Changeset 4508 for branches/2.0/include/functions.inc.php
- Timestamp:
- Dec 17, 2009, 11:47:31 PM (14 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/2.0/include/functions.inc.php
r4495 r4508 1536 1536 } 1537 1537 } 1538 1539 /** 1540 * check token comming from form posted or get params to prevent csrf attacks 1541 * if pwg_token is empty action doesn't require token 1542 * else pwg_token is compare to server token 1543 * 1544 * @return void access denied if token given is not equal to server token 1545 */ 1546 function check_pwg_token() 1547 { 1548 $valid_token = get_pwg_token(); 1549 $given_token = null; 1550 1551 if (!empty($_POST['pwg_token'])) 1552 { 1553 $given_token = $_POST['pwg_token']; 1554 } 1555 elseif (!empty($_GET['pwg_token'])) 1556 { 1557 $given_token = $_GET['pwg_token']; 1558 } 1559 if ($given_token != $valid_token) 1560 { 1561 access_denied(); 1562 } 1563 } 1564 1565 function get_pwg_token() 1566 { 1567 global $conf; 1568 1569 return hash_hmac('md5', session_id(), $conf['secret_key']); 1570 } 1538 1571 ?>
Note: See TracChangeset
for help on using the changeset viewer.