Ignore:
Timestamp:
12/14/09 23:38:04 (10 years ago)
Author:
nikrou
Message:

Bug 1328 : improve check function

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/admin/include/functions.php

    r4492 r4493  
    3535  global $conf; 
    3636 
    37   $token = hash_hmac('md5', session_id(), $conf['secret_key']); 
    38  
    39   if (!empty($_POST['pwg_token']) && ($_POST['pwg_token'] != $token)) 
    40   { 
    41     access_denied();     
    42   } 
    43   elseif (!empty($_GET['pwg_token']) && ($_GET['pwg_token'] != $token)) 
     37  $valid_token = hash_hmac('md5', session_id(), $conf['secret_key']); 
     38  $given_token = null; 
     39 
     40  if (!empty($_POST['pwg_token'])) 
     41  { 
     42    $given_token = $_POST['pwg_token']; 
     43  } 
     44  elseif (!empty($_GET['pwg_token'])) 
     45  { 
     46    $given_token = $_GET['pwg_token']; 
     47  } 
     48  if ($given_token != $valid_token) 
    4449  { 
    4550    access_denied();     
Note: See TracChangeset for help on using the changeset viewer.