Changeset 4492
- Timestamp:
- Dec 14, 2009, 11:16:52 PM (14 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/admin/include/functions.php
r4401 r4492 24 24 include(PHPWG_ROOT_PATH.'admin/include/functions_metadata.php'); 25 25 26 /** 27 * check token comming from form posted or get params to prevent csrf attacks 28 * if pwg_token is empty action doesn't require token 29 * else pwg_token is compare to server token 30 * 31 * @return void access denied if token given is not equal to server token 32 */ 33 function check_token() 34 { 35 global $conf; 36 37 $token = hash_hmac('md5', session_id(), $conf['secret_key']); 38 39 if (!empty($_POST['pwg_token']) && ($_POST['pwg_token'] != $token)) 40 { 41 access_denied(); 42 } 43 elseif (!empty($_GET['pwg_token']) && ($_GET['pwg_token'] != $token)) 44 { 45 access_denied(); 46 } 47 } 26 48 27 49 // The function delete_site deletes a site and call the function
Note: See TracChangeset
for help on using the changeset viewer.