Copyright 1999-2016 Horde LLC (http://www.horde.org/)
See the enclosed file COPYING for license information (LGPL). If you
did not receive this file, see http://www.horde.org/licenses/lgpl21.
/**
* Check if a token for a form is valid.
*
* @since Horde 3.2
*/
function checkRequestToken($slug, $token)
{
require_once 'Horde/Token.php';
if (isset($GLOBALS['conf']['token'])) {
/* If there is a configured token system, set it up. */
$tokenSource = Horde_Token::factory($GLOBALS['conf']['token']['driver'], Horde::getDriverConfig('token', $GLOBALS['conf']['token']['driver']));
} else {
/* Default to the file system if no config. */
$tokenSource = Horde_Token::factory('file');
}
if (!$tokenSource->verify($token)) {
return PEAR::raiseError(_("This form has already been processed."));
}
if (empty($_SESSION['horde_form_secrets'][$token])) {
return PEAR::raiseError(_("Required secret is invalid - potentially malicious request."));
}
return true;
}
function preserve($vars)
{
if ($this->_useFormToken) {
$token = Horde_Token::generateId($this->_name);
$GLOBALS['session']->set('horde', 'form_secrets/' . $token, true);
$this->_preserveVarByPost($this->_name . '_formToken', $token);
}
$variables = $this->getVariables();
foreach ($variables as $var) {
$varname = $var->getVarName();
/* Save value of individual components. */
switch ($var->getTypeName()) {
case 'passwordconfirm':
case 'emailconfirm':
$this->preserveVarByPost($vars, $varname . '[original]');
$this->preserveVarByPost($vars, $varname . '[confirm]');
break;
case 'monthyear':
$this->preserveVarByPost($vars, $varname . '[month]');
$this->preserveVarByPost($vars, $varname . '[year]');
break;
case 'monthdayyear':
$this->preserveVarByPost($vars, $varname . '[month]');
$this->preserveVarByPost($vars, $varname . '[day]');
$this->preserveVarByPost($vars, $varname . '[year]');
break;
}
$this->preserveVarByPost($vars, $varname);
}
foreach ($this->_hiddenVariables as $var) {
$this->preserveVarByPost($vars, $var->getVarName());
}
}
public function renderActive($form, $action, $method = 'get', $enctype = null, $focus = true)
{
$this->_name = $form->getName();
echo "<form class=\"horde-form\" action=\"{$action}\" method=\"{$method}\"" . (empty($this->_name) ? '' : ' id="' . $this->_name . '"') . (is_null($this->_enctype) ? '' : ' enctype="' . $this->_enctype . '"') . ">\n";
echo Horde_Util::formInput();
$this->listFormVars($form);
if (!empty($this->_name)) {
$this->_preserveVarByPost('formname', $this->_name);
}
if ($form->useToken()) {
$this->_preserveVarByPost($this->_name . '_formToken', Horde_Token::generateId($this->_name));
}
if (count($form->getSections())) {
$this->_preserveVarByPost('__formOpenSection', $form->getOpenSection());
}
$vars = $form->getVars();
$variables = $form->getVariables();
foreach ($variables as $var) {
if ($var->getOption('trackchange')) {
$varname = $var->getVarName();
$this->preserveVarByPost($vars, $varname, '__old_' . $varname);
}
}
foreach ($form->getHiddenVariables() as $var) {
$this->preserveVarByPost($vars, $var->getVarName());
}
$this->_renderBeginActive($form->getTitle());
$this->_renderForm($form, true);
$this->submit($this->_submit, $this->_reset);
echo "\n</fieldset>\n</form>\n";
if ($focus && !empty($this->_firstField)) {
echo '<script type="text/javascript">
try {
document.getElementById("' . $this->_firstField . '").focus();
} catch (e) {}
</script>
';
}
}
