/**
* Generates an opening HTML form tag.
*
* // Form will submit back to the current page using POST
* echo Form::open();
*
* // Form will submit to 'search' using GET
* echo Form::open('search', array('method' => 'get'));
*
* // When "file" inputs are present, you must include the "enctype"
* echo Form::open(NULL, array('enctype' => 'multipart/form-data'));
*
* @param mixed form action, defaults to the current request URI, or [Request] class to use
* @param array html attributes
* @return string
* @uses Request::instance
* @uses URL::site
* @uses HTML::attributes
*/
public static function open($action = NULL, array $attributes = NULL)
{
if ($action instanceof Request) {
// Use the current URI
$action = $action->uri();
}
if (!$action) {
// Allow empty form actions (submits back to the current url).
$action = '';
} elseif (strpos($action, '://') === FALSE) {
// Make the URI absolute
$action = URL::site($action);
}
// Add the form action to the attributes
$attributes['action'] = $action;
// Only accept the default character set
$attributes['accept-charset'] = Kohana::$charset;
if (!isset($attributes['method'])) {
// Use POST method
$attributes['method'] = 'post';
}
// Only render the CSRF field when the POST method is used
$hidden_csrf_field = $attributes['method'] == 'post' ? self::hidden('form_auth_id', CSRF::token()) : '';
return '<form' . HTML::attributes($attributes) . '>' . $hidden_csrf_field;
}
public static function __constructStatic()
{
if (!isset($_COOKIE['csrfToken'])) {
self::$token = Helper::randStr(10);
setcookie("csrfToken", self::$token, 0, "/", Lobby::getHostname());
} else {
self::$token = $_COOKIE['csrfToken'];
}
}
/**
* Processes the request, executing the controller action that handles this
* request, determined by the [Route].
*
* 1. Before the controller action is called, the [Controller::before] method
* will be called.
* 2. Next the controller action will be called.
* 3. After the controller action is called, the [Controller::after] method
* will be called.
*
* By default, the output from the controller is captured and returned, and
* no headers are sent.
*
* $request->execute();
*
* @return Response
* @throws Request_Exception
* @throws HTTP_Exception_404
* @uses [Kohana::$profiling]
* @uses [Profiler]
*/
public function execute()
{
if (!$this->_route instanceof Route) {
throw new HTTP_Exception_404('Unable to find a route to match the URI: :uri', array(':uri' => $this->_uri));
}
if (!$this->_client instanceof Request_Client) {
throw new Request_Exception('Unable to execute :uri without a Kohana_Request_Client', array(':uri' => $this->_uri));
}
// Add custom header for CSRF protection where an Ajax
// request is made via HTTP POST
if ($this->method() === 'POST' and $this->is_ajax()) {
$this->headers('X-CSRF-Token', CSRF::token());
}
return $this->_client->execute($this);
}
/**
* Processes the request, executing the controller action that handles this
* request, determined by the [Route].
*
* 1. Before the controller action is called, the [Controller::before] method
* will be called.
* 2. Next the controller action will be called.
* 3. After the controller action is called, the [Controller::after] method
* will be called.
*
* By default, the output from the controller is captured and returned, and
* no headers are sent.
*
* $request->execute();
*
* @return Response
* @throws Request_Exception
* @throws HTTP_Exception_404
* @uses [Kohana::$profiling]
* @uses [Profiler]
*/
public function execute()
{
if (!$this->_external) {
$processed = Request::process($this, $this->_routes);
if ($processed) {
// Store the matching route
$this->_route = $processed['route'];
$params = $processed['params'];
// Is this route external?
$this->_external = $this->_route->is_external();
if (isset($params['directory'])) {
// Controllers are in a sub-directory
$this->_directory = $params['directory'];
}
// Store the controller
$this->_controller = $params['controller'];
// Store the action
$this->_action = isset($params['action']) ? $params['action'] : Route::$default_action;
// These are accessible as public vars and can be overloaded
unset($params['controller'], $params['action'], $params['directory']);
// Params cannot be changed once matched
$this->_params = $params;
}
}
if (!$this->_route instanceof Route) {
return HTTP_Exception::factory(404, 'Unable to find a route to match the URI: :uri', array(':uri' => $this->_uri))->request($this)->get_response();
}
if (!$this->_client instanceof Request_Client) {
throw new Request_Exception('Unable to execute :uri without a Kohana_Request_Client', array(':uri' => $this->_uri));
}
// Add custom header for CSRF protection where an Ajax
// request is made via HTTP POST
if ($this->method() === 'POST' and $this->is_ajax()) {
$this->headers('X-CSRF-Token', CSRF::token());
}
return $this->_client->execute($this);
}
<img class="img-responsive" src="images/<?php echo $p->filename; ?> " alt="<?php echo $p->caption; ?> "> </div> </div> <div class="col-lg-6 col-lg-offset-3"> <form method="post" action="photo.php?id=<?php echo $p->id; ?> "> <input type="hidden" name="token" value="<?php echo CSRF::token(); ?> "> <h4>Add your comment</h4> <?php echo $msg; ?> <div class="form-group"> <label>Name</label> <input class="form-control" type="text" placeholder="Enter your Name" name="author" value=""> </div> <div class="form-group"> <label>Comment</label> <textarea class="form-control" placeholder="Enter your Comment" name="body"></textarea>
/**
* Creates CSRF token input
*
* @param string $id ID e.g. uid [Optional]
* @param string $action Action [Optional]
*
* @return string
*
* @uses CSRF::token
*/
public static function csrf($id = '', $action = '')
{
return self::hidden('token', CSRF::token($id, $action));
}
/**
* Generates the CSRF form input
* @uses Form
* @param string $namespace
* @return string generated HTML
*/
public static function form($namespace = 'default')
{
return Form::hidden('csrf_' . $namespace, CSRF::token($namespace));
}
