PHP csrf_token_is_recent Exemples

Exemple #1

Fichier : login_reset_password.php Projet : kamy333/rajah

<?php

require_once "../../includes/initialize.php";
// Rather than require setting up a real database,
// we can fake one instead.
$message = "";
$token = $_GET['token'];
// Confirm that the token sent is valid
$user = User::find_by_reset_token($token);
if (!isset($user) || !$user) {
    // Token wasn't sent or didn't match a user.
    $session->message("Did not find you try again");
    redirect_to('login_forgot_password_username.php');
}
if (request_is_post() && request_is_same_domain()) {
    if (!csrf_token_is_valid() || !csrf_token_is_recent()) {
        $message = "Sorry, request was not valid.";
    } else {
        // CSRF tests passed--form was created by us recently.
        // retrieve the values submitted via the form
        $password = trim($_POST['password']);
        $password_confirm = trim($_POST['password_confirm']);
        $valid = new FormValidation();
        $valid->validate_presences(array('password', 'password_confirm'));
        if ($password !== $password_confirm) {
            $valid->errors['password_confirmation'] = "Password confirmation does not match password.";
        }
        if (empty($valid->errors)) {
            $user->password = $password;
            $user->save();
            $user->delete_reset_token();

Exemple #2

Fichier : profile.php Projet : kamy333/rajah

                if (!$user->save()) {
                    $session->message("Username" . $user->username . " " . "other info for ID (" . $user->id . ")");
                    $session->ok(true);
                    unset($_POST);
                    redirect_to("profile.php");
                } else {
                    unset($_POST);
                    $session->message("User: "******" " . "edit failed");
                }
            }
        }
    }
}
if (request_is_post() && request_is_same_domain()) {
    //var_dump($_POST);
    if (!csrf_token_is_valid(3) || !csrf_token_is_recent(3)) {
        $message = "Sorry, request was not valid 3.";
    } else {
        if (isset($_POST['submit']) && $_POST['submit'] === "Update Photo") {
            $user = UpdateUserProfile::find_by_id($session->user_id);
            $valid = new formValidation();
            //    echo get_class_vars('User');
            //            $user->unset_required_fields("username","password",'nom','email',);
            //            $user->unset_required_fields("password",'nom','user_type_id');
            //            $user->unset_table_fields(array('username', 'hashed_password', 'nom','email','user_type','user_type_id','block_user','unread_message','unread_notification','first_name', 'last_name','reset_token','address','cp','city','country','phone','mobile'));
            $user->unset_table_fields(array('hashed_password'));
            if (empty($valid->errors)) {
                if (empty($_FILES['user_image'])) {
                    //                    $user->save();
                    redirect_to("profile.php");
                }