*/ include_once "./_common.php"; @(include_once "./JSON.php"); if (!function_exists('json_encode')) { function json_encode($data) { $json = new Services_JSON(); return $json->encode($data); } } @ini_set('gd.jpeg_ignore_warning', 1); $ym = date('ym', G5_SERVER_TIME); $data_dir = G5_DATA_PATH . '/editor/' . $ym . '/'; $data_url = G5_DATA_URL . '/editor/' . $ym . '/'; @mkdir($data_dir, G5_DIR_PERMISSION); @chmod($data_dir, G5_DIR_PERMISSION); if (!function_exists('ft_nonce_is_valid')) { include_once '../../../editor.lib.php'; } $is_editor_upload = false; if (isset($_GET['_nonce']) && ft_nonce_is_valid($_GET['_nonce'], 'smarteditor')) { $is_editor_upload = true; } if ($is_editor_upload) { require 'UploadHandler.php'; $options = array('upload_dir' => $data_dir, 'upload_url' => $data_url, 'image_versions' => array()); $upload_handler = new UploadHandler($options); } else { echo json_encode(array('files' => array('0' => array('error' => '정상적인 업로드가 아닙니다.')))); exit; }
//post $error = ''; if (!empty($_POST['MM_Insert']) && !empty($_SESSION['_nonce'])) { try { $latitude = $_POST['lat']; $longitude = $_POST['lng']; if (empty($_POST['title'])) { throw new Exception('Please fill the title. '); } if (empty($_POST['description'])) { throw new Exception('Please fill the description. '); } if (empty($_POST['categories'])) { throw new Exception('Please choose category. '); } if (!ft_nonce_is_valid($_POST['_nonce'], $nonce_key . $_SESSION['_nonce'], $_SESSION['user']['id'])) { throw new Exception('Invalid Request'); } if (empty($error)) { //submit the form $url = APIHTTPPATH . '/help/services/add'; $params = $_POST; $params['uid'] = $_SESSION['user']['id']; $params['city_id'] = $city_id; $POSTFIELDS = http_build_query($params); $return = curlget($url, 1, $POSTFIELDS); $data = json_decode($return, 1); if ($data['success'] == 0) { $error = $data['msg']; } else { unset($_POST);
<title>Example use of FT-NONCE-LIBRARY</title> </head> <body> <?php if (isset($_POST['form_submitted'])) { if (isset($_POST['button_one']) && ft_nonce_is_valid($_POST['_nonce'], 'button-one')) { echo "<p>Button One Validated!</p>"; } elseif (isset($_POST['button_two']) && ft_nonce_is_valid($_POST['_nonce'], 'button-two')) { echo "<p>Button Two Validated!</p>"; } else { echo "<p>Form Not Validated! You do not have permission to do this!<p>"; } } elseif (isset($_GET['_nonce'])) { if (ft_nonce_is_valid($_GET['_nonce'], 'link-one')) { echo "<p>Link One Validated!</p>"; } elseif (ft_nonce_is_valid($_GET['_nonce'], 'link-two')) { echo "<p>Link Two Validated!</p>"; } else { echo "<p>Link Not Validated! You do not have permission to do this!<p>"; } } ?> <h3>Form Examples</h3> <form action="" method="post" > <input type='submit' name='button_one' value="Button One" /> <input type='hidden' name='form_submitted' value='1' /> <?php ft_nonce_create_form_input('button-one'); ?> </form> <br />