public function isLogged() { return Session::Exists(self::SESSION_LOGGED) && Session::Get(self::SESSION_LOGGED); }
/** * Log Out Action */ public function logout() { Session::destroy(); Redirect::to('/'); }
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. Code source hosted on https://github.com/Devenet/MoodPicker */ use Utils\Cookie; use Utils\Session; use Picker\Mood; use Picker\MoodLevel; use Core\Config; if (isset($_POST['mood']) && $this->acceptToken()) { $_POST['mood'] = $_POST['mood'] + 0; if (!MoodLevel::isValidValue($_POST['mood'])) { $this->errorPage('Invalid value', 'The given value for your current mood is unknow.'); } if (!Cookie::Exists('voted') && !Session::Exists('voted')) { $m = new Mood($_POST['mood'], time(), Config::IP()); $m->save(); Cookie::add('voted', true, Cookie::HOUR * 2); Session::add('voted', true); header('Location: ./review'); exit; } $this->errorPage('Already voted', 'An entry has already been enregistred from your computer. <br />You have to wait some times before submitting an other mood.'); } else { $this->getToken(); $this->assign('good', MoodLevel::GOOD); $this->assign('bad', MoodLevel::BAD); }
} $this->assign('u', $u); $this->page('manage/users/view'); $this->getToken(); $this->getExtendedToken(); if (isset($_GET['updated'])) { $this->assign('message', 'The user password have been updated.'); } break; case 'delete': if (!$this->request(3) || !$this->request(4)) { break; } $this->acceptExtendedToken($this->request(4)); // can not delete current user if (Session::Get(Authentification::SESSION_USER_ID) == intval($this->request(3))) { $this->errorPage('Unable to delete your own account', 'You can not delete yourself. Please ask another administrator to do it!', FALSE); } $u = new User(); $u->loadFromId(intval($this->request(3))); if (!$u->exists()) { break; } if (!empty($_POST)) { $this->acceptToken(); try { if (empty($_POST['delete'])) { throw new \Exception('Nobody will be deleted until you check the box…'); } if (empty($_POST['user_id']) || $_POST['user_id'] != intval($this->request(3))) { $this->hackAttempt();
public function acceptExtendedToken($token) { if (Token::AcceptExtended($token)) { Session::Remove('current_ext_token'); return TRUE; } // invalid token... header('HTTP/1.1 401 Unauthorized', TRUE, 401); $this->errorPage('Invalid security token', 'The received token was empty or invalid. <br />Are you sure that <em>Cookies</em> are enabled on your browser?'); return FALSE; }