/**
* Check the CSRF token on form submission
* Assigned by setCSRF method.
*
* @return bool
* @throws Exception
*/
public function checkCSRF()
{
if ($_POST && isset($_POST['csrf_token'])) {
$validCSRF = NoCSRF::check('csrf_token', $_POST);
unset($_POST['csrf_token']);
return $validCSRF;
}
return false;
}
function test_csrf()
{
try {
NoCSRF::check('csrf_token', $_POST, true, 60 * 10, false);
} catch (Exception $e) {
$result = $e->getMessage() . ' Form ignored.';
echo $result;
exit;
}
}
private function handleNoCSRF()
{
require_once 'green_nocsrf.php';
# first look for forms
if (!empty($_POST) && count($_POST) > 0) {
try {
NoCSRF::check('gwc_csrf', $_POST, true, 60 * 10, false);
} catch (Exception $e) {
throw new Exception('Invalid form request detected');
}
}
# generate token
$this->CSRF_TOKEN = NoCSRF::generate('gwc_csrf');
}
if (isset($_POST['field'])) {
try {
// Run CSRF check, on POST data, in exception mode, for 10 minutes, in one-time mode.
NoCSRF::check('csrf_token', $_POST, true, 60 * 10, false);
// form parsing, DB inserts, etc.
// ...
$result = 'CSRF check passed. Form parsed.';
} catch (Exception $e) {
// CSRF attack detected
$result = $e->getMessage() . ' Form ignored.';
}
} else {
$result = 'No post data yet.';
}
// Generate CSRF token to use in form hidden field
$token = NoCSRF::generate('csrf_token');
?>
<h1>CSRF sandbox</h1>
<pre style="color: red"><?php
echo $result;
?>
</pre>
<form name="csrf_form" action="#" method="post">
<h2>Form using generated token.</h2>
<input type="hidden" name="csrf_token" value="<?php
echo $token;
?>
">
<input type="text" name="field" value="somevalue">
$_SESSION['tb_height'] = $_GET['height'] - $adj_height;
$_SESSION['set_width'] = 1;
} else {
$_SESSION['tb_width'] = 1000;
$_SESSION['tb_height'] = 520;
$_SESSION['set_width'] = 1;
}
if (!isset($_POST['nocsrf'])) {
include '../nocsrf.php';
}
//if user alreay logged in, then do not load this page. Take them back to the protected area
if (isset($_SESSION['MVGitHub_logstatus']) && ($_SESSION['MVGitHub_logstatus'] = "IS_LOGGED_IN") && isset($_SESSION['MVGitHub_idacname']) && isset($_SESSION['MVGitHub_iduserrole']) && isset($_SESSION['MVGitHub_idacteam']) && isset($_SESSION['MVGitHub_iduserprofile'])) {
header('location:../../myac/');
exit;
}
$token = NoCSRF::generate('nocsrf');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Installation</title>
<link href="../assets_backend/css/style.css" rel="stylesheet" type="text/css" />
<link href="../user_login/a/slider.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="../scripts/jquery_1.4.2.js"></script>
<script type="text/javascript" src="../scripts/jquery.simpleSlide.js"></script>
<script type="text/javascript" src="../uilock/jquery.uilock.js"></script>
<script language="Javascript">
$(document).ready(function(){
$('input').keypress(function(e) {
var s = String.fromCharCode( e.which );
<?php
require_once '../../includes/global.inc.php';
try {
NoCSRF::check( 'csrf_token', $_GET, true, 60*10, false );
$userTools = new UserTools();
$userTools->logout();
header("Location: banklogin.php");
}
catch (Exception $e) {
header("Location: error.php");
}
?>
/**
* Adds extra useragent and remote_addr checks to CSRF protections.
*/
public static function enableOriginCheck()
{
self::$doOriginCheck = true;
}
protected function get()
{
NoCSRF::generate('csrf_token');
}
<?php
require_once '../../Connections/connSystem.php';
mysql_select_db($database_connSystem, $connSystem);
if (isset($_POST['form_action']) && $_POST['form_action'] == "authenticate") {
try {
// Run CSRF check, on POST data, in exception mode, for 10 minutes, in one-time mode.
NoCSRF::check('nocsrf', $_POST, true, 60 * 10, false);
//first clean em up
$username = preg_replace('/[^a-z\\-_0-9\\.:@\\/\\s]/i', '', mysql_escape_string(trim($_POST['account_usr'])));
$userpass = mysql_escape_string(trim($_POST['account_pwd']));
//first, check the last time this person has tried logging in
//capture the users ip in case they are using a proxy, use the function below
function loggerIP()
{
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$theIP = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$theIP = $_SERVER['REMOTE_ADDR'];
}
return trim($theIP);
}
$userIP = loggerIP();
$userBrowser = $_SERVER['HTTP_USER_AGENT'];
//check if the mac address for this server is valid before proceeding
/* ob_start(); // Turn on output buffering
system('ipconfig /all'); //Execute external program to display output
$mycom=ob_get_contents(); // Capture the output into a variable
ob_clean(); // Clean (erase) the output buffer
$findme = "Physical";
<?php
$app->group('/api', function () use($app) {
$app->get('/', function () use($app) {
});
$app->group('/contact', function () use($app) {
$app->post('/submit', function () use($app) {
$app->response->headers->set('Content-Type', 'application/json');
try {
NoCSRF::check('csrf_token', $app->request->post(), true, 60 * 10, false);
$errors = '';
$name = $app->request->post('name');
$email = $app->request->post('email');
$message = $app->request->post('message');
if (empty($name) || !preg_match("/^[a-zA-Z ]*\$/", $name)) {
$errors .= "Please enter a valid name \n";
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$errors .= "Please enter a valid email \n";
}
if (empty($message) || !preg_match("/^[a-zA-Z ]*\$/", $message)) {
$errors .= "Please enter a valid message \n";
}
if (!empty($errors)) {
$json = array('error' => $errors);
echo JSONResponse::send($json);
return;
}
$sendgrid = new SendGrid('API_KEY_HERE');
$email = new SendGrid\Email();
$email->addTo($app->config->get('smtp')->to)->setFrom('*****@*****.**')->setSubject('Inquiry from ' . $name)->setText($message);
/**
* Disables extra useragent and remote_addr checks to CSRF protections.
*/
public static function disableOriginCheck()
{
self::$doOriginCheck = false;
}
<?php
$app->get('/', function () use($app) {
$work = new Portfolio($app);
$app->render('index.twig', ['portfolio' => $work->getPortfolio(), 'csrf_token' => NoCSRF::generate('csrf_token')]);
});
// Mail it
//mail($to, $subject, $message, $headers);
mail($to, $subject, $message, $headers);
$acknowledge = 1;
$msg = "<div class=\"msg_success\">" . $msg_pwdreset_success . "</div><div><a href=\"" . $_SERVER["SERVER_NAME"] . "\">Account Log In</a></div>";
}
//is not set error message
}
//close secure
} catch (Exception $e) {
// CSRF attack detected
$result = $e->getMessage() . ' Form Error ';
}
}
//close if form is set
$token = NoCSRF::generate('dkm');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title><?php
echo $pagetitle;
?>
- <?php
echo $fet_team['usrteamname'];
?>
</title>
<link href="../../assets_backend/css/style.css" rel="stylesheet" type="text/css" />
</head>
<body>