PHP verify_nonce Examples

Example #1

File: settings.php Project: asalce/wp-ci

 function saveSettings()
 {
     if (verify_nonce()) {
         update_option('wpci_logging_threshold', $this->input->post('logging_threshold'));
         update_option('wpci_encryption_key', strip_tags($this->input->post('encryption_key')));
         update_option('wpci_get_slug', strip_tags($this->input->post('slug')));
         update_option('wpci_database_debugging_enabled', strip_tags($this->input->post('database_debugging_enabled')));
         update_option('wpci_ssl_enabled', $this->input->post('ssl_enabled'));
         update_option('wpci_application_debugging_enabled', strip_tags($this->input->post('application_debugging_enabled')));
         success('Settings <b>saved</b>.');
         redirect('index');
     }
 }

Example #2

File: index.php Project: srcclr-test-projects/login-seamless-checkout-demo

$html = '';
foreach ($buttons as $i => $text) {
    $active = $i === $fastFlow ? 'active' : '';
    $html .= '<button type="submit" class="btn ' . $active . '" name="fastFlow" value="' . $i . '">' . $text . ' flow</button>';
}
echo $html;
?>
			</div>
		</fieldset>

		<fieldset>
			<h5>Debug mode</h5>
			<p>Enabling <strong>debug mode</strong> will show the back-end HTTP calls made to PayPal.</p>
			<div class="btn-group checkout-flow" data-toggle="buttons-radio">
				<?php 
if (verify_nonce() && isset($_POST['debug_mode'])) {
    if ($_POST['debug_mode'] === '1') {
        $_SESSION['debug_mode'] = true;
        $debug_mode = 1;
    } else {
        $_SESSION['debug_mode'] = false;
        $debug_mode = 0;
    }
} elseif (isset($_SESSION['debug_mode']) && $_SESSION['debug_mode'] === true) {
    $debug_mode = 1;
} else {
    $_SESSION['debug_mode'] = false;
    $debug_mode = 0;
}
$buttons = array('normal', 'debug mode');
$html = '';

Example #3

File: session.php Project: 2bj/slim-common

/**
 * @param String (optional) Test a specific token; default will be taken from $_REQUEST['csrf']
 * @return boolean
 */
function verify_csrf($token = null)
{
    if (!$token && !empty($_SERVER['HTTP_X_CSRF'])) {
        $token = $_SERVER['HTTP_X_CSRF'];
    }
    if (!$token) {
        $token = $_REQUEST['csrf'];
    }
    return verify_nonce('csrf', $token);
}

Example #4

File: inc_functions.php Project: srcclr-test-projects/login-seamless-checkout-demo

/**
 * create merchant account
 * @return string error
 */
function create_account()
{
    if (!verify_nonce()) {
        return "Cross-site scripting detection error";
    }
    if (!isset($_POST['email']) || strlen($_POST['email']) == 0) {
        return "Email address not found.";
    }
    if (does_user_have_account($_POST['email'])) {
        return "Email account already exists.";
    }
    cull_accounts();
    try {
        global $pdo;
        $query = "INSERT INTO users VALUES(\n\t\t\t\t\t0,\n\t\t\t\t\tAES_ENCRYPT(:email,':aes_key'),\n\t\t\t\t\tAES_ENCRYPT(:password,':aes_key'),\n\t\t\t\t\tAES_ENCRYPT(:given_name,':aes_key'),\n\t\t\t\t\tAES_ENCRYPT(:family_name,':aes_key'),\n\t\t\t\t\tAES_ENCRYPT(:language,':aes_key'),\n\t\t\t\t\tAES_ENCRYPT(:phone_number,':aes_key'),\n\t\t\t\t\tAES_ENCRYPT(:street_address,':aes_key'),\n\t\t\t\t\tAES_ENCRYPT(:locality,':aes_key'),\n\t\t\t\t\tAES_ENCRYPT(:region,':aes_key'),\n\t\t\t\t\tAES_ENCRYPT(:postal_code,':aes_key'),\n\t\t\t\t\tAES_ENCRYPT(:country,':aes_key'),\n\t\t\t\t\tAES_ENCRYPT(:payer_id,':aes_key'),\n\t\t\t\t\tAES_ENCRYPT(:access_token,':aes_key'),\n\t\t\t\t\tNOW(),\n\t\t\t\t\tAES_ENCRYPT(:session_key,':aes_key')\n\t\t\t\t\t)";
        $query = str_replace(":aes_key", AES_KEY, $query);
        $sql = $pdo->prepare($query);
        $sql->bindParam(':email', $_POST['email'], PDO::PARAM_STR);
        $sql->bindParam(':password', $_POST['password'], PDO::PARAM_STR);
        $sql->bindParam(':given_name', $_POST['given_name'], PDO::PARAM_STR);
        $sql->bindParam(':family_name', $_POST['family_name'], PDO::PARAM_STR);
        $sql->bindParam(':language', $_POST['language'], PDO::PARAM_STR);
        $sql->bindParam(':phone_number', $_POST['phone_number'], PDO::PARAM_STR);
        $sql->bindParam(':street_address', $_POST['street_address'], PDO::PARAM_STR);
        $sql->bindParam(':locality', $_POST['locality'], PDO::PARAM_STR);
        $sql->bindParam(':region', $_POST['region'], PDO::PARAM_STR);
        $sql->bindParam(':postal_code', $_POST['postal_code'], PDO::PARAM_STR);
        $sql->bindParam(':country', $_POST['country'], PDO::PARAM_STR);
        $sql->bindParam(':payer_id', $_POST['payer_id'], PDO::PARAM_STR);
        $sql->bindParam(':access_token', $_POST['access_token'], PDO::PARAM_STR);
        $sql->bindParam(':session_key', $_COOKIE['session_key'], PDO::PARAM_STR);
        $sql->execute();
        set_user_logged_in($_POST['given_name'], $_POST['email']);
    } catch (Exception $e) {
        echo 'Foo' . $e->getMessage();
        return 'Error creating data: ' . $e->getMessage();
    }
    return null;
}

Example #5

File: receipt.php Project: srcclr-test-projects/login-seamless-checkout-demo

<?php

$title = 'Your receipt';
require 'inc_header.php';
?>

	<?php 
if (verify_nonce()) {
    try {
        $token = $_SESSION['user']['token'];
        $payerId = $_SESSION['user']['payer_id'];
        $amount = $_SESSION['user']['amt'];
        $_SESSION['user']['token'] = null;
        $_SESSION['user']['payer_id'] = null;
        $_SESSION['user']['amt'] = null;
        $params = array('method' => 'DoExpressCheckoutPayment', 'token' => $token, 'payerid' => $payerId, 'itemamt' => $amount, 'amt' => $amount, 'currencycode' => 'USD', 'paymentaction' => 'Sale', 'version' => PP_VERSION, 'user' => PP_USER, 'pwd' => PP_PWD, 'signature' => PP_SIGNATURE);
        $response = post_checkout($params);
        $checkoutDetails = parse_url_encoded($response);
        if ($checkoutDetails['ACK'] != 'Success') {
            $error = $checkoutDetails['L_LONGMESSAGE0'];
        }
    } catch (Exception $e) {
        $error = $e->getMessage();
    }
}
?>

	<?php 
if (isset($error)) {
    ?>
		<h2>Error</h2>

Example #6

File: codetester.php Project: relliance/easyphp-codetester-fix

 * member o2326570
 *
 * @author   Laurent Abbal <*****@*****.**>
 * @license  http://www.gnu.org/licenses/gpl-2.0.html  GPL License 2 
 * @link     http://www.easyphp.org
 */
include "i18n.inc.php";
/** 
 * Russell, 2012-11-10: nonce functionality relies on some function calls
 * located in functions.inc.php and needs sessions to operate
 * Also added a hidden input called nonce in rendered html below
 */
include "functions.inc.php";
session_start();
if (isset($_POST['to']) and $_POST['to'] == "interpretcode") {
    file_put_contents('codesource.php', verify_nonce() ? $_POST['sourcecode'] : 'Detected an invalid submit, maybe an exploit attempt (o2326570).');
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>[EasyPHP] Code</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" href="images_easyphp/easyphp_favicon.ico" />

<body style="margin:0px;padding:0px;background:#ffffff;font-family:arial, helvetica, sans-serif;">

<div style="margin:0px 0px 10px 0px;padding:10px;font-size:18px;font-weight:bold;text-align:center;background-color:#EEEEEE;">
	<a href="index.php" title="<?php 

Example #7

File: lib.php Project: imonroe/coldreader

function csfr_protection()
{
    // This function should be included in EVERY CONTROLLER FILE.
    // Otherwise, you're just asking for trouble.
    // The goal here is to secure the site against cross-site forgeries.
    // we're using nonces associated with the logged in user to make sure everything's A-OK. If not, we throw a 403 and die.
    $app = App::get_instance();
    if (verify_nonce()) {
        return true;
    } else {
        header('HTTP/1.0 403 Forbidden');
        echo "Your pathetic attempt at cross-site forgery has been detected and logged.  Your IP address is: " . $app['ana']->get_ip();
    }
}