Changeset 4492


Ignore:
Timestamp:
12/14/09 23:16:52 (10 years ago)
Author:
nikrou
Message:

Bug 1328 add function to check token

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/admin/include/functions.php

    r4401 r4492  
    2424include(PHPWG_ROOT_PATH.'admin/include/functions_metadata.php'); 
    2525 
     26/** 
     27 * check token comming from form posted or get params to prevent csrf attacks 
     28 * if pwg_token is empty action doesn't require token 
     29 * else pwg_token is compare to server token 
     30 * 
     31 * @return void access denied if token given is not equal to server token  
     32 */ 
     33function check_token() 
     34{ 
     35  global $conf; 
     36 
     37  $token = hash_hmac('md5', session_id(), $conf['secret_key']); 
     38 
     39  if (!empty($_POST['pwg_token']) && ($_POST['pwg_token'] != $token)) 
     40  { 
     41    access_denied();     
     42  } 
     43  elseif (!empty($_GET['pwg_token']) && ($_GET['pwg_token'] != $token)) 
     44  { 
     45    access_denied();     
     46  } 
     47} 
    2648 
    2749// The function delete_site deletes a site and call the function 
Note: See TracChangeset for help on using the changeset viewer.