Changeset 4493


Ignore:
Timestamp:
Dec 14, 2009, 11:38:04 PM (14 years ago)
Author:
nikrou
Message:

Bug 1328 : improve check function

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/admin/include/functions.php

    r4492 r4493  
    3535  global $conf;
    3636
    37   $token = hash_hmac('md5', session_id(), $conf['secret_key']);
    38 
    39   if (!empty($_POST['pwg_token']) && ($_POST['pwg_token'] != $token))
    40   {
    41     access_denied();   
    42   }
    43   elseif (!empty($_GET['pwg_token']) && ($_GET['pwg_token'] != $token))
     37  $valid_token = hash_hmac('md5', session_id(), $conf['secret_key']);
     38  $given_token = null;
     39
     40  if (!empty($_POST['pwg_token']))
     41  {
     42    $given_token = $_POST['pwg_token'];
     43  }
     44  elseif (!empty($_GET['pwg_token']))
     45  {
     46    $given_token = $_GET['pwg_token'];
     47  }
     48  if ($given_token != $valid_token)
    4449  {
    4550    access_denied();   
Note: See TracChangeset for help on using the changeset viewer.