/**
* Form token validation
* @param array $validations The array of validation rules
* @return void
*/
function form_validate($validations = null)
{
if (!isset($_POST['lc_formToken_' . _cfg('formTokenName')])) {
Validation::addError('', _t('Invalid form token.'));
return false;
}
$token = _decrypt(session_get(_cfg('formTokenName')));
$postedToken = _decrypt(_post($_POST['lc_formToken_' . _cfg('formTokenName')]));
$result = false;
# check token first
if ($token == $postedToken) {
# check referer if it is requesting in the same site
if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] && _cfg('siteDomain')) {
$siteDomain = _cfg('siteDomain');
$siteDomain = preg_replace('/^www\\./', '', $siteDomain);
$parsedURL = parse_url($_SERVER['HTTP_REFERER']);
$parsedURL['host'] = preg_replace('/^www\\./', '', $parsedURL['host']);
if (strcasecmp($siteDomain, $parsedURL['host']) == 0) {
$result = true;
}
}
}
if ($result == false) {
Validation::addError('', _t('Error occured during form submission. Please refresh the page to try again.'));
return false;
}
if ($validations && Validation::check($validations) === false) {
return false;
}
return true;
}
/**
* Add an external error messsage
*
* @param string $id HTML ID
* @param string $msg The error message to show
*
* @return void
*/
function validation_addError($id, $msg)
{
Validation::addError($id, $msg);
}
