PHP Kingboard\Lib Form::getXSRFToken Examples

Example #1

File: Auth.php Project: kingboard/kingboard

 public function registerForm($request)
 {
     if (isset($_POST['XSRF'])) {
         if (\Kingboard\Lib\Form::getXSRFToken() == $_POST['XSRF']) {
             if (!isset($_POST['passwd']) || !isset($_POST['passwd2']) || !isset($_POST['login'])) {
                 $this->_context['registration_failed'] = 'Please fill in all fields';
             } elseif ($_POST['passwd'] != $_POST['passwd2']) {
                 $this->_context['registration_failed'] = 'both Password fields need to have the same value';
             } elseif (!is_null(\Kingboard\Model\User::findOne(array('username' => $_POST['login'])))) {
                 $this->_context['registration_failed'] = 'email/login allready in use';
             } elseif (!\Kingboard\Lib\Form::isEmail($_POST['login'])) {
                 $this->_context['registration_failed'] = 'not a valid email adresse';
             } else {
                 $validationCode = sha1(time() . $_POST['login']);
                 $user = new \Kingboard\Model\User();
                 $user->username = $_POST['login'];
                 $user->password = hash('sha256', $_POST['passwd']);
                 $user->status = \Kingboard\Model\User::STATUS_NEW;
                 $user->validationCode = $validationCode;
                 $user->save();
                 $body = file_get_contents(APP_PATH . '/templates/mails/verify_email.html');
                 $body = strtr($body, array("{{username}}" => $_POST['login'], "{{hostname}}" => \King23\Core\Registry::getInstance()->baseHost, "{{activationkey}}" => $validationCode));
                 $headers = "From: " . \King23\Core\Registry::getInstance()->sendFromEmail . "\r\n";
                 $headers .= "Reply-To: " . \King23\Core\Registry::getInstance()->sendFromEmail . "\r\n";
                 $headers .= "X-Mailer: PHP/" . phpversion();
                 mail($_POST['login'], "Kingboard Activation", $body, $headers);
                 $this->redirect('/');
             }
         } else {
             $this->_context['registration_failed'] = 'XSRF Token Invalid.';
         }
     }
     return $this->render('user/registration.html', $_POST);
 }

Example #2

File: User.php Project: kingboard/kingboard

 public function delete(array $params)
 {
     if (\Kingboard\Lib\Form::getXSRFToken() != $params['xsrf']) {
         return $this->error('xsrf token missmatch');
     }
     $user = \Kingboard\Lib\Auth\Auth::getUser();
     if (isset($user['keys'])) {
         $keys = $user['keys'];
         unset($keys[$params['keyid']]);
         $user->keys = $keys;
         $user->save();
     }
     $this->myKingboard(array());
 }

Example #3

File: OAuth2.php Project: kingboard/kingboard

 /**
  * this method is the one that should be called when the
  * user returns from the OAuth2 Provider, and will use the auth class set
  * in config to process the data
  * @param array $params should contain one key named key, identifying which key from the config to use for this provider
  * @return string
  */
 public function callback(array $params)
 {
     if ($_GET['state'] != \Kingboard\Lib\Form::getXSRFToken()) {
         return $this->error("XSRF Token mismatch");
     }
     try {
         $config = \King23\Core\Registry::getInstance()->oAuth2ProviderList[$params["key"]];
         $class = $config['auth_class'];
         $class::login($config);
         $this->redirect("/account/");
     } catch (\Exception $e) {
         $this->_context['login_failed'] = $e->getMessage();
         return $this->login($params);
     }
 }

Example #4

File: Base.php Project: kingboard/kingboard

 /**
  * constructor, should be called by all derived views
  * will cause redirect if $loginrequired and not logged in
  * @param bool $loginrequired
  */
 public function __construct($loginrequired = false)
 {
     if (isset($_COOKIE['PHPSESSID'])) {
         session_start();
     }
     if ($loginrequired && !Auth::isLoggedIn()) {
         session_start();
         $this->redirect("/login");
     }
     parent::__construct();
     $reg = Registry::getInstance();
     $this->_context['images'] = $reg->imagePaths;
     $this->_context['baseHost'] = $reg->baseHost;
     $this->_context['disqus'] = $reg->disqus;
     // ownerID, if this is an owned board, this should be filled, for public boards this needs to be false
     $this->_context['ownerID'] = $reg->ownerID;
     // ownerType, if this is an owned board, this should be filled, for public boards this doesn't matter
     $this->_context['ownerType'] = $reg->ownerType;
     // when user is logged in we provide user object to all pages, false otherwise
     $this->_context['user'] = Auth::getUser();
     // make sure all views have the XSRF Token available
     $this->_context['XSRF'] = Form::getXSRFToken();
     // Global Kingboard information
     // pass version information
     $this->_context['Kingboard']['Version'] = Kingboard::VERSION;
     // ownerName, use Kingboard if not set
     if (!is_null($reg->ownerName) && $reg->ownerName) {
         $this->_context['Kingboard']['Name'] = $reg->ownerName;
     } else {
         $this->_context['Kingboard']['Name'] = Kingboard::NAME;
     }
     // release name
     $this->_context['Kingboard']['ReleaseName'] = Kingboard::RELEASE_NAME;
     // pick bootstrap theme path from public/css/themes folder
     $this->_context['theme'] = !is_null($reg->theme) ? $reg->theme : "default";
     // set header image, fall back to default if non configured
     $this->_context['header_image'] = !is_null($reg->headerImage) ? $reg->headerImage : "/images/banner/kingboard.png";
     $debugbar = $reg->debugbar;
     if (!is_null($debugbar)) {
         $jsrenderer = new JavascriptRenderer($debugbar, '/DebugBar');
         $this->_context['debugbar_header'] = $jsrenderer->renderhead();
         $this->_context['debugbar'] = $jsrenderer->render();
     }
     // ingame browser check
     $this->_context['igb'] = $this->isIGB();
 }