private static function failedValidationAction()
{
if (!file_exists(__DIR__ . "/../" . self::$config['logDirectory'])) {
throw new logDirectoryNotFoundException("OWASP CSRFProtector: Log Directory Not Found!");
}
//call the logging function
static::logCSRFattack();
//#todo: ask mentors if $failedAuthAction is better as an int or string
//default case is case 0
switch (self::$config['failedAuthAction'][self::$requestType]) {
case 0:
//send 403 header
header('HTTP/1.0 403 Forbidden');
exit("<h2>403 Access Forbidden by CSRFProtector!</h2>");
break;
case 1:
//unset the query parameters and forward
if (self::$requestType === 'GET') {
$_GET = array();
} else {
$_POST = array();
}
break;
case 2:
//redirect to custom error page
$location = self::$config['errorRedirectionPage'];
header("location: {$location}");
case 3:
//send custom error message
exit(self::$config['customErrorMessage']);
break;
case 4:
//send 500 header -- internal server error
header($_SERVER['SERVER_PROTOCOL'] . ' 500 Internal Server Error', true, 500);
exit("<h2>500 Internal Server Error!</h2>");
break;
default:
//unset the query parameters and forward
if (self::$requestType === 'GET') {
$_GET = array();
} else {
$_POST = array();
}
break;
}
}
