本文整理汇总了PHP中cmsForm::validateCSRFToken方法的典型用法代码示例。如果您正苦于以下问题:PHP cmsForm::validateCSRFToken方法的具体用法?PHP cmsForm::validateCSRFToken怎么用?PHP cmsForm::validateCSRFToken使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类cmsForm
的用法示例。
在下文中一共展示了cmsForm::validateCSRFToken方法的10个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: run
public function run($group)
{
if (!cmsUser::isAllowed('groups', 'delete')) {
cmsCore::error404();
}
if (!cmsUser::isAllowed('groups', 'delete', 'all') && $group['owner_id'] != $this->cms_user->id) {
cmsCore::error404();
}
if ($this->request->has('submit')) {
// подтвержение получено
$csrf_token = $this->request->get('csrf_token', '');
$is_delete_content = $this->request->get('is_delete_content', 0);
if (!cmsForm::validateCSRFToken($csrf_token)) {
cmsCore::error404();
}
list($group, $is_delete_content) = cmsEventsManager::hook('group_before_delete', array($group, $is_delete_content));
$this->model->removeContentFromGroup($group['id'], $is_delete_content);
$this->model->deleteGroup($group);
cmsUser::addSessionMessage(sprintf(LANG_GROUPS_DELETED, $group['title']));
$this->redirectToAction('');
} else {
// спрашиваем подтверждение
return $this->cms_template->render('group_delete', array('user' => $this->cms_user, 'group' => $group));
}
}
示例2: run
public function run()
{
$template = cmsTemplate::getInstance();
$config = cmsConfig::getInstance();
$user = cmsUser::getInstance();
$contact_id = $this->request->get('contact_id') or cmsCore::error404();
$content = $this->request->get('content') or cmsCore::error404();
$csrf_token = $this->request->get('csrf_token');
// Проверяем валидность
$is_valid = is_numeric($contact_id) && cmsForm::validateCSRFToken($csrf_token, false);
if (!$is_valid) {
$result = array('error' => true, 'message' => '');
$template->renderJSON($result);
}
$contact = $this->model->getContact($user->id, $contact_id);
// Контакт существует?
if (!$contact) {
$result = array('error' => true, 'message' => '');
$template->renderJSON($result);
}
// Контакт не в игноре у отправителя?
if ($contact['is_ignored']) {
$result = array('error' => true, 'message' => LANG_PM_CONTACT_IS_IGNORED);
$template->renderJSON($result);
}
// Отправитель не в игноре у контакта?
if ($this->model->isContactIgnored($contact_id, $user->id)) {
$result = array('error' => true, 'message' => LANG_PM_YOU_ARE_IGNORED);
$template->renderJSON($result);
}
// Контакт принимает сообщения от этого пользователя?
if (!$user->isPrivacyAllowed($contact, 'messages_pm')) {
$result = array('error' => true, 'message' => LANG_PM_CONTACT_IS_PRIVATE);
$template->renderJSON($result);
}
//
// Отправляем сообщение
//
$content_html = cmsEventsManager::hook('html_filter', $content);
if (!$content_html) {
$template->renderJSON(array('error' => false, 'date' => false, 'message' => false));
}
$this->setSender($user->id);
$this->addRecipient($contact_id);
$message_id = $this->sendMessage($content_html);
//
// Отправляем уведомление на почту
//
$user_to = cmsCore::getModel('users')->getUser($contact_id);
if (!$user_to['is_online']) {
$this->sendNoticeEmail('messages_new');
}
//
// Получаем и рендерим добавленное сообщение
//
$message = $this->model->getMessage($message_id);
$message_html = $template->render('message', array('messages' => array($message), 'user' => $user), new cmsRequest(array(), cmsRequest::CTX_INTERNAL));
// Результат
$template->renderJSON(array('error' => false, 'date' => date($config->date_format, time()), 'message' => $message_html));
}
示例3: run
public function run($friend_id)
{
if (!cmsUser::isLogged()) {
cmsCore::error404();
}
$user = cmsUser::getInstance();
if (!$friend_id) {
cmsCore::error404();
}
if ($user->isFriend($friend_id)) {
return false;
}
$friend = $this->model->getUser($friend_id);
if (!$friend) {
cmsCore::error404();
}
//
// Запрос по ссылке из профиля
//
if ($this->request->isStandard()) {
//
// Если запрос от друга уже существует
//
if ($this->model->isFriendshipRequested($friend_id, $user->id)) {
$this->model->addFriendship($user->id, $friend_id);
cmsUser::addSessionMessage(sprintf(LANG_USERS_FRIENDS_DONE, $friend['nickname']), 'success');
$this->sendNoticeAccepted($friend);
$this->redirectToAction($friend_id);
}
//
// Если запроса от друга не было
//
if ($this->request->has('submit')) {
// подтвержение получено
$csrf_token = $this->request->get('csrf_token');
if (!cmsForm::validateCSRFToken($csrf_token)) {
cmsCore::error404();
}
$this->model->addFriendship($user->id, $friend_id);
cmsUser::addSessionMessage(LANG_USERS_FRIENDS_SENT);
$this->sendNoticeRequest($friend);
$this->redirectToAction($friend_id);
} else {
// спрашиваем подтверждение
return cmsTemplate::getInstance()->render('friend_add', array('user' => $user, 'friend' => $friend));
}
}
//
// Запрос из уведомления (внутренний)
//
if ($this->request->isInternal()) {
$this->model->addFriendship($user->id, $friend_id);
$this->sendNoticeAccepted($friend);
return true;
}
}
示例4: uploadImage
public function uploadImage()
{
$csrf_token = $this->request->get('csrf_token', '');
if (!cmsForm::validateCSRFToken($csrf_token)) {
return $this->cms_template->renderPlain('upload', array('allowed_extensions' => $this->allowed_extensions, 'error' => LANG_FORM_ERRORS));
}
$result = $this->images_controller->uploadWithPreset('image', 'wysiwyg_live');
if (!$result['success']) {
return $this->cms_template->renderPlain('upload', array('allowed_extensions' => $this->images_controller->getAllowedExtensions(), 'error' => $result['error']));
}
return $this->cms_template->renderPlain('image', array('url' => $result['image']['url']));
}
示例5: run
public function run($friend_id)
{
if (!cmsUser::isLogged()) {
cmsCore::error404();
}
$user = cmsUser::getInstance();
if (!$friend_id) {
cmsCore::error404();
}
if (!$this->model->isFriendshipExists($user->id, $friend_id)) {
return false;
}
$friend = $this->model->getUser($friend_id);
if (!$friend) {
cmsCore::error404();
}
//
// Запрос по ссылке из профиля
//
if ($this->request->isStandard()) {
if ($this->request->has('submit')) {
// подтвержение получено
$csrf_token = $this->request->get('csrf_token');
if (!cmsForm::validateCSRFToken($csrf_token)) {
cmsCore::error404();
}
$this->model->deleteFriendship($user->id, $friend_id);
cmsUser::addSessionMessage(sprintf(LANG_USERS_FRIENDS_DELETED, $friend['nickname']));
$this->sendNoticeDeleted($friend);
$this->redirectToAction($friend_id);
} else {
// спрашиваем подтверждение
return cmsTemplate::getInstance()->render('friend_delete', array('user' => $user, 'friend' => $friend));
}
}
//
// Запрос из уведомления (внутренний)
//
if ($this->request->isInternal()) {
$this->model->deleteFriendship($user->id, $friend_id);
$this->sendNoticeDeleted($friend, true);
return true;
}
}
示例6: uploadImage
public function uploadImage()
{
$template = cmsTemplate::getInstance();
$csrf_token = $this->request->get('csrf_token');
if (!cmsForm::validateCSRFToken($csrf_token)) {
$html = $template->render('upload', array('allowed_extensions' => $this->allowed_extensions, 'error' => LANG_FORM_ERRORS));
echo $html;
$this->halt();
}
$images_controller = cmsCore::getController('images');
$result = $images_controller->uploadWithPreset('image', 'wysiwyg_live');
if (!$result['success']) {
$html = $template->render('upload', array('allowed_extensions' => $images_controller->getAllowedExtensions(), 'error' => $result['error']));
echo $html;
$this->halt();
}
$html = $template->render('image', array('url' => $result['image']['url']));
echo $html;
$this->halt();
}
示例7: run
public function run($comment_id)
{
if (!$this->request->isAjax()) {
cmsCore::error404();
}
$is_submit = $this->request->get('save', 0);
$comment = $this->model->getComment($comment_id);
if (!$is_submit) {
return $this->cms_template->render('backend/text_edit', array('comment' => $comment, 'action' => href_to($this->root_url, 'text_edit', array($comment['id']))));
}
$csrf_token = $this->request->get('csrf_token', '');
if (!cmsForm::validateCSRFToken($csrf_token) || !$comment) {
$this->cms_template->renderJSON(array('errors' => true));
}
$content = $this->request->get('content', '');
// Типографируем текст
$content_html = cmsEventsManager::hook('html_filter', $content);
if (!$content_html) {
$this->cms_template->renderJSON(array('errors' => array('content' => ERR_VALIDATE_REQUIRED)));
}
list($comment_id, $content, $content_html) = cmsEventsManager::hook('comment_before_update', array($comment_id, $content, $content_html));
$this->model->updateCommentContent($comment_id, $content, $content_html);
return $this->cms_template->renderJSON(array('errors' => false, 'callback' => 'successSaveComment', 'comment_id' => $comment_id, 'text' => string_short($content_html, 350)));
}
示例8: run
public function run()
{
if (!$this->request->isAjax()) {
cmsCore::error404();
}
$action = $this->request->get('action');
$user = cmsUser::getInstance();
$is_guests_allowed = !empty($this->options['is_guests']);
$is_guest = $is_guests_allowed && !$user->is_logged;
$is_user_allowed = $user->is_logged && cmsUser::isAllowed('comments', 'add') || $is_guests_allowed;
$is_karma_allowed = $user->is_logged && !cmsUser::isPermittedLimitHigher('comments', 'karma', $user->karma) || $is_guests_allowed;
$is_add_allowed = $is_user_allowed && $is_karma_allowed;
if ($action == 'add' && !$is_add_allowed) {
cmsCore::error404();
}
if ($action == 'update' && !cmsUser::isAllowed('comments', 'edit')) {
cmsCore::error404();
}
$template = cmsTemplate::getInstance();
$csrf_token = $this->request->get('csrf_token');
$target_controller = $this->request->get('tc');
$target_subject = $this->request->get('ts');
$target_id = $this->request->get('ti');
$target_user_id = $this->request->get('tud');
$parent_id = $this->request->get('parent_id');
$comment_id = $this->request->get('id');
$content = $this->request->get('content');
if ($is_guest) {
$author_name = $this->request->get('author_name');
$author_email = $this->request->get('author_email');
if (!$author_name) {
$template->renderJSON(array('error' => true, 'message' => LANG_COMMENT_ERROR_NAME, 'html' => false));
}
if ($author_email && !preg_match("/^([a-zA-Z0-9\\._-]+)@([a-zA-Z0-9\\._-]+)\\.([a-zA-Z]{2,4})\$/i", $author_email)) {
$template->renderJSON(array('error' => true, 'message' => LANG_COMMENT_ERROR_EMAIL, 'html' => false));
}
if (!empty($this->options['restricted_ips'])) {
if (string_in_mask_list($user->ip, $this->options['restricted_ips'])) {
$template->renderJSON(array('error' => true, 'message' => LANG_COMMENT_ERROR_IP, 'html' => false));
}
}
if (!empty($this->options['guest_ip_delay'])) {
$last_comment_time = $this->model->getGuestLastCommentTime($user->ip);
$now_time = time();
$minutes_passed = ($now_time - $last_comment_time) / 60;
if ($minutes_passed < $this->options['guest_ip_delay']) {
$spellcount = html_spellcount($this->options['guest_ip_delay'], LANG_MINUTE1, LANG_MINUTE2, LANG_MINUTE10);
$template->renderJSON(array('error' => true, 'message' => sprintf(LANG_COMMENT_ERROR_TIME, $spellcount), 'html' => false));
}
}
}
// Проверяем валидность
$is_valid = $this->validate_sysname($target_controller) === true && $this->validate_sysname($target_subject) === true && is_numeric($target_id) && is_numeric($parent_id) && (!$comment_id || is_numeric($comment_id)) && cmsForm::validateCSRFToken($csrf_token, false) && in_array($action, array('add', 'preview', 'update'));
if (!$is_valid) {
$result = array('error' => true, 'message' => LANG_COMMENT_ERROR);
$template->renderJSON($result);
}
// Типографируем текст
$content_html = cmsEventsManager::hook('html_filter', $content);
if (!$content_html) {
$result = array('error' => false, 'message' => false, 'html' => false);
$template->renderJSON($result);
}
//
// Превью комментария
//
if ($action == 'preview') {
$result = array('error' => false, 'html' => $content_html);
$template->renderJSON($result);
}
//
// Редактирование комментария
//
if ($action == 'update') {
$comment = $this->model->getComment($comment_id);
if (!cmsUser::isAllowed('comments', 'edit', 'all')) {
if (cmsUser::isAllowed('comments', 'edit', 'own') && $comment['user']['id'] != $user->id) {
$result = array('error' => true, 'message' => LANG_COMMENT_ERROR);
$template->renderJSON($result);
}
}
$this->model->updateCommentContent($comment_id, $content, $content_html);
$comment_html = $content_html;
}
//
// Добавление комментария
//
if ($action == 'add') {
// Собираем данные комментария
$comment = array('user_id' => $user->id, 'parent_id' => $parent_id, 'target_controller' => $target_controller, 'target_subject' => $target_subject, 'target_id' => $target_id, 'content' => $content, 'content_html' => $content_html, 'author_url' => $user->ip);
if ($is_guest) {
$comment['author_name'] = $author_name;
$comment['author_email'] = $author_email;
}
// Получаем модель целевого контроллера
$target_model = cmsCore::getModel($target_controller);
// Получаем URL и заголовок комментируемой страницы
$target_info = $target_model->getTargetItemInfo($target_subject, $target_id);
if ($target_info) {
$comment['target_url'] = $target_info['url'];
//.........这里部分代码省略.........
示例9: run
public function run()
{
if (!$this->request->isAjax()) {
cmsCore::error404();
}
$action = $this->request->get('action');
$template = cmsTemplate::getInstance();
$user = cmsUser::getInstance();
$csrf_token = $this->request->get('csrf_token');
$controller_name = $this->request->get('pc');
$profile_type = $this->request->get('pt');
$profile_id = $this->request->get('pi');
$parent_id = $this->request->get('parent_id');
$entry_id = $this->request->get('id');
$content = $this->request->get('content');
// Проверяем валидность
$is_valid = $this->validate_sysname($controller_name) === true && $this->validate_sysname($profile_type) === true && is_numeric($profile_id) && is_numeric($parent_id) && (!$entry_id || is_numeric($entry_id)) && cmsForm::validateCSRFToken($csrf_token, false) && in_array($action, array('add', 'preview', 'update'));
if (!$is_valid) {
$this->error();
}
//
// Получаем права доступа
//
$controller = cmsCore::getController($controller_name);
if (!$controller) {
$this->error();
}
$permissions = $controller->runHook('wall_permissions', array('profile_type' => $profile_type, 'profile_id' => $profile_id));
if (!$permissions || !is_array($permissions)) {
$this->error();
}
// Типографируем текст
$content_html = cmsEventsManager::hook('html_filter', $content);
//
// Превью записи
//
if ($action == 'preview') {
$result = array('error' => false, 'html' => cmsEventsManager::hook('parse_text', $content_html));
$template->renderJSON($result);
}
//
// Редактирование записи
//
if ($action == 'update') {
$entry = $this->model->getEntry($entry_id);
if ($entry['user']['id'] != $user->id && !$user->is_admin) {
$this->error();
}
list($entry_id, $content, $content_html) = cmsEventsManager::hook('wall_before_update', array($entry_id, $content, $content_html));
$this->model->updateEntryContent($entry_id, $content, $content_html);
$entry_html = $content_html;
}
//
// Добавление записи
//
if ($action == 'add') {
// проверяем права на добавление
if (!$permissions['add']) {
$this->error();
}
// Собираем данные записи
$entry = array('user_id' => $user->id, 'parent_id' => $parent_id, 'profile_type' => $profile_type, 'profile_id' => $profile_id, 'content' => $content, 'content_html' => $content_html);
// Сохраняем запись
$entry_id = $this->model->addEntry(cmsEventsManager::hook('wall_before_add', $entry));
if ($entry_id) {
// Получаем и рендерим добавленную запись
$entry = $this->model->getEntry($entry_id);
$entry_html = $template->renderInternal($this, 'entry', array('entries' => array($entry), 'user' => $user, 'permissions' => $permissions));
// Уведомляем владельца профиля
if ($controller_name == 'users' && $profile_type == 'user') {
$this->notifyProfileOwner($profile_id, $entry);
}
// Если родительская запись привязана к статусу,
// то увеличиваем число ответов у статуса
if ($entry['parent_id']) {
$parent_entry = $this->model->getEntry($entry['parent_id']);
if ($parent_entry['status_id']) {
$users_model = cmsCore::getModel('users');
$users_model->increaseUserStatusRepliesCount($parent_entry['status_id']);
}
}
}
}
// Формируем и возвращаем результат
$result = array('error' => $entry_id ? false : true, 'message' => $entry_id ? LANG_WALL_ENTRY_SUCCESS : LANG_WALL_ENTRY_ERROR, 'id' => $entry_id, 'parent_id' => isset($entry['parent_id']) ? $entry['parent_id'] : 0, 'html' => isset($entry_html) ? cmsEventsManager::hook('parse_text', $entry_html) : false);
$template->renderJSON($result);
}
示例10: run
public function run()
{
if (!$this->request->isAjax()) {
cmsCore::error404();
}
$action = $this->request->get('action', '');
$csrf_token = $this->request->get('csrf_token', '');
$controller_name = $this->request->get('pc', '');
$profile_type = $this->request->get('pt', '');
$profile_id = $this->request->get('pi', '');
$parent_id = $this->request->get('parent_id', '');
$entry_id = $this->request->get('id', '');
$content = $this->request->get('content', '');
// Проверяем валидность
$is_valid = $controller_name && $profile_type && $action && $this->validate_sysname($controller_name) === true && $this->validate_sysname($profile_type) === true && is_numeric($profile_id) && is_numeric($parent_id) && (!$entry_id || is_numeric($entry_id)) && cmsForm::validateCSRFToken($csrf_token, false) && in_array($action, array('add', 'preview', 'update'));
if (!$is_valid) {
return $this->error();
}
if (!cmsCore::isControllerExists($controller_name)) {
return $this->error();
}
// какой контроллер обслуживаем
$controller = cmsCore::getController($controller_name);
//
// Получаем права доступа
//
$permissions = $controller->runHook('wall_permissions', array('profile_type' => $profile_type, 'profile_id' => $profile_id));
if (!$permissions || !is_array($permissions)) {
return $this->error();
}
// Типографируем текст
$content_html = cmsEventsManager::hook('html_filter', $content);
if ($this->validate_required($content_html) !== true) {
return $this->error(ERR_VALIDATE_REQUIRED);
}
//
// Превью записи
//
if ($action == 'preview') {
return $this->cms_template->renderJSON(array('error' => false, 'html' => cmsEventsManager::hook('parse_text', $content_html)));
}
//
// Редактирование записи
//
if ($action == 'update') {
$entry = $this->model->getEntry($entry_id);
if ($entry['user']['id'] != $this->cms_user->id && !$this->cms_user->is_admin) {
$this->error();
}
list($entry_id, $content, $content_html) = cmsEventsManager::hook('wall_before_update', array($entry_id, $content, $content_html));
$this->model->updateEntryContent($entry_id, $content, $content_html);
$entry_html = cmsEventsManager::hook('parse_text', $content_html);
}
//
// Добавление записи
//
if ($action == 'add') {
// проверяем права на добавление
if (!$permissions['add']) {
return $this->error();
}
// Собираем данные записи
$entry = array('user_id' => $this->cms_user->id, 'parent_id' => $parent_id, 'controller' => $controller_name, 'profile_type' => $profile_type, 'profile_id' => $profile_id, 'content' => $content, 'content_html' => $content_html);
// Сохраняем запись
$entry_id = $this->model->addEntry(cmsEventsManager::hook('wall_before_add', $entry));
if ($entry_id) {
// Получаем и рендерим добавленную запись
$entry = $this->model->getEntry($entry_id);
$entry['content_html'] = cmsEventsManager::hook('parse_text', $entry['content_html']);
$entry_html = $this->cms_template->renderInternal($this, 'entry', array('entries' => array($entry), 'user' => $this->cms_user, 'permissions' => $permissions));
// действия после добавления
$controller->runHook('wall_after_add', array('profile_type' => $profile_type, 'profile_id' => $profile_id, 'entry' => $entry, 'wall_model' => $this->model));
}
}
// Формируем и возвращаем результат
$result = array('error' => $entry_id ? false : true, 'message' => $entry_id ? LANG_WALL_ENTRY_SUCCESS : LANG_WALL_ENTRY_ERROR, 'id' => $entry_id, 'parent_id' => isset($entry['parent_id']) ? $entry['parent_id'] : 0, 'html' => isset($entry_html) ? $entry_html : false);
return $this->cms_template->renderJSON($result);
}