Changeset 5195 for trunk/admin/include/functions.php
- Timestamp:
- Mar 19, 2010, 11:25:39 PM (14 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/admin/include/functions.php
r5188 r5195 23 23 24 24 include(PHPWG_ROOT_PATH.'admin/include/functions_metadata.php'); 25 26 /**27 * check token comming from form posted or get params to prevent csrf attacks28 * if pwg_token is empty action doesn't require token29 * else pwg_token is compare to server token30 *31 * @return void access denied if token given is not equal to server token32 */33 function check_token()34 {35 global $conf;36 37 $valid_token = hash_hmac('md5', session_id(), $conf['secret_key']);38 $given_token = null;39 40 if (!empty($_POST['pwg_token']))41 {42 $given_token = $_POST['pwg_token'];43 }44 elseif (!empty($_GET['pwg_token']))45 {46 $given_token = $_GET['pwg_token'];47 }48 if ($given_token != $valid_token)49 {50 access_denied();51 }52 }53 25 54 26 // The function delete_site deletes a site and call the function
Note: See TracChangeset
for help on using the changeset viewer.