Changeset 4508 for branches/2.0/admin/include/functions.php
- Timestamp:
- Dec 17, 2009, 11:47:31 PM (14 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/2.0/admin/include/functions.php
r4503 r4508 23 23 24 24 include(PHPWG_ROOT_PATH.'admin/include/functions_metadata.php'); 25 26 /**27 * check token comming from form posted or get params to prevent csrf attacks28 * if pwg_token is empty action doesn't require token29 * else pwg_token is compare to server token30 *31 * @return void access denied if token given is not equal to server token32 */33 function check_pwg_token()34 {35 $valid_token = get_pwg_token();36 $given_token = null;37 38 if (!empty($_POST['pwg_token']))39 {40 $given_token = $_POST['pwg_token'];41 }42 elseif (!empty($_GET['pwg_token']))43 {44 $given_token = $_GET['pwg_token'];45 }46 if ($given_token != $valid_token)47 {48 access_denied();49 }50 }51 52 function get_pwg_token()53 {54 global $conf;55 56 return hash_hmac('md5', session_id(), $conf['secret_key']);57 }58 25 59 26 // The function delete_site deletes a site and call the function
Note: See TracChangeset
for help on using the changeset viewer.