/**
* Prepare download for package received via $_GET.
*
* @throws DownloadException
* If invalid data was sent or the package does not exists.
*/
public function prepare()
{
if (Session::getInstance()->appstate !== AppState::MARKET) {
throw new DownloadException('You need to log in and select a device before you can download.');
}
if (!valid_token()) {
throw new DownloadException('Invalid token.');
}
if (!isset($_GET['package'])) {
throw new DownloadException('Packkage name is required.');
}
$pattern = '^([a-zA-Z_]{1}[a-zA-Z0-9_]*(\\.[a-zA-Z_]{1}[a-zA-Z0-9_]*)*)?$';
if (preg_match("/{$pattern}/", $_GET['package']) !== 1) {
throw new DownloadException('Given package name is not a valid java name.');
}
// Fetch download information from google.
$download_info = Session::getInstance()->market->fetchDownloadInfo($_GET['package']);
$this->_prepare($download_info);
}
/**
* Sets the device id.
*
* @param Integer $id
* The device id.
*
* @throws DeviceException
* If invalid data was sent.
*/
public function deviceid($id)
{
if (Session::getInstance()->appstate !== AppState::LOGGEDIN) {
throw new DeviceException('You can\'t select a device now.');
}
if (!valid_token()) {
throw new DeviceException('Invalid token.');
}
if (empty($id)) {
throw new DeviceException('The device id is required.');
}
if (preg_match('/^[0-9a-fA-F]+$/', $id) !== 1) {
throw new DeviceException('The device id has to be a hexadecimal number.');
}
// Log into market with new device id.
Session::getInstance()->market = new AndroidMarket(Session::getInstance()->account, $id);
Session::getInstance()->appstate = AppState::MARKET;
$this->render();
}
function set_token()
{
$_SESSION['token'] = md5(microtime(true));
}
function valid_token()
{
$return = $_REQUEST['token'] === $_SESSION['token'] ? true : false;
set_token();
return $return;
}
//如果token为空则生成一个token
if (!isset($_SESSION['token']) || $_SESSION['token'] == '') {
set_token();
}
if (isset($_POST['submit'])) {
if (valid_token()) {
$mysqli = mysqli_connect("50.62.209.15", "tangjing", "A299792458b", "my_web");
if (!$mysqli) {
die('Could not connect: ' . mysql_error());
}
$sql = "INSERT INTO contact_form (author, email, message) VALUES (?,?,?)";
$stms = $mysqli->prepare($sql);
$stms->bind_param('sss', $_POST['author'], $_POST['email'], $_POST['text']);
$stms->execute();
if ($stms->affected_rows > 0) {
echo "<script>alert('successful!')</script>";
}
$stms->close();
$mysqli->close();
}
}
break;
case 'profile':
if (empty($user)) {
header('Location:' . sprintf('%s?action=login', SITE_URL));
}
if (isset($_POST['style'])) {
setcookie('style', $_POST['style'], 0, '/');
$style = style($_POST['style']);
}
$response = template('../templates/profile.php', ['site_url' => SITE_URL, 'style' => $style]);
break;
case 'save':
if (empty($user)) {
header('Location:' . sprintf('%s?action=login', SITE_URL));
}
$message_id = empty($_POST['message_id']) ? null : (int) $_POST['message_id'];
$message = empty($_POST['message']) ? null : $_POST['message'];
if (!empty($message) && valid_token($_POST['token'])) {
isset($message_id) ? update_message($connection, $message, $message_id) : insert_message($connection, $message, $user['id']);
}
header('Location:' . sprintf('%s?action=home&message_id=%d', SITE_URL, $message_id));
break;
default:
if (empty($user)) {
header('Location:' . sprintf('%s?action=login', SITE_URL));
}
$message_id = empty($_GET['message_id']) ? null : (int) $_GET['message_id'];
$messages = load_messages($connection, $message_id);
$response = template('../templates/home.php', ['messages' => $messages, 'token' => token(), 'style' => $style, 'site_url' => SITE_URL, 'message_id' => $message_id]);
}
echo empty($response) ? template('404.php') : $response;
session_start();
function set_token()
{
$_SESSION['token'] = md5(microtime(true));
}
function valid_token()
{
$return = $_REQUEST['token'] === $_SESSION['token'] ? true : false;
set_token();
return $return;
}
if (!isset($_SESSION['token']) || $_SESSION['token'] == '') {
set_token();
}
if (isset($_POST['test'])) {
if (!valid_token()) {
echo 'token error';
} else {
echo "成功提交,Value:" . $_POST['test'];
}
}
?>
<form action="" method="post" accept-charset="utf-8">
<input type="hidden" name="token" value="<?php
echo $_SESSION['token'];
?>
">
<input type="text" name="test" value="Default">
<input type="submit" name="" value="提交">
</form>
function have_write_access($listId = null)
{
return valid_token() && have_access('edit');
}
/**
* Log out user (destroy session).
*/
public function logout()
{
if (Session::getInstance()->appstate < AppState::LOGGEDIN) {
throw new AccountException('You can\'t logout because you\'re not logged in.');
}
if (!valid_token()) {
throw new AccountException('Invalid token.');
}
reset_session();
$this->render();
}
<?php
session_start();
ini_set('display_errors', 1);
error_reporting(E_ALL);
require '../blog.php';
define('SITE_URL', 'http://epic-blog/lesson%207/src/public/index.php');
$connection = connection(['host' => 'localhost', 'dbname' => 'blog', 'user' => 'root', 'password' => 'vagrant', 'encoding' => 'utf8']);
$login = empty($_REQUEST['login']) ? null : $_REQUEST['login'];
$password = empty($_REQUEST['password']) ? null : $_REQUEST['password'];
$user = user();
if (!empty($_REQUEST['action']) && $_REQUEST['action'] === 'login' && valid_token($_REQUEST['token'])) {
$user = user($connection, $login, $password);
}
if (empty($user)) {
echo template('templates/authorization.php', ['token' => token(), 'login' => $login, 'site_url' => SITE_URL]);
exit;
}
$message_id = empty($_REQUEST['message_id']) ? null : (int) $_REQUEST['message_id'];
$message = empty($_REQUEST['message']) ? null : $_REQUEST['message'];
if (!empty($message) && valid_token($_REQUEST['token'])) {
isset($message_id) ? update_message($connection, $message, $message_id) : insert_message($connection, $message, 0);
header('Location:' . SITE_URL);
}
$messages = load_messages($connection, $message_id);
$style = style($_COOKIE['style']);
echo template('templates/home.php', ['messages' => $messages, 'token' => token(), 'style' => $style, 'site_url' => SITE_URL, 'message_id' => $message_id]);
