Example #1
0
 /**
  * Returns true if the session data has the needed
  * token data
  * 
  * @param string $token
  * @return boolean
  */
 protected function hasValidSessionData(WebRequest $request, $token)
 {
     return $request->getSessionData('dt-class-' . $token) !== false && $request->getSessionData('dt-time-' . $token) !== false;
 }
Example #2
0
 /**
  * Processes all form data
  * 
  * @access public
  * @param \Zepi\Turbo\Request\WebRequest $request
  */
 public function processFormData(WebRequest $request)
 {
     /**
      * If there is no csrf-key or csrf-token we return immediately 
      * because this could be a hacker.
      */
     if (!$request->hasParam('csrf-key') || !$request->hasParam('csrf-token')) {
         return;
     }
     /**
      * Otherwise lookup the csrf-key and csrf-token in the session and
      * validate them
      */
     $key = $request->getParam('csrf-key');
     $token = $request->getParam('csrf-token');
     $sessionToken = $request->getSessionData($key);
     /**
      * Remove the old token
      */
     $request->deleteSessionData($key);
     /**
      * If the token from the form not is equal with the token in the session
      * we will return here
      */
     if ($sessionToken !== $token) {
         return;
     }
     /**
      * Process the form data if the csrf tokens are valid
      */
     foreach ($this->getChildrenByType('\\Zepi\\Web\\UserInterface\\Form\\Field\\FieldAbstract') as $field) {
         if ($request->hasParam($field->getHtmlName())) {
             $field->setValue($request->getParam($field->getHtmlName()), $request);
         }
     }
 }
Example #3
0
 /**
  * Validates the session. If the session is obsolete and the max lieftime is reached
  * the function will return false, otherwise true.
  * 
  * @access protected
  * @param \Zepi\Turbo\Request\WebRequest $request
  * @return boolean
  */
 protected function validateSessionData(WebRequest $request)
 {
     if ($request->getSessionData('isObsolete') && $request->getSessionData('maxLifetime') < time()) {
         return false;
     }
     return true;
 }
Example #4
0
 /**
  * Generates a DataRequest object
  * 
  * @access protected
  * @param \Zepi\Turbo\Request\WebRequest $request
  * @param \Zepi\Web\UserInterface\Table\TableAbstract $table
  * @param false|integer $numberOfEntries
  * @return \Zepi\Web\UserInterface\Table\DataRequest
  */
 protected function generateDataRequest(WebRequest $request, TableAbstract $table, $numberOfEntries)
 {
     $sortBy = 'name';
     $sortByDirection = 'ASC';
     // If the session has a data request object for the table, load it and refresh the data.
     $savedDataRequestKey = get_class($table) . '.DataRequest.Saved';
     $dataRequest = false;
     if ($table->shouldSaveDataRequest() && $request->getSessionData($savedDataRequestKey) !== false) {
         $dataRequest = unserialize($request->getSessionData($savedDataRequestKey));
     }
     // Check if the data request is valid
     if ($dataRequest === false) {
         $dataRequest = new DataRequest(1, $numberOfEntries, $sortBy, $sortByDirection);
     }
     // Save the data request to the session if needed
     if ($table->shouldSaveDataRequest()) {
         $request->setSessionData($savedDataRequestKey, serialize($dataRequest));
     }
     return $dataRequest;
 }