defender::sniff_token PHP Method

defender Class Documentation Usage Examples Of defender::sniff_token Mostrar archivo Open project: php-fusion/PHP-Fusion

sniff_token() public method

Token Sniffer Checks whether a post contains a valid token
public sniff_token ( ) 
    public function sniff_token()
    {
        $locale = fusion_get_locale();
        $error = FALSE;
        if (!empty($_POST)) {
            // Check if a token is being posted and make sure is a string
            if (!isset($_POST['fusion_token']) || !isset($_POST['form_id']) || !is_string($_POST['fusion_token']) || !is_string($_POST['form_id'])) {
                $error = $locale['token_error_2'];
            } elseif (!isset($_SESSION['csrf_tokens'][self::pageHash()][$_POST['form_id']])) {
                // Require set pageHash.
                $error = $locale['token_error_9'];
                // Check if the token exists in storage
            } elseif (!in_array($_POST['fusion_token'], $_SESSION['csrf_tokens'][self::pageHash()][$_POST['form_id']])) {
                $error = $locale['token_error_10'] . stripinput($_POST['fusion_token']);
            } elseif (!self::verify_token(0)) {
                $error = $locale['token_error_3'] . stripinput($_POST['fusion_token']);
            }
        }
        // Check if any error was set
        if ($error !== FALSE) {
            // Flag the token as invalid
            $this->tokenIsValid = FALSE;
            // Flag that something went wrong
            $this->stop();
            if ($this->debug) {
                // Add Error Notices
                setError(2, $error, FUSION_SELF, FUSION_REQUEST, "");
                addNotice('danger', $error);
            }
        }
    }

Usage Example

Ejemplo n.º 1
0
                    } else {
                        if ($mime_types[$extension] != $each['type']) {
                            die('Prevented an unwanted file upload attempt!');
                        }
                    }
                }
                unset($file_info, $extension);
            }
        }
        unset($mime_types);
    }
}
$defender = new defender();
// Set admin login procedures
Authenticate::setAdminLogin();
$defender->debug_notice = FALSE;
// turn this off after beta.
$defender->sniff_token();
$dynamic = new dynamics();
$dynamic->boot();
$fusion_page_head_tags =& \PHPFusion\OutputHandler::$pageHeadTags;
$fusion_page_footer_tags =& \PHPFusion\OutputHandler::$pageFooterTags;
$fusion_jquery_tags =& \PHPFusion\OutputHandler::$jqueryTags;
// Set theme using $_GET as well.
// Set theme
if ($userdata['user_level'] == USER_LEVEL_SUPER_ADMIN && isset($_GET['themes']) && theme_exists($_GET['themes'])) {
    $newUserTheme = array("user_id" => $userdata['user_id'], "user_theme" => stripinput($_GET['themes']));
    dbquery_insert(DB_USERS, $newUserTheme, "update");
    redirect(clean_request("", array("themes"), FALSE));
}
set_theme(empty($userdata['user_theme']) ? fusion_get_settings("theme") : $userdata['user_theme']);
defender
add_field_session
form_sanitizer
generate_token
getErrorText
getInputErrors
get_current_field_session
inputHasError
pageHash
remove_token
safe
sanitize_array
setErrorText
setInputError
set_sessionUserID
sniff_token
stop
unset_field_session
validate
verify_checkbox
verify_date
verify_email
verify_file_upload
verify_image_upload
verify_number
verify_password
verify_text
verify_token
verify_url