_to_teacher_on_new_user_in_course', $course_code);
if ($send == 1) {
CourseManager::email_to_tutor($user_id, $course_code, $send_to_tutor_also = false);
} else {
if ($send == 2) {
CourseManager::email_to_tutor($user_id, $course_code, $send_to_tutor_also = true);
}
}
$url = Display::url($all_course_information['title'], api_get_course_url($course_code));
$message = sprintf(get_lang('EnrollToCourseXSuccessful'), $url);
} else {
$message = get_lang('ErrorContactPlatformAdmin');
}
return array('message' => $message);
} else {
if (isset($_POST['course_registration_code']) && $_POST['course_registration_code'] != $all_course_information['registration_code']) {
return false;
}
$message = get_lang('CourseRequiresPassword') . '<br />';
$message .= $all_course_information['title'] . ' (' . $all_course_information['visual_code'] . ') ';
$action = api_get_path(WEB_CODE_PATH) . "auth/courses.php?action=subscribe_user_with_password&sec_token=" . Security::getCurrentToken();
$form = new FormValidator('subscribe_user_with_password', 'post', $action);
$form->addElement('hidden', 'sec_token', Security::getCurrentToken());
$form->addElement('hidden', 'subscribe_user_with_password', $all_course_information['code']);
$form->addElement('text', 'course_registration_code');
$form->addElement('button', 'submit', get_lang('SubmitRegistrationCode'));
$content = $form->return_form();
return array('message' => $message, 'content' => $content);
}
}
示例9: active_filter
/**
* Build the active-column of the table to lock or unlock a certain user
* lock = the user can no longer use this account
* @author Patrick Cool <patrick.cool@UGent.be>, Ghent University
* @param int $active the current state of the account
* @param int $user_id The user id
* @param string $url_params
* @return string Some HTML-code with the lock/unlock button
*/
function active_filter($active, $url_params, $row)
{
global $_user;
if ($active == '1') {
$action = 'lock';
$image = 'right';
} elseif ($active == '-1') {
$action = 'edit';
$image = 'expired';
} elseif ($active == '0') {
$action = 'unlock';
$image = 'wrong';
}
if ($action == 'edit') {
$result = Display::return_icon($image . '.gif', get_lang('AccountExpired'));
} elseif ($row['0'] != $_user['user_id']) {
// you cannot lock yourself out otherwise you could disable all the accounts including your own => everybody is locked out and nobody can change it anymore.
$result = '<a href="user_list.php?action=' . $action . '&user_id=' . $row['0'] . '&' . $url_params . '&sec_token=' . Security::getCurrentToken() . '">' . Display::return_icon($image . '.gif', get_lang(ucfirst($action))) . '</a>';
}
return $result;
}
示例10: modify_filter
/**
* Build the modify-column of the table
* @param int $user_id The user id
* @param string $url_params
* @return string Some HTML-code with modify-buttons
* @author Mustapha Alouani
*/
function modify_filter($user_id, $url_params, $row)
{
$url_params_id = "id[]=" . $row[0];
//$url_params_id="id=".$row[0];
$result .= '<a href="ldap_users_list.php?action=add_user&user_id=' . $user_id . '&id_session=' . Security::remove_XSS($_GET['id_session']) . '&' . $url_params_id . '&sec_token=' . Security::getCurrentToken() . '" onclick="javascript:if(!confirm(' . "'" . addslashes(api_htmlentities(get_lang("ConfirmYourChoice"), ENT_QUOTES, api_get_system_encoding())) . "'" . ')) return false;">' . Display::return_icon('add_user.gif', get_lang('AddUsers')) . '</a>';
return $result;
}
示例11: modify_filter
/**
* Build the modify-column of the table
* @param int The user id
* @param string URL params to add to table links
* @param array Row of elements to alter
* @return string Some HTML-code with modify-buttons
*/
function modify_filter($user_id, $url_params, $row)
{
global $delete_user_available;
$userId = api_get_user_id();
$is_admin = $row['is_admin'];
$user_is_anonymous = $row['is_anonymous'];
$result = '';
if (!$user_is_anonymous) {
$icon = Display::return_icon('course.png', get_lang('Courses'), array('onmouseout' => 'clear_course_list (\'div_' . $user_id . '\')'));
$result .= '<a href="javascript:void(0)" onclick="load_course_list(\'div_' . $user_id . '\',' . $user_id . ')" >
' . $icon . '
<div class="blackboard_hide" id="div_' . $user_id . '"> </div>
</a>';
$icon = Display::return_icon('session.png', get_lang('Sessions'), array('onmouseout' => 'clear_session_list (\'div_s_' . $user_id . '\')'));
$result .= '<a href="javascript:void(0)" onclick="load_session_list(\'div_s_' . $user_id . '\',' . $user_id . ')" >
' . $icon . '
<div class="blackboard_hide" id="div_s_' . $user_id . '"> </div>
</a>';
} else {
$result .= Display::return_icon('course_na.png', get_lang('Courses')) . ' ';
$result .= Display::return_icon('course_na.png', get_lang('Sessions')) . ' ';
}
if (api_is_platform_admin()) {
if (!$user_is_anonymous) {
$result .= '<a href="user_information.php?user_id=' . $user_id . '">' . Display::return_icon('synthese_view.gif', get_lang('Info')) . '</a> ';
} else {
$result .= Display::return_icon('synthese_view_na.gif', get_lang('Info')) . ' ';
}
}
//only allow platform admins to login_as, or session admins only for
// students (not teachers nor other admins), and only if all options
// match to say this user has the permission to do so
// $_configuration['login_as_forbidden_globally'], defined in
// configuration.php, is the master key to these conditions
if (Container::getSecurity()->isGranted('ROLE_GLOBAL_ADMIN')) {
// everything looks good, show "login as" link
if ($user_id != $userId) {
$result .= '<a href="' . api_get_path(WEB_PUBLIC_PATH) . '?_switch_user=' . $row[5] . '">' . Display::return_icon('login_as.gif', get_lang('LoginAs')) . '</a> ';
} else {
$result .= Display::return_icon('login_as_na.gif', get_lang('LoginAs')) . ' ';
}
} else {
// if this user in particular can't be edited, show disabled
$result .= Display::return_icon('login_as_na.gif', get_lang('LoginAs')) . ' ';
}
if (api_is_platform_admin(true)) {
if (!$user_is_anonymous && api_global_admin_can_edit_admin($user_id, null, true)) {
$result .= '<a href="user_edit.php?user_id=' . $user_id . '">' . Display::return_icon('edit.png', get_lang('Edit'), array(), ICON_SIZE_SMALL) . '</a> ';
} else {
$result .= Display::return_icon('edit_na.png', get_lang('Edit'), array(), ICON_SIZE_SMALL) . '</a> ';
}
}
if ($is_admin) {
$result .= Display::return_icon('admin_star.png', get_lang('IsAdministrator'), array('width' => ICON_SIZE_SMALL, 'heigth' => ICON_SIZE_SMALL));
} else {
$result .= Display::return_icon('admin_star_na.png', get_lang('IsNotAdministrator'));
}
// actions for assigning sessions, courses or users
if (api_is_session_admin()) {
/*if ($row[0] == api_get_user_id()) {
$result .= '<a href="dashboard_add_sessions_to_user.php?user='.$user_id.'">'.Display::return_icon('view_more_stats.gif', get_lang('AssignSessions')).'</a> ';
}*/
}
//var_dump($row['groups']);
if (api_is_platform_admin()) {
if ($row['groups']->containsKey('drh') || $is_admin) {
$result .= '<a href="dashboard_add_users_to_user.php?user=' . $user_id . '">' . Display::return_icon('user_subscribe_course.png', get_lang('AssignUsers'), '', ICON_SIZE_SMALL) . '</a>';
$result .= '<a href="dashboard_add_courses_to_user.php?user=' . $user_id . '">' . Display::return_icon('course_add.gif', get_lang('AssignCourses')) . '</a> ';
$result .= '<a href="dashboard_add_sessions_to_user.php?user=' . $user_id . '">' . Display::return_icon('view_more_stats.gif', get_lang('AssignSessions')) . '</a> ';
} else {
if ($row['groups']->containsKey('session_admin')) {
$result .= '<a href="dashboard_add_sessions_to_user.php?user=' . $user_id . '">' . Display::return_icon('view_more_stats.gif', get_lang('AssignSessions')) . '</a> ';
}
}
}
if (api_is_platform_admin()) {
$result .= ' <a href="' . api_get_path(WEB_AJAX_PATH) . 'agenda.ajax.php?a=get_user_agenda&user_id=' . $user_id . '" class="agenda_opener">' . Display::return_icon('month.png', get_lang('FreeBusyCalendar'), array(), ICON_SIZE_SMALL) . '</a>';
if ($delete_user_available) {
if ($user_id != api_get_user_id() && !$user_is_anonymous && api_global_admin_can_edit_admin($user_id)) {
// you cannot lock yourself out otherwise you could disable all the accounts including your own => everybody is locked out and nobody can change it anymore.
$result .= ' <a href="user_list.php?action=delete_user&user_id=' . $user_id . '&' . $url_params . '&sec_token=' . Security::getCurrentToken() . '" onclick="javascript:if(!confirm(' . "'" . addslashes(get_lang("ConfirmYourChoice")) . "'" . ')) return false;">' . Display::return_icon('delete.png', get_lang('Delete'), array(), ICON_SIZE_SMALL) . '</a>';
} else {
$result .= Display::return_icon('delete_na.png', get_lang('Delete'), array(), ICON_SIZE_SMALL);
}
}
}
return $result;
}