PHP Session::checkCSRF Examples

Example #1

File: install.php Project: paisdelconocimiento/glpi-smartcities

{
    if (file_exists(GLPI_CONFIG_DIR . "/config_db.php")) {
        Html::redirect($CFG_GLPI['root_doc'] . "/index.php");
        die;
    }
}
if (!isset($_POST["install"])) {
    $_SESSION = array();
    checkConfigFile();
    header_html("Select your language");
    choose_language();
} else {
    // Check valid Referer :
    Toolbox::checkValidReferer();
    // Check CSRF: ensure nobody strap first page that checks if config file exists ...
    Session::checkCSRF($_POST);
    // DB clean
    if (isset($_POST["db_pass"])) {
        $_POST["db_pass"] = stripslashes($_POST["db_pass"]);
        $_POST["db_pass"] = rawurldecode($_POST["db_pass"]);
        $_POST["db_pass"] = stripslashes($_POST["db_pass"]);
    }
    switch ($_POST["install"]) {
        case "lang_select":
            // lang ok, go accept licence
            checkConfigFile();
            header_html(__('License'));
            acceptLicense();
            break;
        case "License":
            // licence  ok, go choose installation or Update