NoCsrf::generate, Extension PHP Code-Beispiele

Beispiel #1

0

Datei anzeigen

Datei: edit.php Projekt: rundiz/fuel-start

 public function action_deleteAvatar()
 {
     // get account id from cookie
     $account = new \Model_Accounts();
     $cookie = $account->getAccountCookie();
     if (\Input::method() == 'POST') {
         if (!\Extension\NoCsrf::check()) {
             // validate token failed
             $output['form_status'] = 'error';
             $output['form_status_message'] = \Lang::get('fslang_invalid_csrf_token');
             $output['result'] = false;
         } else {
             if (!isset($cookie['account_id']) || \Model_Accounts::isMemberLogin() == false) {
                 $output['result'] = false;
             } else {
                 $output['result'] = true;
                 $account->deleteAccountAvatar($cookie['account_id']);
             }
         }
     }
     unset($account, $cookie);
     if (\Input::is_ajax()) {
         // re-generate csrf token for ajax form to set new csrf.
         $output['csrf_html'] = \Extension\NoCsrf::generate();
         $response = new \Response();
         $response->set_header('Content-Type', 'application/json');
         $response->body(json_encode($output));
         return $response;
     } else {
         if (\Input::referrer() != null && \Input::referrer() != \Uri::main()) {
             \Response::redirect(\Input::referrer());
         } else {
             \Response::redirect(\Uri::base());
         }
     }
 }

Beispiel #2

0

Datei anzeigen

Datei: index_v.php Projekt: rundiz/fuel-start

    ?>
 
        <div class="alert alert-<?php 
    echo str_replace('error', 'danger', $form_status);
    ?>
"><button type="button" class="close" data-dismiss="alert">&times;</button><?php 
    echo $form_status_message;
    ?>
</div>
        <?php 
}
?>
 
    </div>
    <?php 
echo \Extension\NoCsrf::generate();
?>
 

    <div class="table-responsive">
        <table class="table table-striped table-hover list-logins-table table-sortable">
            <thead>
                <tr>
                    <th class="check-column"><input type="checkbox" name="id_all" value="" onclick="checkAll(this.form,'id[]',this.checked)" /></th>
                    <th style="width: 24px;"></th>
                    <th><?php 
echo __('accountlv_level_priority');
?>
 <span class="glyphicon glyphicon-question-sign bootstrap-tooltip" data-toggle="tooltip" data-original-title="<?php 
echo __('accountlv_higher_priority_will_come_first');
?>

Beispiel #3

0

Datei anzeigen

Datei: login.php Projekt: rundiz/fuel-start

 public function action_index()
 {
     // load language
     \Lang::load('admin');
     \Lang::load('account');
     // load config from db.
     $cfg_values = array('member_max_login_fail', 'member_login_fail_wait_time');
     $config = Model_Config::getvalues($cfg_values);
     $output['config'] = $config;
     unset($cfg_values);
     // set active theme for admin. this controller is not based on admin controller, then it is require to set to admin theme.
     $theme = \Theme::instance();
     $theme->active($this->theme_system_name);
     // set login redirect
     if (\Input::get('rdr') != null) {
         $output['go_to'] = urlencode(\Input::get('rdr'));
     } else {
         $output['go_to'] = urlencode(\Uri::create('admin'));
     }
     // read flash message for display errors. this is REQUIRED if you coding the check login with simultaneous login detection on.
     // this is REQUIRED in login page. because failed 'is login' check will redirect to here.
     $form_status = \Session::get_flash('form_status');
     if (isset($form_status['form_status']) && isset($form_status['form_status_message'])) {
         $output['form_status'] = $form_status['form_status'];
         $output['form_status_message'] = $form_status['form_status_message'];
     }
     unset($form_status);
     // count login fail and show captcha.
     if (\Session::get('login_all_fail_count', '0') >= $this->login_fail_time_show_captcha || \Session::get('show_captcha', false) === true) {
         $output['show_captcha'] = true;
         // if last time login failed is over wait time, reset it
         if ((time() - \Session::get('login_all_fail_time', time())) / 60 > $config['member_login_fail_wait_time']['value']) {
             // reset captcha requirement and wait time.
             \Session::set('login_all_fail_count', \Session::get('login_all_fail_count') - ($this->login_fail_time_show_captcha + 1));
             // do not reset this, just reduce to fail time show captcha+1. doing this to prevent brute force attack.
             \Session::delete('login_all_fail_time');
             \Session::delete('show_captcha');
         }
     }
     // browser check
     $output['browser_check'] = $this->browserCheck();
     // if form submitted --------------------------------------------------------------------------------------------
     if (\Input::method() == 'POST') {
         // store data for login
         $data['account_identity'] = trim(\Input::post('account_identity'));
         if (strpos($data['account_identity'], '@') === false) {
             $data['account_username'] = $data['account_identity'];
         } else {
             $data['account_email'] = $data['account_identity'];
         }
         $data['account_password'] = trim(\Input::post('account_password'));
         // validate form.
         $validate = \Validation::forge();
         // check username or email required
         $validate->add('account_identity', \Lang::get('account_username_or_email'), array(), array('required'));
         $validate->add('account_password', \Lang::get('account_password'), array(), array('required'));
         if (!\Extension\NoCsrf::check()) {
             // validate token failed
             $output['form_status'] = 'error';
             $output['form_status_message'] = \Lang::get('fslang_invalid_csrf_token');
             $output['input_csrf_token'] = \Extension\NoCsrf::generate();
         } elseif (!$validate->run()) {
             // validate failed
             $output['form_status'] = 'error';
             $output['form_status_message'] = $validate->show_errors();
             if (\Input::is_ajax()) {
                 $response = new \Response();
                 $response->set_header('Content-Type', 'application/json');
                 $response->body(json_encode($output));
                 return $response;
             }
         } else {
             // count login failed and wait if it was exceed max failed allowed.
             if (\Session::get('login_all_fail_count', '0') > $config['member_max_login_fail']['value'] && (time() - \Session::get('login_all_fail_time', time())) / 60 <= $config['member_login_fail_wait_time']['value']) {
                 // continuous login failed over max fail limit.
                 $result = Lang::get('account_login_failed_too_many', array('wait_minute' => $config['member_login_fail_wait_time']['value'], 'wait_til_time' => date('d F Y H:i:s', time() + $config['member_login_fail_wait_time']['value'] * 60)));
             } else {
                 // not reach maximum limit
                 // check if show captcha
                 if (isset($output['show_captcha']) && $output['show_captcha'] === true) {
                     include APPPATH . 'vendor' . DS . 'securimage' . DS . 'securimage.php';
                     $securimage = new \Securimage();
                     if ($securimage->check(\Input::post('captcha')) == false) {
                         $result = \Lang::get('account_wrong_captcha_code');
                     }
                 }
                 // try to login. ---------------------------------------------
                 if (!isset($result) || isset($result) && $result == null) {
                     $result = \Model_Accounts::adminLogin($data);
                 }
             }
             // check login result ----------------------------------------------
             if ($result === true) {
                 // success
                 $all_fail_count = 0;
                 \Session::delete('login_all_fail_count');
                 \Session::delete('login_all_fail_time');
                 \Session::delete('show_captcha');
                 if (\Input::is_ajax()) {
                     $output['login_status'] = true;
                     $output['form_status'] = 'success';
                     $output['form_status_message'] = \Lang::get('account_login_success');
                     if (!isset($output['go_to'])) {
                         $output['go_to'] = \Uri::main();
                     } else {
                         $output['go_to'] = urldecode($output['go_to']);
                     }
                     $response = new \Response();
                     $response->set_header('Content-Type', 'application/json');
                     $response->body(json_encode($output));
                     return $response;
                 } else {
                     if (isset($output['go_to'])) {
                         \Response::redirect(urldecode($output['go_to']));
                     } else {
                         \Response::redirect(\Uri::base());
                     }
                 }
             } else {
                 // failed
                 $all_fail_count = \Session::get('login_all_fail_count', '0') + 1;
                 \Session::set('login_all_fail_count', $all_fail_count);
                 \Session::set('login_all_fail_time', time());
                 // if login fail count more than or equal to fail time show captcha
                 if ($all_fail_count >= $this->login_fail_time_show_captcha) {
                     $output['show_captcha'] = true;
                     \Session::set('show_captcha', true);
                 }
                 $output['form_status'] = 'error';
                 $output['form_status_message'] = $result;
                 if (\Input::is_ajax()) {
                     $response = new \Response();
                     $response->set_header('Content-Type', 'application/json');
                     $response->body(json_encode($output));
                     return $response;
                 }
             }
         }
         // re-populate form
         $output['account_identity'] = $data['account_identity'];
     }
     // <head> output ----------------------------------------------------------------------------------------------
     $output['page_title'] = $this->generateTitle(\Lang::get('account_login'));
     $output['page_meta'][] = '<meta name="robots" content="noindex, nofollow" />';
     // <head> output ----------------------------------------------------------------------------------------------
     // breadcrumb -------------------------------------------------------------------------------------------------
     $page_breadcrumb = [];
     $page_breadcrumb[0] = ['name' => \Lang::get('admin_admin_home'), 'url' => \Uri::create('admin')];
     $page_breadcrumb[1] = ['name' => \Lang::get('account_login'), 'url' => \Uri::create('admin/login')];
     $output['page_breadcrumb'] = $page_breadcrumb;
     unset($page_breadcrumb);
     // breadcrumb -------------------------------------------------------------------------------------------------
     if (\Input::is_ajax()) {
         $response = new \Response();
         $response->set_header('Content-Type', 'application/json');
         $response->body(json_encode($output));
         return $response;
     } else {
         return $theme->view('admin/templates/login/index_v', $output, false);
     }
 }

Beispiel #4

0

Datei anzeigen

Datei: login_v.php Projekt: rundiz/fuel-start

<?php

$nocsrf_form_input = \Extension\NoCsrf::generate();
?>
 
<article class="general-page-container">
    <h1><?php 
echo __('account_login');
?>
</h1>
    
    <?php 
echo \Form::open(array('action' => \Uri::main() . (isset($go_to) ? '?rdr=' . $go_to : ''), 'class' => 'form-horizontal', 'role' => 'form'));
?>
 
        <div class="form-status-placeholder">
            <?php 
if (isset($form_status) && isset($form_status_message)) {
    ?>
 
            <div class="alert alert-<?php 
    echo str_replace('error', 'danger', $form_status);
    ?>
"><button type="button" class="close" data-dismiss="alert">&times;</button><?php 
    echo $form_status_message;
    ?>
</div>
            <?php 
}
?>

Beispiel #5

0

Datei anzeigen

Datei: inc_html_head.php Projekt: rundiz/fuel-start

 
        
        <script type="text/javascript">
            // required js variables for use in .js file.
            var base_url = '<?php 
echo \Uri::base(false);
?>
';
            var site_url = '<?php 
echo getRootSiteURL();
?>
';
            var theme_assets = '<?php 
echo Uri::createNL(\Theme::instance()->asset_path(''));
?>
';
            var csrf_name = '<?php 
echo \Config::get('security.csrf_token_key');
?>
';
            var nocsrf_val = '<?php 
echo \Extension\NoCsrf::generate('', true);
?>
';
        </script>
    </head>
    <body class="html-body<?php 
echo $pc_class . ' ' . $page_class;
?>
">

Beispiel #6

0

Datei anzeigen

Datei: form_v.php Projekt: rundiz/fuel-start

<?php

$nocsrf_form_value = \Extension\NoCsrf::generate(null, true);
?>
<h1><?php 
echo \Uri::segment(3) == 'add' ? __('account_add') : __('account_edit');
?>
</h1>

<?php 
echo \Extension\Form::openMultipart(array('class' => 'form-horizontal', 'role' => 'form'));
?>
 
    <div class="form-status-placeholder">
        <?php 
if (isset($form_status) && isset($form_status_message)) {
    ?>
 
        <div class="alert alert-<?php 
    echo str_replace('error', 'danger', $form_status);
    ?>
"><button type="button" class="close" data-dismiss="alert">&times;</button><?php 
    echo $form_status_message;
    ?>
</div>
        <?php 
}
?>
 
    </div>
    <div class="hidden csrf-container">

PHP Extension NoCsrf::generate Beispiele