/** * Check a security token. * * Checks the POST and GET data for a security token, if one exists, validates * that it's for this user and URL. If the token is not valid, it asks the user * to re-authenticate and resends the request if authentication was successful. * * @return boolean true if the token is valid; does not return if not! * */ function SEC_checkToken() { global $_CONF, $LANG20, $LANG_ADMIN; if (_sec_checkToken()) { SEC_createToken(-1); return true; } // determine the destination of this request $destination = COM_getCurrentURL(); // validate the destination is not blank and is part of our site... if ($destination == '') { $destination = $_CONF['site_url'] . '/index.php'; } if (substr($destination, 0, strlen($_CONF['site_url'])) != $_CONF['site_url']) { $destination = $_CONF['site_url'] . '/index.php'; } $method = strtoupper($_SERVER['REQUEST_METHOD']) == 'GET' ? 'GET' : 'POST'; $postdata = serialize($_POST); $getdata = serialize($_GET); $filedata = ''; if (!empty($_FILES)) { foreach ($_FILES as $key => $file) { if (is_array($file['name'])) { foreach ($file['name'] as $offset => $filename) { if (!empty($file['name'][$offset])) { $filename = basename($file['tmp_name'][$offset]); move_uploaded_file($file['tmp_name'][$offset], $_CONF['path_data'] . 'temp/' . $filename); $_FILES[$key]['tmp_name'][$offset] = $filename; } } } else { if (!empty($file['name']) && !empty($file['tmp_name'])) { $filename = basename($file['tmp_name']); move_uploaded_file($file['tmp_name'], $_CONF['path_data'] . 'temp/' . $filename); $_FILES[$key]['tmp_name'] = $filename; } } } $filedata = serialize($_FILES); } SESS_setVar('glfusion.auth.method', $method); SESS_setVar('glfusion.auth.dest', $destination); SESS_setVar('glfusion.auth.post', $postdata); SESS_setVar('glfusion.auth.get', $getdata); if (!empty($filedata)) { SESS_setVar('glfusion.auth.file', $filedata); } $display = COM_siteHeader(); $display .= SEC_tokenreauthForm('', $destination); $display .= COM_siteFooter(); echo $display; exit; }
} if (isset($_POST['captcha'])) { $str = COM_applyFilter($_POST['captcha']); } else { $str = ''; } COM_updateSpeedlimit('tokenexpired'); list($rc, $msg) = CAPTCHA_checkInput($str, 'token'); if ($rc == 1) { _rebuild_data(); unset($_POST['loginname']); COM_clearSpeedlimit(0, 'tokenexpired'); return; } $display = COM_siteHeader(); $display .= SEC_tokenreauthForm($LANG_ACCESS['validation_failed'], $desturl); $display .= COM_siteFooter(); echo $display; exit; break; } function _rebuild_data() { global $_CONF; $method = ''; if (SESS_isSet('glfusion.auth.method')) { $method = SESS_getVar('glfusion.auth.method'); SESS_unSet('glfusion.auth.method'); } $postdata = ''; if (SESS_isSet('glfusion.auth.post')) {