/** * Help Link * * Type: insert<br> * Name: csrf_token * Date: April 26, 2011 * Purpose: Returns session CSRF token. * Input: key * Example: {insert name="csrf_token"} * @license http://www.gnu.org/licenses/gpl.html * @copyright 2011-2012 Mark Wilkie * @version 1.0 */ function smarty_insert_csrf_token($params, &$smarty) { $csrf_token = Session::getCSRFToken(); if (isset($csrf_token)) { return sprintf('<input type="hidden" name="csrf_token" value="%s" />', $csrf_token); } else { return '<!-- Error: no csrf token found in session -->'; } }
/** * Validate the CSRF token passed in the request data. * @throws invalid InvalidCSRFTokenException * @return bool True if $_POST['csrf_token'] or $_GET['csrf_token'] is valid */ public function validateCSRFToken() { $token = 'no token passed'; if (isset($_POST['csrf_token'])) { $token = $_POST['csrf_token']; } else { if (isset($_GET['csrf_token'])) { $token = $_GET['csrf_token']; } } $session_token = Session::getCSRFToken(); if ($session_token && $session_token == $token) { return true; } else { throw new InvalidCSRFTokenException($token); } }
public function testGetCSRFToken() { $val = array(); $val["id"] = 10; $val["user_name"] = 'testuser'; $val["full_name"] = 'Test User'; $val['email'] = '*****@*****.**'; $val['last_login'] = '******'; $val["is_admin"] = 0; $val["is_activated"] = 1; $val["failed_logins"] = 0; $val["account_status"] = ''; $owner = new Owner($val); $session = new Session(); $this->assertNull($session->getCSRFToken()); $session->completeLogin($owner); $this->assertNotNull($session->getCSRFToken()); }
public function testGetCSRFToken() { $val = array(); $val["id"] = 10; $val["user_name"] = 'testuser'; $val["full_name"] = 'Test User'; $val['email'] = '*****@*****.**'; $val['last_login'] = '******'; $val["is_admin"] = 0; $val["is_activated"] = 1; $val["failed_logins"] = 0; $val["account_status"] = ''; $val["timezone"] = 'America/New_York'; $val["joined"] = date('Y-m-d'); $val["api_key"] = ''; $val["api_key_private"] = ''; $val["email_notification_frequency"] = 'daily'; $val["membership_level"] = 0; $owner = new Owner($val); $session = new Session(); $this->assertNull($session->getCSRFToken()); $session->completeLogin($owner); $this->assertNotNull($session->getCSRFToken()); }