Ignore:
Timestamp:
Dec 17, 2009, 11:47:31 PM (14 years ago)
Author:
plg
Message:

bug 1328: implement check_pwg_token for emails on user comments management.

The check_pwg_token and get_pwg_token functions were moved to the public side
(for use on comments.php)

The email sent to admins on new user comment does not directly includes
validate/delete actions.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.0/admin/include/functions.php

    r4503 r4508  
    2323
    2424include(PHPWG_ROOT_PATH.'admin/include/functions_metadata.php');
    25 
    26 /**
    27  * check token comming from form posted or get params to prevent csrf attacks
    28  * if pwg_token is empty action doesn't require token
    29  * else pwg_token is compare to server token
    30  *
    31  * @return void access denied if token given is not equal to server token
    32  */
    33 function check_pwg_token()
    34 {
    35   $valid_token = get_pwg_token();
    36   $given_token = null;
    37 
    38   if (!empty($_POST['pwg_token']))
    39   {
    40     $given_token = $_POST['pwg_token'];
    41   }
    42   elseif (!empty($_GET['pwg_token']))
    43   {
    44     $given_token = $_GET['pwg_token'];
    45   }
    46   if ($given_token != $valid_token)
    47   {
    48     access_denied();   
    49   }
    50 }
    51 
    52 function get_pwg_token()
    53 {
    54   global $conf;
    55 
    56   return hash_hmac('md5', session_id(), $conf['secret_key']);
    57 }
    5825
    5926// The function delete_site deletes a site and call the function
Note: See TracChangeset for help on using the changeset viewer.