/** * Prepare download for package received via $_GET. * * @throws DownloadException * If invalid data was sent or the package does not exists. */ public function prepare() { if (Session::getInstance()->appstate !== AppState::MARKET) { throw new DownloadException('You need to log in and select a device before you can download.'); } if (!valid_token()) { throw new DownloadException('Invalid token.'); } if (!isset($_GET['package'])) { throw new DownloadException('Packkage name is required.'); } $pattern = '^([a-zA-Z_]{1}[a-zA-Z0-9_]*(\\.[a-zA-Z_]{1}[a-zA-Z0-9_]*)*)?$'; if (preg_match("/{$pattern}/", $_GET['package']) !== 1) { throw new DownloadException('Given package name is not a valid java name.'); } // Fetch download information from google. $download_info = Session::getInstance()->market->fetchDownloadInfo($_GET['package']); $this->_prepare($download_info); }
/** * Sets the device id. * * @param Integer $id * The device id. * * @throws DeviceException * If invalid data was sent. */ public function deviceid($id) { if (Session::getInstance()->appstate !== AppState::LOGGEDIN) { throw new DeviceException('You can\'t select a device now.'); } if (!valid_token()) { throw new DeviceException('Invalid token.'); } if (empty($id)) { throw new DeviceException('The device id is required.'); } if (preg_match('/^[0-9a-fA-F]+$/', $id) !== 1) { throw new DeviceException('The device id has to be a hexadecimal number.'); } // Log into market with new device id. Session::getInstance()->market = new AndroidMarket(Session::getInstance()->account, $id); Session::getInstance()->appstate = AppState::MARKET; $this->render(); }
function set_token() { $_SESSION['token'] = md5(microtime(true)); } function valid_token() { $return = $_REQUEST['token'] === $_SESSION['token'] ? true : false; set_token(); return $return; } //如果token为空则生成一个token if (!isset($_SESSION['token']) || $_SESSION['token'] == '') { set_token(); } if (isset($_POST['submit'])) { if (valid_token()) { $mysqli = mysqli_connect("50.62.209.15", "tangjing", "A299792458b", "my_web"); if (!$mysqli) { die('Could not connect: ' . mysql_error()); } $sql = "INSERT INTO contact_form (author, email, message) VALUES (?,?,?)"; $stms = $mysqli->prepare($sql); $stms->bind_param('sss', $_POST['author'], $_POST['email'], $_POST['text']); $stms->execute(); if ($stms->affected_rows > 0) { echo "<script>alert('successful!')</script>"; } $stms->close(); $mysqli->close(); } }
break; case 'profile': if (empty($user)) { header('Location:' . sprintf('%s?action=login', SITE_URL)); } if (isset($_POST['style'])) { setcookie('style', $_POST['style'], 0, '/'); $style = style($_POST['style']); } $response = template('../templates/profile.php', ['site_url' => SITE_URL, 'style' => $style]); break; case 'save': if (empty($user)) { header('Location:' . sprintf('%s?action=login', SITE_URL)); } $message_id = empty($_POST['message_id']) ? null : (int) $_POST['message_id']; $message = empty($_POST['message']) ? null : $_POST['message']; if (!empty($message) && valid_token($_POST['token'])) { isset($message_id) ? update_message($connection, $message, $message_id) : insert_message($connection, $message, $user['id']); } header('Location:' . sprintf('%s?action=home&message_id=%d', SITE_URL, $message_id)); break; default: if (empty($user)) { header('Location:' . sprintf('%s?action=login', SITE_URL)); } $message_id = empty($_GET['message_id']) ? null : (int) $_GET['message_id']; $messages = load_messages($connection, $message_id); $response = template('../templates/home.php', ['messages' => $messages, 'token' => token(), 'style' => $style, 'site_url' => SITE_URL, 'message_id' => $message_id]); } echo empty($response) ? template('404.php') : $response;
session_start(); function set_token() { $_SESSION['token'] = md5(microtime(true)); } function valid_token() { $return = $_REQUEST['token'] === $_SESSION['token'] ? true : false; set_token(); return $return; } if (!isset($_SESSION['token']) || $_SESSION['token'] == '') { set_token(); } if (isset($_POST['test'])) { if (!valid_token()) { echo 'token error'; } else { echo "成功提交,Value:" . $_POST['test']; } } ?> <form action="" method="post" accept-charset="utf-8"> <input type="hidden" name="token" value="<?php echo $_SESSION['token']; ?> "> <input type="text" name="test" value="Default"> <input type="submit" name="" value="提交"> </form>
function have_write_access($listId = null) { return valid_token() && have_access('edit'); }
/** * Log out user (destroy session). */ public function logout() { if (Session::getInstance()->appstate < AppState::LOGGEDIN) { throw new AccountException('You can\'t logout because you\'re not logged in.'); } if (!valid_token()) { throw new AccountException('Invalid token.'); } reset_session(); $this->render(); }
<?php session_start(); ini_set('display_errors', 1); error_reporting(E_ALL); require '../blog.php'; define('SITE_URL', 'http://epic-blog/lesson%207/src/public/index.php'); $connection = connection(['host' => 'localhost', 'dbname' => 'blog', 'user' => 'root', 'password' => 'vagrant', 'encoding' => 'utf8']); $login = empty($_REQUEST['login']) ? null : $_REQUEST['login']; $password = empty($_REQUEST['password']) ? null : $_REQUEST['password']; $user = user(); if (!empty($_REQUEST['action']) && $_REQUEST['action'] === 'login' && valid_token($_REQUEST['token'])) { $user = user($connection, $login, $password); } if (empty($user)) { echo template('templates/authorization.php', ['token' => token(), 'login' => $login, 'site_url' => SITE_URL]); exit; } $message_id = empty($_REQUEST['message_id']) ? null : (int) $_REQUEST['message_id']; $message = empty($_REQUEST['message']) ? null : $_REQUEST['message']; if (!empty($message) && valid_token($_REQUEST['token'])) { isset($message_id) ? update_message($connection, $message, $message_id) : insert_message($connection, $message, 0); header('Location:' . SITE_URL); } $messages = load_messages($connection, $message_id); $style = style($_COOKIE['style']); echo template('templates/home.php', ['messages' => $messages, 'token' => token(), 'style' => $style, 'site_url' => SITE_URL, 'message_id' => $message_id]);