当前位置: 首页>>代码示例>>PHP>>正文


PHP SecurityUtil::generateCsrfToken方法代码示例

本文整理汇总了PHP中SecurityUtil::generateCsrfToken方法的典型用法代码示例。如果您正苦于以下问题:PHP SecurityUtil::generateCsrfToken方法的具体用法?PHP SecurityUtil::generateCsrfToken怎么用?PHP SecurityUtil::generateCsrfToken使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在SecurityUtil的用法示例。


在下文中一共展示了SecurityUtil::generateCsrfToken方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: __construct

 /**
  * Constructor.
  *
  * @param mixed $message Response status/error message, may be string or array.
  * @param mixed $payload Payload.
  */
 public function __construct($message, $payload = null)
 {
     $this->messages = (array) $message;
     $this->payload = $payload;
     if ($this->newCsrfToken) {
         $this->authid = SecurityUtil::generateAuthKey(ModUtil::getName());
         $this->csrfToken = SecurityUtil::generateCsrfToken();
     }
 }
开发者ID:projectesIF,项目名称:Sirius,代码行数:15,代码来源:Error.php

示例2: __construct

 /**
  * Constructor.
  *
  * @param mixed $message Response status/error message, may be string or array.
  * @param mixed $payload Payload.
  */
 public function __construct($message, $payload = null)
 {
     $this->messages = (array) $message;
     $this->payload = $payload;
     if ($this->newCsrfToken) {
         $this->csrfToken = \SecurityUtil::generateCsrfToken();
     }
     parent::__construct('', $this->statusCode);
 }
开发者ID:rmaiwald,项目名称:core,代码行数:15,代码来源:AbstractErrorResponse.php

示例3: __construct

 /**
  * Constructor.
  *
  * @param mixed $payload Application data.
  * @param mixed $message Response status/error message, may be string or array.
  * @param array $options Options.
  */
 public function __construct($payload, $message = null, array $options = array())
 {
     $this->payload = $payload;
     $this->messages = (array) $message;
     $this->options = $options;
     if ($this->newCsrfToken) {
         if (System::isLegacyMode()) {
             $this->authid = SecurityUtil::generateAuthKey(ModUtil::getName());
         }
         $this->csrfToken = SecurityUtil::generateCsrfToken();
     }
 }
开发者ID:projectesIF,项目名称:Sirius,代码行数:19,代码来源:Ajax.php

示例4: __construct

 /**
  * Constructor.
  *
  * @param mixed $payload Application data.
  * @param mixed $message Response status/error message, may be string or array.
  * @param array $options Options.
  */
 public function __construct($payload, $message = null, array $options = array())
 {
     $this->payload = $payload;
     $this->messages = (array) $message;
     $this->options = $options;
     if ($this->newCsrfToken) {
         $this->csrfToken = \SecurityUtil::generateCsrfToken();
     }
     if (\System::isLegacyMode()) {
         $this->authid = \SecurityUtil::generateAuthKey(\ModUtil::getName());
     }
     parent::__construct('', $this->statusCode);
 }
开发者ID:Silwereth,项目名称:core,代码行数:20,代码来源:AjaxResponse.php

示例5: main

    /**
     * Show the manage module site
     * @author: Sara Arjona Téllez (sarjona@xtec.cat)
     * @return	The configuration information
     */
    public function main() {
        // Security check
        if (!SecurityUtil::checkPermission('IWqv::', "::", ACCESS_ADMIN)) {
            throw new Zikula_Exception_Forbidden();
        }

        // Get module vars	
        $skins = ModUtil::getVar('IWqv', 'skins');
        $langs = ModUtil::getVar('IWqv', 'langs');
        $maxdelivers = ModUtil::getVar('IWqv', 'maxdelivers');
        $basedisturl = ModUtil::getVar('IWqv', 'basedisturl');

        return $this->view->assign('security', SecurityUtil::generateCsrfToken())
                        ->assign('skins', $skins)
                        ->assign('langs', $langs)
                        ->assign('maxdelivers', $maxdelivers)
                        ->assign('basedisturl', $basedisturl)
                        ->fetch('IWqv_admin_conf.htm');
    }
开发者ID:projectesIF,项目名称:Sirius,代码行数:24,代码来源:Admin.php

示例6: smarty_function_userlogin

/**
 * Zikula_View function to display the login box
 *
 * Example
 * {userlogin size=14 maxlength=25 maxlengthpass=20}
 *
 * Parameters:
 *  size           Size of text boxes (default=14)
 *  maxlength      Maximum length of text box for unamees (default=25)
 *  maxlengthpass  Maximum length of text box for password (default=20)
 *  class          Name of class  assigned to the login form
 *  value          The default value of the username input box
 *  js             Use javascript to automatically clear the default value (defaults to true)
 *
 * @param array       $params All attributes passed to this function from the template.
 * @param Zikula_View $view   Reference to the Zikula_View object.
 *
 * @see    function.userlogin.php::smarty_function_userlogin()
 *
 * @return string The welcome message.
 */
function smarty_function_userlogin($params, Zikula_View $view)
{
    $assign = isset($params['assign']) ? $params['assign'] : false;
    if (!UserUtil::isLoggedIn()) {
        // set some defaults
        $size = isset($params['size']) ? $params['size'] : 14;
        $maxlength = isset($params['maxlength']) ? $params['maxlength'] : 25;
        $maxlengthpass = isset($params['maxlenthpass']) ? $params['maxlenthpass'] : 20;
        $class = isset($params['class']) ? ' class="' . $params['class'] . '"' : '';
        if (ModUtil::getVar(Users_Constant::MODNAME, Users_Constant::MODVAR_LOGIN_METHOD, Users_Constant::LOGIN_METHOD_UNAME) == Users_Constant::LOGIN_METHOD_EMAIL) {
            $value = isset($params['value']) ? DataUtil::formatForDisplay($params['value']) : __('E-mail address');
            $userNameLabel = __('E-mail address');
            $methodName = 'email';
        } else {
            $value = isset($params['value']) ? DataUtil::formatForDisplay($params['value']) : __('User name');
            $userNameLabel = __('User name');
            $methodName = 'uname';
        }
        if (!isset($params['js']) || $params['js']) {
            $js = ' onblur="if (this.value==\'\')this.value=\'' . $value . '\';" onfocus="if (this.value==\'' . $value . '\')this.value=\'\';"';
        } else {
            $js = '';
        }
        // determine the current url so we can return the user to the correct place after login
        $returnurl = System::getCurrentUri();
        $csrftoken = SecurityUtil::generateCsrfToken();
        $loginbox = '<form' . $class . ' style="display:inline" action="' . DataUtil::formatForDisplay(ModUtil::url('Users', 'user', 'login')) . '" method="post"><div>' . "\n" . '<input type="hidden" name="csrftoken" value="' . $csrftoken . '" />' . "\n" . '<input type="hidden" name="authentication_method[modname]" value="Users" />' . "\n" . '<input type="hidden" name="authentication_method[method]" value="' . $methodName . '" />' . "\n" . '<label for="userlogin_plugin_uname">' . $userNameLabel . '</label>&nbsp;' . "\n" . '<input type="text" name="authentication_info[login_id]" id="userlogin_plugin_uname" size="' . $size . '" maxlength="' . $maxlength . '" value="' . $value . '"' . $js . ' />' . "\n" . '<label for="userlogin_plugin_pass">' . __('Password') . '</label>&nbsp;' . "\n" . '<input type="password" name="authentication_info[pass]" id="userlogin_plugin_pass" size="' . $size . '" maxlength="' . $maxlengthpass . '" />' . "\n";
        if (System::getVar('seclevel') != 'high') {
            $loginbox .= '<input type="checkbox" value="1" name="rememberme" id="userlogin_plugin_rememberme" />' . "\n" . '<label for="userlogin_plugin_rememberme">' . __('Remember me') . '</label>&nbsp;' . "\n";
        }
        $loginbox .= '<input type="hidden" name="returnurl" value="' . DataUtil::formatForDisplay($returnurl) . '" />' . "\n" . '<input type="submit" value="' . __('Log in') . '" />' . "\n" . '</div></form>' . "\n";
    } else {
        $loginbox = '';
    }
    if ($assign) {
        $view->assign($assign, $loginbox);
    } else {
        return $loginbox;
    }
}
开发者ID:projectesIF,项目名称:Sirius,代码行数:61,代码来源:function.userlogin.php

示例7: smarty_insert_csrftoken

/**
 * Insert a CSRF protection nonce.
 *
 * Available parameters:
 *   - assign: Assign rather the output.
 *
 * Example:
 * <input type="hidden" name="csrftoken" value="{insert name='csrftoken'}" />
 *
 * @param array       $params All attributes passed to this function from the template.
 * @param Zikula_View $view   Reference to the Zikula_View object.
 *
 * @return string
 */
function smarty_insert_csrftoken($params, $view)
{
    // NOTE: assign parameter is handled by the smarty_core_run_insert_handler(...) function in lib/vendor/Smarty/internals/core.run_insert_handler.php
    return SecurityUtil::generateCsrfToken($view->getContainer());
}
开发者ID:Silwereth,项目名称:core,代码行数:19,代码来源:insert.csrftoken.php

示例8: loginUsing

 /**
  * Authenticate a user's credentials against an authentication module, logging him into the Zikula system.
  *
  * If the user is already logged in, then this function should behave as if {@link authenticateUserUsing()} was called.
  *
  * This function is used to check that a user is who he says he is, and that he has a valid user account with the
  * Zikula system. If so, the user is logged in to the Zikula system (if he is not already logged in). This function
  * should be used only to log a user into the Zikula system.
  *
  * This function differs from {@link checkPasswordUsing()} in that it attempts to look up a Zikula account
  * record for the user, and takes the user's account status into account when returning a value. Additionally,
  * the user is logged into the Zikula system if his credentials are verified with the authentication module specified.
  *
  * This function differs from {@link authenticateUserUsing()} in that it attempts to log the user into the Zikula system,
  * if he is not already logged in. If he is already logged in, then it should behave similarly to authenticateUserUsing().
  *
  * ATTENTION: The authentication module function(s) called during this process may redirect the user to an external server
  * to perform authorization and/or authentication. The function calling loginUsing must already have anticipated
  * the reentrant nature of this process, must already have saved pertinent user state, must have supplied a
  * reentrant URL pointing to a function that will handle reentry into the login process silently, and must clear
  * any save user state immediately following the return of this function.
  *
  * @param array   $authenticationMethod Auth module name.
  * @param array   $authenticationInfo   Auth info array.
  * @param boolean $rememberMe           Whether or not to remember login.
  * @param string  $reentrantURL         If the authentication module needs to redirect to an external authentication server (e.g., OpenID), then
  *                                          this is the URL to return to in order to re-enter the log-in process. The pertinent user
  *                                          state must have already been saved by the function calling loginUsing(), and the URL must
  *                                          point to a Zikula_AbstractController function that is equipped to detect reentry, restore the
  *                                          saved user state, and get the user back to the point where loginUsing is re-executed. This
  *                                          is only optional if the authentication module identified by $authenticationMethod reports that it is not
  *                                          reentrant (e.g., Users is guaranteed to not be reentrant), or if $checkPassword is false.
  * @param boolean $checkPassword        Whether or not to check the password.
  * @param boolean $preauthenticatedUser Whether ot not is a preauthenticated user.
  *
  * @return array|bool The user account record of the user that has logged in successfully, otherwise false
  */
 public static function loginUsing(array $authenticationMethod, array $authenticationInfo, $rememberMe = false, $reentrantURL = null, $checkPassword = true, $preauthenticatedUser = null)
 {
     $userObj = false;
     if (self::preAuthenticationValidation($authenticationMethod, $authenticationInfo, $reentrantURL)) {
         // Authenticate the loginID and userEnteredPassword against the specified authentication module.
         // This should return the uid of the user logging in. Note that there are two routes here, both get a uid.
         // We do the authentication check first, before checking any account status information, because if the
         // person logging in cannot supply the proper credentials, then we should not show any detailed account status
         // to them. Instead they should just get the generic "no such user found or bad password" message.
         if ($checkPassword) {
             $authenticatedUid = self::internalAuthenticateUserUsing($authenticationMethod, $authenticationInfo, $reentrantURL, true);
         } elseif (isset($preauthenticatedUser)) {
             if (is_numeric($preauthenticatedUser)) {
                 $authenticatedUid = $preauthenticatedUser;
             } elseif (is_array($preauthenticatedUser)) {
                 $authenticatedUid = $preauthenticatedUser['uid'];
                 $userObj = $preauthenticatedUser;
             } else {
                 throw new Zikula_Exception_Fatal();
             }
         } else {
             $authArgs = array('authentication_info' => $authenticationInfo, 'authentication_method' => $authenticationMethod);
             $authenticatedUid = ModUtil::apiFunc($authenticationMethod['modname'], 'Authentication', 'getUidForAuththenticationInfo', $authArgs, 'Zikula_Api_AbstractAuthentication');
         }
         $session = ServiceUtil::get('request')->getSession();
         $userObj = self::internalUserAccountValidation($authenticatedUid, true, isset($userObj) ? $userObj : null);
         if ($userObj && is_array($userObj)) {
             // BEGIN ACTUAL LOGIN
             // Made it through all the checks. We can actually log in now.
             // Give any interested module one last chance to prevent the login from happening.
             $eventArgs = array('authentication_method' => $authenticationMethod, 'uid' => $userObj['uid']);
             $event = new GenericEvent($userObj, $eventArgs);
             $event = EventUtil::dispatch('user.login.veto', $event);
             if ($event->isPropagationStopped()) {
                 // The login attempt has been vetoed by one or more modules.
                 $eventData = $event->getData();
                 if (isset($eventData['retry']) && $eventData['retry']) {
                     $sessionVarName = 'Users_Controller_User_login';
                     $sessionNamespace = 'Zikula_Users';
                     $redirectURL = ModUtil::url('Users', 'user', 'login', array('csrftoken' => SecurityUtil::generateCsrfToken()));
                 } elseif (isset($eventData['redirect_func'])) {
                     if (isset($eventData['redirect_func']['session'])) {
                         $sessionVarName = $eventData['redirect_func']['session']['var'];
                         $sessionNamespace = isset($eventData['redirect_func']['session']['namespace']) ? $eventData['redirect_func']['session']['namespace'] : '';
                     }
                     $redirectURL = ModUtil::url($eventData['redirect_func']['modname'], $eventData['redirect_func']['type'], $eventData['redirect_func']['func'], $eventData['redirect_func']['args']);
                 }
                 if (isset($redirectURL)) {
                     if (isset($sessionVarName)) {
                         SessionUtil::requireSession();
                         $sessionVars = $session->get('users/Users_User_Controller_login', array());
                         $sessionVars = array('returnpage' => isset($sessionVars['returnpage']) ? $sessionVars['returnpage'] : '', 'authentication_info' => $authenticationInfo, 'authentication_method' => $authenticationMethod, 'rememberme' => $rememberMe, 'user_obj' => $userObj);
                         $session->set("{$sessionNamespace}/{$sessionVarName}", $sessionVars);
                     }
                     $userObj = false;
                     throw new Zikula_Exception_Redirect($redirectURL);
                 } else {
                     throw new Zikula_Exception_Forbidden();
                 }
             } else {
                 // The login has not been vetoed
                 // This is what really does the Zikula login
                 self::setUserByUid($userObj['uid'], $rememberMe, $authenticationMethod);
//.........这里部分代码省略.........
开发者ID:rtznprmpftl,项目名称:Zikulacore,代码行数:101,代码来源:UserUtil.php

示例9: modifyconfig

    /**
     * Modify Theme settings.
     */
    public function modifyconfig()
    {
        // Security check
        if (!SecurityUtil::checkPermission('Theme::', '::', ACCESS_EDIT)) {
            return LogUtil::registerPermissionError();
        }

        // assign a list of modules suitable for html_options
        $usermods = ModUtil::getUserMods();
        $mods = array();
        foreach ($usermods as $usermod) {
            $mods[$usermod['name']] = $usermod['displayname'];
        }

        // register the renderer object allow access to various view values
        $this->view->register_object('render', $this->view);

        // check for a .htaccess file
        if (file_exists('.htaccess')) {
            $this->view->assign('htaccess', 1);
        } else {
            $this->view->assign('htaccess', 0);
        }

        // assign the output variables and fetch the template
        return $this->view->assign('mods', $mods)
                          // assign all module vars
                          ->assign($this->getVars())
                          // assign an csrftoken for the clear cache/compile links
                          ->assign('csrftoken', SecurityUtil::generateCsrfToken($this->serviceManager, true))
                          // assign the core config var
                          ->assign('theme_change', System::getVar('theme_change'))
                          // extracted list of non-cached mods
                          ->assign('modulesnocache', array_flip(explode(',', $this->getVar('modulesnocache'))))
                          ->fetch('theme_admin_modifyconfig.tpl');
    }
开发者ID:projectesIF,项目名称:Sirius,代码行数:39,代码来源:Admin.php

示例10: view

 /**
  * View all blocks.
  *
  * @return string HTML output string.
  */
 public function view()
 {
     // Security check
     if (!SecurityUtil::checkPermission('Blocks::', '::', ACCESS_EDIT)) {
         return LogUtil::registerPermissionError();
     }
     $sfilter = SessionUtil::getVar('filter', array(), '/Blocks');
     $filter = FormUtil::getPassedValue('filter', $sfilter);
     $clear = FormUtil::getPassedValue('clear', 0);
     if ($clear) {
         $filter = array();
         SessionUtil::setVar('filter', $filter, '/Blocks');
     }
     // sort and sortdir GET parameters override filter values
     $sort = isset($filter['sort']) && !empty($filter['sort']) ? strtolower($filter['sort']) : 'bid';
     $sortdir = isset($filter['sortdir']) && !empty($filter['sortdir']) ? strtoupper($filter['sortdir']) : 'ASC';
     $filter['sort'] = FormUtil::getPassedValue('sort', $sort, 'GET');
     $filter['sortdir'] = FormUtil::getPassedValue('sortdir', $sortdir, 'GET');
     if ($filter['sortdir'] != 'ASC' && $filter['sortdir'] != 'DESC') {
         $filter['sortdir'] = 'ASC';
     }
     $filter['blockposition_id'] = isset($filter['blockposition_id']) ? $filter['blockposition_id'] : 0;
     $filter['modid'] = isset($filter['modid']) ? $filter['modid'] : 0;
     $filter['language'] = isset($filter['language']) ? $filter['language'] : '';
     $filter['active_status'] = isset($filter['active_status']) ? $filter['active_status'] : 0;
     // generate an authorisation key for the links
     $token = SecurityUtil::generateCsrfToken($this->serviceManager, true);
     // set some default variables
     $rownum = 1;
     $lastpos = '';
     // Get all blocks
     $blocks = ModUtil::apiFunc('Blocks', 'user', 'getall', $filter);
     // we can easily count the number of blocks using count() rather than
     // calling the api function
     $numrows = count($blocks);
     // create an empty arrow to hold the processed items
     $blockitems = array();
     // get all possible block positions
     $blockspositions = ModUtil::apiFunc('Blocks', 'user', 'getallpositions');
     // build assoc array for easier usage later on
     foreach ($blockspositions as $blocksposition) {
         $allbposarray[$blocksposition['pid']] = $blocksposition['name'];
     }
     // loop round each item calculating the additional information
     $blocksitems = array();
     foreach ($blocks as $key => $block) {
         // set the module that holds the block
         $modinfo = ModUtil::getInfo($block['mid']);
         $block['modname'] = $modinfo['displayname'];
         // set the blocks language
         if (empty($block['language'])) {
             $block['language'] = $this->__('All');
         } else {
             $block['language'] = ZLanguage::getLanguageName($block['language']);
         }
         $thisblockspositions = ModUtil::apiFunc('Blocks', 'user', 'getallblockspositions', array('bid' => $block['bid']));
         $bposarray = array();
         foreach ($thisblockspositions as $singleblockposition) {
             $bposarray[] = $allbposarray[$singleblockposition['pid']];
         }
         $block['positions'] = implode(', ', $bposarray);
         unset($bposarray);
         // calculate what options the user has over this block
         $block['options'] = array();
         if ($block['active']) {
             $block['options'][] = array('url' => ModUtil::url('Blocks', 'admin', 'deactivate', array('bid' => $block['bid'], 'csrftoken' => $token)), 'image' => 'folder_grey.png', 'title' => $this->__f('Deactivate \'%s\'', $block['title']), 'noscript' => true);
         } else {
             $block['options'][] = array('url' => ModUtil::url('Blocks', 'admin', 'activate', array('bid' => $block['bid'], 'csrftoken' => $token)), 'image' => 'folder_green.png', 'title' => $this->__f('Activate \'%s\'', $block['title']), 'noscript' => true);
         }
         $block['options'][] = array('url' => ModUtil::url('Blocks', 'admin', 'modify', array('bid' => $block['bid'])), 'image' => 'xedit.png', 'title' => $this->__f('Edit \'%s\'', $block['title']), 'noscript' => false);
         $block['options'][] = array('url' => ModUtil::url('Blocks', 'admin', 'delete', array('bid' => $block['bid'])), 'image' => '14_layer_deletelayer.png', 'title' => $this->__f('Delete \'%s\'', $block['title']), 'noscript' => false);
         $blocksitems[] = $block;
     }
     $this->view->assign('blocks', $blocksitems);
     // get the block positions
     $items = ModUtil::apiFunc('Blocks', 'user', 'getallpositions');
     // Loop through each returned item adding in the options that the user has over the item
     foreach ($items as $key => $item) {
         if (SecurityUtil::checkPermission('Blocks::', "{$item['name']}::", ACCESS_READ)) {
             $options = array();
             if (SecurityUtil::checkPermission('Blocks::', "{$item['name']}::\$", ACCESS_EDIT)) {
                 $options[] = array('url' => ModUtil::url('Blocks', 'admin', 'modifyposition', array('pid' => $item['pid'])), 'image' => 'xedit.png', 'title' => $this->__f('Edit blockposition \'%s\'', $item['name']));
                 if (SecurityUtil::checkPermission('Blocks::', "{$item['name']}::", ACCESS_DELETE)) {
                     $options[] = array('url' => ModUtil::url('Blocks', 'admin', 'deleteposition', array('pid' => $item['pid'])), 'image' => '14_layer_deletelayer.png', 'title' => $this->__f('Delete blockposition \'%s\'', $item['name']));
                 }
             }
             // Add the calculated menu options to the item array
             $items[$key]['options'] = $options;
         }
     }
     // Assign the items to the template
     ksort($items);
     $this->view->assign('positions', $items);
     $this->view->assign('filter', $filter)->assign('sort', $filter['sort'])->assign('sortdir', $filter['sortdir']);
     // Return the output that has been generated by this function
//.........这里部分代码省略.........
开发者ID:,项目名称:,代码行数:101,代码来源:

示例11: view

    /**
     * view permissions
     * @return string HTML string
     */
    public function view()
    {
        // Security check
        if (!SecurityUtil::checkPermission('Permissions::', '::', ACCESS_ADMIN)) {
            return LogUtil::registerPermissionError();
        }

        // Get parameters from whatever input we need.
        $permgrp = FormUtil::getPassedValue('permgrp', -1, 'REQUEST');
        $testuser = FormUtil::getPassedValue('test_user', null, 'POST');
        $testcomponent = FormUtil::getPassedValue('test_component', null, 'POST');
        $testinstance = FormUtil::getPassedValue('test_instance', null, 'POST');
        $testlevel = FormUtil::getPassedValue('test_level', null, 'POST');

        $testresult = '';
        if (!empty($testuser) &&
                !empty($testcomponent) &&
                !empty($testinstance)
        ) {
            // we have everything we need for an effective permission check
            $testuid = UserUtil::getIdFromName($testuser);
            if ($testuid <> false) {
                if (SecurityUtil::checkPermission($testcomponent, $testinstance, $testlevel, $testuid)) {
                    $testresult = '<span id="permissiontestinfogreen">' . $this->__('permission granted.') . '</span>';
                } else {
                    $testresult = '<span id="permissiontestinfored">' . $this->__('permission not granted.') . '</span>';
                }
            } else {
                $testresult = '<span id="permissiontestinfored">' . $this->__('unknown user.') . '</span>';
            }
        }

        $this->view->assign('testuser', $testuser)
                ->assign('testcomponent', $testcomponent)
                ->assign('testinstance', $testinstance)
                ->assign('testlevel', $testlevel)
                ->assign('testresult', $testresult);

        // decide the default view
        $enableFilter = $this->getVar('filter', 1);
        $rowview = $this->getVar('rowview', 25);

        // Work out which tables to operate against, and
        // various other bits and pieces
        $dbtable = DBUtil::getTables();
        $permcolumn = $dbtable['group_perms_column'];
        $ids = $this->getGroupsInfo();

        $where = '';
        if ($enableFilter == 1) {
            $permgrpparts = explode('+', $permgrp);
            if ($permgrpparts[0] == 'g') {
                if (is_array($permgrpparts) && $permgrpparts[1] != SecurityUtil::PERMS_ALL) {
                    $where = "WHERE (" . $permcolumn['gid'] . "='" . SecurityUtil::PERMS_ALL . "' OR " . $permcolumn['gid'] . "='" . DataUtil::formatForStore($permgrpparts[1]) . "')";
                    $permgrp = $permgrpparts[1];
                    $this->view->assign('filtertype', 'group');
                } else {
                    $permgrp = SecurityUtil::PERMS_ALL;
                    $where = '';
                }
            } elseif ($permgrpparts[0] == 'c') {
                if (is_array($permgrpparts) && $permgrpparts[1] != SecurityUtil::PERMS_ALL) {
                    $where = "WHERE (" . $permcolumn['component'] . "='.*' OR " . $permcolumn['component'] . " LIKE '" . DataUtil::formatForStore($permgrpparts[1]) . "%')";
                    $permgrp = $permgrpparts[1];
                    $this->view->assign('filtertype', 'component');
                } else {
                    $permgrp = SecurityUtil::PERMS_ALL;
                    $where = '';
                }
            } else {
                $this->view->assign('filtertype', '');
            }
            $this->view->assign('permgrps', $ids);
            $this->view->assign('permgrp', $permgrp);
            $this->view->assign('enablefilter', true);
        } else {
            $this->view->assign('enablefilter', false);
            $this->view->assign('filtertype', '');
            $this->view->assign('permgrp', SecurityUtil::PERMS_ALL);
        }

        $accesslevels = SecurityUtil::accesslevelnames();

        $orderBy = "ORDER BY $permcolumn[sequence]";
        $objArray = DBUtil::selectObjectArray('group_perms', $where, $orderBy, -1, -1, false);
        $numrows = DBUtil::_getFetchedObjectCount();

        $permissions = array();
        $components = array(-1 => $this->__('All components'));
        if ($numrows > 0) {
            $csrftoken = SecurityUtil::generateCsrfToken($this->serviceManager, true);
            $rownum = 1;
            $ak = array_keys($objArray);
            foreach ($ak as $v) {
                $obj = $objArray[$v];
                $id = $obj['gid'];
//.........这里部分代码省略.........
开发者ID:projectesIF,项目名称:Sirius,代码行数:101,代码来源:Admin.php

示例12: viewPlugins

    /**
     * Lists all plugins.
     * @return string HTML output string
     */
    public function viewPlugins()
    {
        // Security check
        if (!SecurityUtil::checkPermission('Extensions::', '::', ACCESS_ADMIN)) {
            return LogUtil::registerPermissionError();
        }

        $state = FormUtil::getPassedValue('state', -1, 'GETPOST');
        $sort = FormUtil::getPassedValue('sort', null, 'GETPOST');
        $module = FormUtil::getPassedValue('bymodule', null, 'GETPOST');
        $systemplugins = FormUtil::getPassedValue('systemplugins', false, 'GETPOST')? true : null;

        $this->view->assign('state', $state);

        // generate an auth key to use in urls
        $csrfToken = SecurityUtil::generateCsrfToken($this->serviceManager, true);
        $plugins = array();
        $pluginClasses = ($systemplugins) ? PluginUtil::loadAllSystemPlugins() : PluginUtil::loadAllModulePlugins();

        foreach ($pluginClasses as $className) {
            $instance = PluginUtil::loadPlugin($className);
            $pluginstate = PluginUtil::getState($instance->getServiceId(), PluginUtil::getDefaultState());

            // Tweak UI if the plugin is AlwaysOn
            if ($instance instanceof Zikula_Plugin_AlwaysOnInterface) {
                $pluginstate['state'] = PluginUtil::ENABLED;
                $pluginstate['version'] = $instance->getMetaVersion();
            }

            // state filer
            if ($state >= 0 && $pluginstate['state'] != $state) {
                continue;
            }

            // module filter
            if (!empty($module) && $instance->getModuleName() != $module) {
                continue;
            }

            $actions = array();
            // Translate state
            switch ($pluginstate['state']) {
                case PluginUtil::NOTINSTALLED:
                    $status = $this->__('Not installed');
                    $statusimage = 'redled.png';

                    $actions[] = array('url' => ModUtil::url('Extensions', 'admin', 'initialisePlugin',
                                                    array('plugin' => $className,
                                                          'state'  => $state,
                                                          'bymodule' => $module,
                                                          'sort'   => $sort,
                                                          'systemplugins' => $systemplugins,
                                                          'csrftoken' => $csrfToken)
                                                ),
                                       'image' => 'folder_new.png',
                                       'title' => $this->__('Install'));
                    break;
                case PluginUtil::ENABLED:
                    $status = $this->__('Active');
                    $statusimage = 'greenled.png';
                    $pluginLink = array();
                    if (!$systemplugins) {
                        $pluginLink['_module'] = $instance->getModuleName();
                    }
                    $pluginLink['_plugin'] = $instance->getPluginName();
                    $pluginLink['_action'] = 'configure';

                    if ($instance instanceof Zikula_Plugin_ConfigurableInterface) {
                        $actions[] = array('url' => ModUtil::url('Extensions', 'adminplugin', 'dispatch', $pluginLink),
                                           'image' => 'configure.png',
                                           'title' => $this->__('Configure plugin'));
                    }

                    // Dont allow to disable/uninstall plugins that are AlwaysOn
                    if (!$instance instanceof Zikula_Plugin_AlwaysOnInterface) {
                        $actions[] = array('url' => ModUtil::url('Extensions', 'admin', 'deactivatePlugin',
                                                    array('plugin' => $className,
                                                          'state'  => $state,
                                                          'bymodule' => $module,
                                                          'sort'   => $sort,
                                                          'systemplugins' => $systemplugins,
                                                          'csrftoken' => $csrfToken)
                                                ),
                                       'image' => 'folder_red.png',
                                       'title' => $this->__('Deactivate'));

                        $actions[] = array('url' => ModUtil::url('Extensions', 'admin', 'removePlugin',
                                                    array('plugin' => $className,
                                                          'state'  => $state,
                                                          'bymodule' => $module,
                                                          'sort'   => $sort,
                                                          'systemplugins' => $systemplugins,
                                                          'csrftoken' => $csrfToken)
                                                ),
                                       'image' => '14_layer_deletelayer.png',
                                       'title' => $this->__('Remove plugin'));
//.........这里部分代码省略.........
开发者ID:projectesIF,项目名称:Sirius,代码行数:101,代码来源:Admin.php

示例13: getCsrfTokenHtml

 /**
  * CSRF protection
  *
  * @return string HTML input field.
  */
 public function getCsrfTokenHtml()
 {
     $key = SecurityUtil::generateCsrfToken($this->serviceManager);
     $html = "<input type=\"hidden\" name=\"csrftoken\" value=\"{$key}\" id=\"FormCsrfToken_{$this->formId}\" />";
     return $html;
 }
开发者ID:Silwereth,项目名称:core,代码行数:11,代码来源:View.php

示例14: smarty_function_bt_adminlinks


//.........这里部分代码省略.........

        /* Common Utils */
        $linkoptions = array(
                           array(null, __("Edit default theme", $dom), ModUtil::url('Theme', 'admin', 'modify', array('themename' => $theme)))
                       );

        // File handling
        if (ModUtil::available('Files')) {
            $linkoptions[] = array(null, __('File manager', $dom), ModUtil::url('Files', 'admin', 'main'));
        }

        // WYSIWYG handling
        if (ModUtil::available('Scribite') || ModUtil::available('LuMicuLa')) {
            $subopt = array();
            if (ModUtil::available('Scribite')) {
                $subopt[] = array(null, 'Scribite', ModUtil::url('Scribite', 'admin', 'main'));
            }
            if (ModUtil::available('LuMicuLa')) {
                $subopt[] = array(null, 'LuMicuLa', ModUtil::url('LuMicuLa', 'admin', 'main'));
            }
        }
        if (isset($subopt)) {
            $linkoptions[] = array(null, __('WYSIWYG editors', $dom), '#', $subopt);
        }
        // Thumbnails handling
        if (ModUtil::available('Thumbnail')) {
            $linkoptions[] = array(null, __('Thumbnails', $dom), ModUtil::url('Thumbnail', 'admin', 'main'));
        }

        $menu[] = array('utils', __('Utils', $dom), '#', $linkoptions);


        /* Common Routines links */
        $token = SecurityUtil::generateCsrfToken(null, true);
        $linkoptions = array(
                           array(null, __('Template engine', $dom), ModUtil::url('Theme', 'admin', 'modifyconfig', array(), null, 'render_compile_dir'),
                               array(
                                   array(null, __('Delete compiled render templates', $dom), ModUtil::url('Theme', 'admin', 'render_clear_compiled', array('csrftoken' => $token))),
                                   array(null, __('Delete cached render templates', $dom),   ModUtil::url('Theme', 'admin', 'render_clear_cache', array('csrftoken' => $token)))
                               )
                           ),
                           array(null, __('Theme engine', $dom), ModUtil::url('Theme', 'admin', 'modifyconfig'),
                                array(
                                   array(null, __('Delete compiled theme templates', $dom), ModUtil::url('Theme', 'admin', 'clear_compiled', array('csrftoken' => $token))),
                                   array(null, __('Delete cached theme templates', $dom),   ModUtil::url('Theme', 'admin', 'clear_cache', array('csrftoken' => $token)))
                               )
                           ),
                           array(null, __('Clear combination cache', $dom), ModUtil::url('Theme', 'admin', 'clear_cssjscombinecache', array('csrftoken' => $token))),
                           array(null, __('Delete theme configurations', $dom), ModUtil::url('Theme', 'admin', 'clear_config', array('csrftoken' => $token)))
                       );

        if (ModUtil::available('SysInfo')) {
            $linkoptions[] = array(null, __('Filesystem check', $dom),       ModUtil::url('SysInfo', 'admin', 'filesystem'));
            $linkoptions[] = array(null, __('Temporary folder check', $dom), ModUtil::url('SysInfo', 'admin', 'ztemp'));
        }

        $menu[] = array('routines', __('Routines', $dom), '#', $linkoptions);
    }
    /* Permission Admin:: | :: | ACCESS_EDIT ends here */

    /* Create content menu */
    $linkoptions = array();

    // Content Modules
    if (ModUtil::available('Clip') && SecurityUtil::checkPermission('Clip::', '::', ACCESS_EDIT)) {
        $suboptions = array(
开发者ID:projectesIF,项目名称:Sirius,代码行数:67,代码来源:function.bt_adminlinks.php

示例15: generateCsrfToken

 /**
  * {@inheritdoc}
  */
 public function generateCsrfToken($intention)
 {
     return \SecurityUtil::generateCsrfToken();
 }
开发者ID:rmaiwald,项目名称:core,代码行数:7,代码来源:ZikulaCsrfProvider.php


注:本文中的SecurityUtil::generateCsrfToken方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。