if (empty($_SESSION['challenge'])) {
$_SESSION['challenge'] = sha1(uniqid(rand(), true));
}
+ if (empty($_SESSION['xsrf_token'])) {
+ $_SESSION['xsrf_token'] = rand_url_id();
+ }
if (!isset($_SESSION['perms']) || !($_SESSION['perms'] instanceof FlagSet)) {
$_SESSION['perms'] = new FlagSet();
}
return Session::logged() && Session::v('perms')->hasFlag(PERMS_ADMIN);
}
+ public static function has_xsrf_token()
+ {
+ return Session::has('xsrf_token') && Session::v('xsrf_token') == Env::v('token');
+ }
+
public static function logged()
{
return Session::v('auth', AUTH_PUBLIC) >= AUTH_COOKIE;
--- /dev/null
+<?php
+/***************************************************************************
+ * Copyright (C) 2003-2008 Polytechnique.org *
+ * http://opensource.polytechnique.org/ *
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or *
+ * (at your option) any later version. *
+ * *
+ * This program is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+ * GNU General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU General Public License *
+ * along with this program; if not, write to the Free Software *
+ * Foundation, Inc., *
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
+ ***************************************************************************/
+
+function smarty_function_xsrf_token($params, &$smarty) {
+ return Session::v('xsrf_token', '');
+}
+
+// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
+?>
--- /dev/null
+<?php
+/***************************************************************************
+ * Copyright (C) 2003-2008 Polytechnique.org *
+ * http://opensource.polytechnique.org/ *
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or *
+ * (at your option) any later version. *
+ * *
+ * This program is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+ * GNU General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU General Public License *
+ * along with this program; if not, write to the Free Software *
+ * Foundation, Inc., *
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
+ ***************************************************************************/
+
+function smarty_function_xsrf_token_field($params, &$smarty) {
+ if (Session::has('xsrf_token')) {
+ return '<input type="hidden" name="token" value="' . Session::v('xsrf_token') . '" />';
+ }
+ return '';
+}
+
+// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
+?>
projects / platal.git / commitdiff