/**
* Gatekeeper function that validates input forms and prevents csrf attacks.
* Call this from your form action code.
*
* @param string $targetURL The URL of the form action that brought us here.
* @param boolean $haltExecutionOnBadRequest If set to true, the function halts all execution if the form doesn't validate. (True by default.)
* @return true|false
*/
public static function validateToken($action = '', $haltExecutionOnBadRequest = true)
{
if (Idno::site()->session()->isAPIRequest()) {
return true;
}
return parent::validateToken($action, $haltExecutionOnBadRequest);
}
<?php
if (empty($vars['time'])) {
$vars['time'] = time();
}
?>
<input type="hidden" name="__bTs" value="<?php
echo $vars['time'];
?>
" />
<input type="hidden" name="__bTk" value="<?php
echo \Bonita\Forms::token($vars['action'], $vars['time']);
?>
" />
<input type="hidden" name="__bTa" value="<?php
echo htmlentities($vars['action']);
?>
" />
<?php
/**
* Howdy!
This is a really simple example of how to use forms.
If you haven't already, check out index.php first.
*/
// Load Bonita
require_once dirname(dirname(__FILE__)) . '/start.php';
// Add this directory as an additional path
\Bonita\Main::additionalPath(dirname(__FILE__));
// Instantiate template
$t = new \Bonita\Templates();
// Set the body
$t->body = $t->draw('pages/forms');
// Was the form already submitted?
if (\Bonita\Forms::formSubmitted()) {
// If so, validate the form token (to prevent nefarious tomfoolery)
if (\Bonita\Forms::validateToken()) {
// If the action completed, set the body to our form submission template
$t->body = $t->draw('pages/example/formsubmitted');
}
}
// Draw the page
$t->__(array('title' => 'Forms example'))->drawPage();
