当前位置: 首页>>代码示例>>PHP>>正文


PHP cmsForm::validateCSRFToken方法代码示例

本文整理汇总了PHP中cmsForm::validateCSRFToken方法的典型用法代码示例。如果您正苦于以下问题:PHP cmsForm::validateCSRFToken方法的具体用法?PHP cmsForm::validateCSRFToken怎么用?PHP cmsForm::validateCSRFToken使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在cmsForm的用法示例。


在下文中一共展示了cmsForm::validateCSRFToken方法的10个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: run

 public function run($group)
 {
     if (!cmsUser::isAllowed('groups', 'delete')) {
         cmsCore::error404();
     }
     if (!cmsUser::isAllowed('groups', 'delete', 'all') && $group['owner_id'] != $this->cms_user->id) {
         cmsCore::error404();
     }
     if ($this->request->has('submit')) {
         // подтвержение получено
         $csrf_token = $this->request->get('csrf_token', '');
         $is_delete_content = $this->request->get('is_delete_content', 0);
         if (!cmsForm::validateCSRFToken($csrf_token)) {
             cmsCore::error404();
         }
         list($group, $is_delete_content) = cmsEventsManager::hook('group_before_delete', array($group, $is_delete_content));
         $this->model->removeContentFromGroup($group['id'], $is_delete_content);
         $this->model->deleteGroup($group);
         cmsUser::addSessionMessage(sprintf(LANG_GROUPS_DELETED, $group['title']));
         $this->redirectToAction('');
     } else {
         // спрашиваем подтверждение
         return $this->cms_template->render('group_delete', array('user' => $this->cms_user, 'group' => $group));
     }
 }
开发者ID:Val-Git,项目名称:icms2,代码行数:25,代码来源:group_delete.php

示例2: run

 public function run()
 {
     $template = cmsTemplate::getInstance();
     $config = cmsConfig::getInstance();
     $user = cmsUser::getInstance();
     $contact_id = $this->request->get('contact_id') or cmsCore::error404();
     $content = $this->request->get('content') or cmsCore::error404();
     $csrf_token = $this->request->get('csrf_token');
     // Проверяем валидность
     $is_valid = is_numeric($contact_id) && cmsForm::validateCSRFToken($csrf_token, false);
     if (!$is_valid) {
         $result = array('error' => true, 'message' => '');
         $template->renderJSON($result);
     }
     $contact = $this->model->getContact($user->id, $contact_id);
     // Контакт существует?
     if (!$contact) {
         $result = array('error' => true, 'message' => '');
         $template->renderJSON($result);
     }
     // Контакт не в игноре у отправителя?
     if ($contact['is_ignored']) {
         $result = array('error' => true, 'message' => LANG_PM_CONTACT_IS_IGNORED);
         $template->renderJSON($result);
     }
     // Отправитель не в игноре у контакта?
     if ($this->model->isContactIgnored($contact_id, $user->id)) {
         $result = array('error' => true, 'message' => LANG_PM_YOU_ARE_IGNORED);
         $template->renderJSON($result);
     }
     // Контакт принимает сообщения от этого пользователя?
     if (!$user->isPrivacyAllowed($contact, 'messages_pm')) {
         $result = array('error' => true, 'message' => LANG_PM_CONTACT_IS_PRIVATE);
         $template->renderJSON($result);
     }
     //
     // Отправляем сообщение
     //
     $content_html = cmsEventsManager::hook('html_filter', $content);
     if (!$content_html) {
         $template->renderJSON(array('error' => false, 'date' => false, 'message' => false));
     }
     $this->setSender($user->id);
     $this->addRecipient($contact_id);
     $message_id = $this->sendMessage($content_html);
     //
     // Отправляем уведомление на почту
     //
     $user_to = cmsCore::getModel('users')->getUser($contact_id);
     if (!$user_to['is_online']) {
         $this->sendNoticeEmail('messages_new');
     }
     //
     // Получаем и рендерим добавленное сообщение
     //
     $message = $this->model->getMessage($message_id);
     $message_html = $template->render('message', array('messages' => array($message), 'user' => $user), new cmsRequest(array(), cmsRequest::CTX_INTERNAL));
     // Результат
     $template->renderJSON(array('error' => false, 'date' => date($config->date_format, time()), 'message' => $message_html));
 }
开发者ID:asphix,项目名称:icms2,代码行数:60,代码来源:send.php

示例3: run

 public function run($friend_id)
 {
     if (!cmsUser::isLogged()) {
         cmsCore::error404();
     }
     $user = cmsUser::getInstance();
     if (!$friend_id) {
         cmsCore::error404();
     }
     if ($user->isFriend($friend_id)) {
         return false;
     }
     $friend = $this->model->getUser($friend_id);
     if (!$friend) {
         cmsCore::error404();
     }
     //
     // Запрос по ссылке из профиля
     //
     if ($this->request->isStandard()) {
         //
         // Если запрос от друга уже существует
         //
         if ($this->model->isFriendshipRequested($friend_id, $user->id)) {
             $this->model->addFriendship($user->id, $friend_id);
             cmsUser::addSessionMessage(sprintf(LANG_USERS_FRIENDS_DONE, $friend['nickname']), 'success');
             $this->sendNoticeAccepted($friend);
             $this->redirectToAction($friend_id);
         }
         //
         // Если запроса от друга не было
         //
         if ($this->request->has('submit')) {
             // подтвержение получено
             $csrf_token = $this->request->get('csrf_token');
             if (!cmsForm::validateCSRFToken($csrf_token)) {
                 cmsCore::error404();
             }
             $this->model->addFriendship($user->id, $friend_id);
             cmsUser::addSessionMessage(LANG_USERS_FRIENDS_SENT);
             $this->sendNoticeRequest($friend);
             $this->redirectToAction($friend_id);
         } else {
             // спрашиваем подтверждение
             return cmsTemplate::getInstance()->render('friend_add', array('user' => $user, 'friend' => $friend));
         }
     }
     //
     // Запрос из уведомления (внутренний)
     //
     if ($this->request->isInternal()) {
         $this->model->addFriendship($user->id, $friend_id);
         $this->sendNoticeAccepted($friend);
         return true;
     }
 }
开发者ID:asphix,项目名称:icms2,代码行数:56,代码来源:friend_add.php

示例4: uploadImage

 public function uploadImage()
 {
     $csrf_token = $this->request->get('csrf_token', '');
     if (!cmsForm::validateCSRFToken($csrf_token)) {
         return $this->cms_template->renderPlain('upload', array('allowed_extensions' => $this->allowed_extensions, 'error' => LANG_FORM_ERRORS));
     }
     $result = $this->images_controller->uploadWithPreset('image', 'wysiwyg_live');
     if (!$result['success']) {
         return $this->cms_template->renderPlain('upload', array('allowed_extensions' => $this->images_controller->getAllowedExtensions(), 'error' => $result['error']));
     }
     return $this->cms_template->renderPlain('image', array('url' => $result['image']['url']));
 }
开发者ID:Val-Git,项目名称:icms2,代码行数:12,代码来源:frontend.php

示例5: run

 public function run($friend_id)
 {
     if (!cmsUser::isLogged()) {
         cmsCore::error404();
     }
     $user = cmsUser::getInstance();
     if (!$friend_id) {
         cmsCore::error404();
     }
     if (!$this->model->isFriendshipExists($user->id, $friend_id)) {
         return false;
     }
     $friend = $this->model->getUser($friend_id);
     if (!$friend) {
         cmsCore::error404();
     }
     //
     // Запрос по ссылке из профиля
     //
     if ($this->request->isStandard()) {
         if ($this->request->has('submit')) {
             // подтвержение получено
             $csrf_token = $this->request->get('csrf_token');
             if (!cmsForm::validateCSRFToken($csrf_token)) {
                 cmsCore::error404();
             }
             $this->model->deleteFriendship($user->id, $friend_id);
             cmsUser::addSessionMessage(sprintf(LANG_USERS_FRIENDS_DELETED, $friend['nickname']));
             $this->sendNoticeDeleted($friend);
             $this->redirectToAction($friend_id);
         } else {
             // спрашиваем подтверждение
             return cmsTemplate::getInstance()->render('friend_delete', array('user' => $user, 'friend' => $friend));
         }
     }
     //
     // Запрос из уведомления (внутренний)
     //
     if ($this->request->isInternal()) {
         $this->model->deleteFriendship($user->id, $friend_id);
         $this->sendNoticeDeleted($friend, true);
         return true;
     }
 }
开发者ID:asphix,项目名称:icms2,代码行数:44,代码来源:friend_delete.php

示例6: uploadImage

 public function uploadImage()
 {
     $template = cmsTemplate::getInstance();
     $csrf_token = $this->request->get('csrf_token');
     if (!cmsForm::validateCSRFToken($csrf_token)) {
         $html = $template->render('upload', array('allowed_extensions' => $this->allowed_extensions, 'error' => LANG_FORM_ERRORS));
         echo $html;
         $this->halt();
     }
     $images_controller = cmsCore::getController('images');
     $result = $images_controller->uploadWithPreset('image', 'wysiwyg_live');
     if (!$result['success']) {
         $html = $template->render('upload', array('allowed_extensions' => $images_controller->getAllowedExtensions(), 'error' => $result['error']));
         echo $html;
         $this->halt();
     }
     $html = $template->render('image', array('url' => $result['image']['url']));
     echo $html;
     $this->halt();
 }
开发者ID:asphix,项目名称:icms2,代码行数:20,代码来源:frontend.php

示例7: run

 public function run($comment_id)
 {
     if (!$this->request->isAjax()) {
         cmsCore::error404();
     }
     $is_submit = $this->request->get('save', 0);
     $comment = $this->model->getComment($comment_id);
     if (!$is_submit) {
         return $this->cms_template->render('backend/text_edit', array('comment' => $comment, 'action' => href_to($this->root_url, 'text_edit', array($comment['id']))));
     }
     $csrf_token = $this->request->get('csrf_token', '');
     if (!cmsForm::validateCSRFToken($csrf_token) || !$comment) {
         $this->cms_template->renderJSON(array('errors' => true));
     }
     $content = $this->request->get('content', '');
     // Типографируем текст
     $content_html = cmsEventsManager::hook('html_filter', $content);
     if (!$content_html) {
         $this->cms_template->renderJSON(array('errors' => array('content' => ERR_VALIDATE_REQUIRED)));
     }
     list($comment_id, $content, $content_html) = cmsEventsManager::hook('comment_before_update', array($comment_id, $content, $content_html));
     $this->model->updateCommentContent($comment_id, $content, $content_html);
     return $this->cms_template->renderJSON(array('errors' => false, 'callback' => 'successSaveComment', 'comment_id' => $comment_id, 'text' => string_short($content_html, 350)));
 }
开发者ID:Val-Git,项目名称:icms2,代码行数:24,代码来源:text_edit.php

示例8: run

 public function run()
 {
     if (!$this->request->isAjax()) {
         cmsCore::error404();
     }
     $action = $this->request->get('action');
     $user = cmsUser::getInstance();
     $is_guests_allowed = !empty($this->options['is_guests']);
     $is_guest = $is_guests_allowed && !$user->is_logged;
     $is_user_allowed = $user->is_logged && cmsUser::isAllowed('comments', 'add') || $is_guests_allowed;
     $is_karma_allowed = $user->is_logged && !cmsUser::isPermittedLimitHigher('comments', 'karma', $user->karma) || $is_guests_allowed;
     $is_add_allowed = $is_user_allowed && $is_karma_allowed;
     if ($action == 'add' && !$is_add_allowed) {
         cmsCore::error404();
     }
     if ($action == 'update' && !cmsUser::isAllowed('comments', 'edit')) {
         cmsCore::error404();
     }
     $template = cmsTemplate::getInstance();
     $csrf_token = $this->request->get('csrf_token');
     $target_controller = $this->request->get('tc');
     $target_subject = $this->request->get('ts');
     $target_id = $this->request->get('ti');
     $target_user_id = $this->request->get('tud');
     $parent_id = $this->request->get('parent_id');
     $comment_id = $this->request->get('id');
     $content = $this->request->get('content');
     if ($is_guest) {
         $author_name = $this->request->get('author_name');
         $author_email = $this->request->get('author_email');
         if (!$author_name) {
             $template->renderJSON(array('error' => true, 'message' => LANG_COMMENT_ERROR_NAME, 'html' => false));
         }
         if ($author_email && !preg_match("/^([a-zA-Z0-9\\._-]+)@([a-zA-Z0-9\\._-]+)\\.([a-zA-Z]{2,4})\$/i", $author_email)) {
             $template->renderJSON(array('error' => true, 'message' => LANG_COMMENT_ERROR_EMAIL, 'html' => false));
         }
         if (!empty($this->options['restricted_ips'])) {
             if (string_in_mask_list($user->ip, $this->options['restricted_ips'])) {
                 $template->renderJSON(array('error' => true, 'message' => LANG_COMMENT_ERROR_IP, 'html' => false));
             }
         }
         if (!empty($this->options['guest_ip_delay'])) {
             $last_comment_time = $this->model->getGuestLastCommentTime($user->ip);
             $now_time = time();
             $minutes_passed = ($now_time - $last_comment_time) / 60;
             if ($minutes_passed < $this->options['guest_ip_delay']) {
                 $spellcount = html_spellcount($this->options['guest_ip_delay'], LANG_MINUTE1, LANG_MINUTE2, LANG_MINUTE10);
                 $template->renderJSON(array('error' => true, 'message' => sprintf(LANG_COMMENT_ERROR_TIME, $spellcount), 'html' => false));
             }
         }
     }
     // Проверяем валидность
     $is_valid = $this->validate_sysname($target_controller) === true && $this->validate_sysname($target_subject) === true && is_numeric($target_id) && is_numeric($parent_id) && (!$comment_id || is_numeric($comment_id)) && cmsForm::validateCSRFToken($csrf_token, false) && in_array($action, array('add', 'preview', 'update'));
     if (!$is_valid) {
         $result = array('error' => true, 'message' => LANG_COMMENT_ERROR);
         $template->renderJSON($result);
     }
     // Типографируем текст
     $content_html = cmsEventsManager::hook('html_filter', $content);
     if (!$content_html) {
         $result = array('error' => false, 'message' => false, 'html' => false);
         $template->renderJSON($result);
     }
     //
     // Превью комментария
     //
     if ($action == 'preview') {
         $result = array('error' => false, 'html' => $content_html);
         $template->renderJSON($result);
     }
     //
     // Редактирование комментария
     //
     if ($action == 'update') {
         $comment = $this->model->getComment($comment_id);
         if (!cmsUser::isAllowed('comments', 'edit', 'all')) {
             if (cmsUser::isAllowed('comments', 'edit', 'own') && $comment['user']['id'] != $user->id) {
                 $result = array('error' => true, 'message' => LANG_COMMENT_ERROR);
                 $template->renderJSON($result);
             }
         }
         $this->model->updateCommentContent($comment_id, $content, $content_html);
         $comment_html = $content_html;
     }
     //
     // Добавление комментария
     //
     if ($action == 'add') {
         // Собираем данные комментария
         $comment = array('user_id' => $user->id, 'parent_id' => $parent_id, 'target_controller' => $target_controller, 'target_subject' => $target_subject, 'target_id' => $target_id, 'content' => $content, 'content_html' => $content_html, 'author_url' => $user->ip);
         if ($is_guest) {
             $comment['author_name'] = $author_name;
             $comment['author_email'] = $author_email;
         }
         // Получаем модель целевого контроллера
         $target_model = cmsCore::getModel($target_controller);
         // Получаем URL и заголовок комментируемой страницы
         $target_info = $target_model->getTargetItemInfo($target_subject, $target_id);
         if ($target_info) {
             $comment['target_url'] = $target_info['url'];
//.........这里部分代码省略.........
开发者ID:asphix,项目名称:icms2,代码行数:101,代码来源:submit.php

示例9: run

 public function run()
 {
     if (!$this->request->isAjax()) {
         cmsCore::error404();
     }
     $action = $this->request->get('action');
     $template = cmsTemplate::getInstance();
     $user = cmsUser::getInstance();
     $csrf_token = $this->request->get('csrf_token');
     $controller_name = $this->request->get('pc');
     $profile_type = $this->request->get('pt');
     $profile_id = $this->request->get('pi');
     $parent_id = $this->request->get('parent_id');
     $entry_id = $this->request->get('id');
     $content = $this->request->get('content');
     // Проверяем валидность
     $is_valid = $this->validate_sysname($controller_name) === true && $this->validate_sysname($profile_type) === true && is_numeric($profile_id) && is_numeric($parent_id) && (!$entry_id || is_numeric($entry_id)) && cmsForm::validateCSRFToken($csrf_token, false) && in_array($action, array('add', 'preview', 'update'));
     if (!$is_valid) {
         $this->error();
     }
     //
     // Получаем права доступа
     //
     $controller = cmsCore::getController($controller_name);
     if (!$controller) {
         $this->error();
     }
     $permissions = $controller->runHook('wall_permissions', array('profile_type' => $profile_type, 'profile_id' => $profile_id));
     if (!$permissions || !is_array($permissions)) {
         $this->error();
     }
     // Типографируем текст
     $content_html = cmsEventsManager::hook('html_filter', $content);
     //
     // Превью записи
     //
     if ($action == 'preview') {
         $result = array('error' => false, 'html' => cmsEventsManager::hook('parse_text', $content_html));
         $template->renderJSON($result);
     }
     //
     // Редактирование записи
     //
     if ($action == 'update') {
         $entry = $this->model->getEntry($entry_id);
         if ($entry['user']['id'] != $user->id && !$user->is_admin) {
             $this->error();
         }
         list($entry_id, $content, $content_html) = cmsEventsManager::hook('wall_before_update', array($entry_id, $content, $content_html));
         $this->model->updateEntryContent($entry_id, $content, $content_html);
         $entry_html = $content_html;
     }
     //
     // Добавление записи
     //
     if ($action == 'add') {
         // проверяем права на добавление
         if (!$permissions['add']) {
             $this->error();
         }
         // Собираем данные записи
         $entry = array('user_id' => $user->id, 'parent_id' => $parent_id, 'profile_type' => $profile_type, 'profile_id' => $profile_id, 'content' => $content, 'content_html' => $content_html);
         // Сохраняем запись
         $entry_id = $this->model->addEntry(cmsEventsManager::hook('wall_before_add', $entry));
         if ($entry_id) {
             // Получаем и рендерим добавленную запись
             $entry = $this->model->getEntry($entry_id);
             $entry_html = $template->renderInternal($this, 'entry', array('entries' => array($entry), 'user' => $user, 'permissions' => $permissions));
             // Уведомляем владельца профиля
             if ($controller_name == 'users' && $profile_type == 'user') {
                 $this->notifyProfileOwner($profile_id, $entry);
             }
             // Если родительская запись привязана к статусу,
             // то увеличиваем число ответов у статуса
             if ($entry['parent_id']) {
                 $parent_entry = $this->model->getEntry($entry['parent_id']);
                 if ($parent_entry['status_id']) {
                     $users_model = cmsCore::getModel('users');
                     $users_model->increaseUserStatusRepliesCount($parent_entry['status_id']);
                 }
             }
         }
     }
     // Формируем и возвращаем результат
     $result = array('error' => $entry_id ? false : true, 'message' => $entry_id ? LANG_WALL_ENTRY_SUCCESS : LANG_WALL_ENTRY_ERROR, 'id' => $entry_id, 'parent_id' => isset($entry['parent_id']) ? $entry['parent_id'] : 0, 'html' => isset($entry_html) ? cmsEventsManager::hook('parse_text', $entry_html) : false);
     $template->renderJSON($result);
 }
开发者ID:dgolovanev,项目名称:icms2,代码行数:87,代码来源:submit.php

示例10: run

 public function run()
 {
     if (!$this->request->isAjax()) {
         cmsCore::error404();
     }
     $action = $this->request->get('action', '');
     $csrf_token = $this->request->get('csrf_token', '');
     $controller_name = $this->request->get('pc', '');
     $profile_type = $this->request->get('pt', '');
     $profile_id = $this->request->get('pi', '');
     $parent_id = $this->request->get('parent_id', '');
     $entry_id = $this->request->get('id', '');
     $content = $this->request->get('content', '');
     // Проверяем валидность
     $is_valid = $controller_name && $profile_type && $action && $this->validate_sysname($controller_name) === true && $this->validate_sysname($profile_type) === true && is_numeric($profile_id) && is_numeric($parent_id) && (!$entry_id || is_numeric($entry_id)) && cmsForm::validateCSRFToken($csrf_token, false) && in_array($action, array('add', 'preview', 'update'));
     if (!$is_valid) {
         return $this->error();
     }
     if (!cmsCore::isControllerExists($controller_name)) {
         return $this->error();
     }
     // какой контроллер обслуживаем
     $controller = cmsCore::getController($controller_name);
     //
     // Получаем права доступа
     //
     $permissions = $controller->runHook('wall_permissions', array('profile_type' => $profile_type, 'profile_id' => $profile_id));
     if (!$permissions || !is_array($permissions)) {
         return $this->error();
     }
     // Типографируем текст
     $content_html = cmsEventsManager::hook('html_filter', $content);
     if ($this->validate_required($content_html) !== true) {
         return $this->error(ERR_VALIDATE_REQUIRED);
     }
     //
     // Превью записи
     //
     if ($action == 'preview') {
         return $this->cms_template->renderJSON(array('error' => false, 'html' => cmsEventsManager::hook('parse_text', $content_html)));
     }
     //
     // Редактирование записи
     //
     if ($action == 'update') {
         $entry = $this->model->getEntry($entry_id);
         if ($entry['user']['id'] != $this->cms_user->id && !$this->cms_user->is_admin) {
             $this->error();
         }
         list($entry_id, $content, $content_html) = cmsEventsManager::hook('wall_before_update', array($entry_id, $content, $content_html));
         $this->model->updateEntryContent($entry_id, $content, $content_html);
         $entry_html = cmsEventsManager::hook('parse_text', $content_html);
     }
     //
     // Добавление записи
     //
     if ($action == 'add') {
         // проверяем права на добавление
         if (!$permissions['add']) {
             return $this->error();
         }
         // Собираем данные записи
         $entry = array('user_id' => $this->cms_user->id, 'parent_id' => $parent_id, 'controller' => $controller_name, 'profile_type' => $profile_type, 'profile_id' => $profile_id, 'content' => $content, 'content_html' => $content_html);
         // Сохраняем запись
         $entry_id = $this->model->addEntry(cmsEventsManager::hook('wall_before_add', $entry));
         if ($entry_id) {
             // Получаем и рендерим добавленную запись
             $entry = $this->model->getEntry($entry_id);
             $entry['content_html'] = cmsEventsManager::hook('parse_text', $entry['content_html']);
             $entry_html = $this->cms_template->renderInternal($this, 'entry', array('entries' => array($entry), 'user' => $this->cms_user, 'permissions' => $permissions));
             // действия после добавления
             $controller->runHook('wall_after_add', array('profile_type' => $profile_type, 'profile_id' => $profile_id, 'entry' => $entry, 'wall_model' => $this->model));
         }
     }
     // Формируем и возвращаем результат
     $result = array('error' => $entry_id ? false : true, 'message' => $entry_id ? LANG_WALL_ENTRY_SUCCESS : LANG_WALL_ENTRY_ERROR, 'id' => $entry_id, 'parent_id' => isset($entry['parent_id']) ? $entry['parent_id'] : 0, 'html' => isset($entry_html) ? $entry_html : false);
     return $this->cms_template->renderJSON($result);
 }
开发者ID:Val-Git,项目名称:icms2,代码行数:78,代码来源:submit.php


注:本文中的cmsForm::validateCSRFToken方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。