*/
require_once 'lib/common.php';
use PDOException;
class MyPage extends Page
{
    protected function request()
    {
        $val = isset($_POST['field']) ? $_POST['field'] : '';
        echo <<<EOT
    <form action='{$_SERVER['PHP_SELF']}' method=post
      accept-charset=UTF-8>
    <input type=text name=field size=115 value='{$val}'>
    <input type=submit name=action_go value=Submit>
    </form>
<!--
<button type=button onclick='window.location=
  "member.php?csrftoken={$_SESSION['csrftoken']}";'>Go</button>
<button type=button onclick="transfer('member.php',
  {csrftoken: '{$_SESSION['csrftoken']}'});">Go</button>
-->
EOT;
    }
    protected function action_go()
    {
        // ... code to save data ...
        $this->message('Saved', true);
    }
}
$page = new MyPage('XSS Example', true);
$page->go();
        $f->start();
        $f->text('yubikey', 'YubiKey:', 50, '', true, true);
        $f->button('action_yubikey', 'Verify', false);
        $f->end();
    }
    protected function action_yubikey()
    {
        $y = $_POST['yubikey'];
        if (strlen($y) > 34) {
            $identity = substr($y, 0, strlen($y) - 32);
            $stmt = $this->db->query('select identity from
          user where userid = :userid', array('userid' => $_SESSION['userid_pending']));
            if (($row = $stmt->fetch()) && $row['identity'] == $identity) {
                $yubi = new \Auth_Yubico(CLIENT_ID, CLIENT_KEY);
                if ($yubi->verify($y) === true) {
                    if (!isset($_SESSION['expired'])) {
                        $security = new Security();
                        $security->store_verification($_SESSION['userid_pending'], true);
                    }
                    $this->is_verified();
                    return;
                }
            }
        }
        $this->show_form_yubikey();
        $this->message('Invalid YubiKey OTP');
    }
}
$page = new MyPage('Login');
$page->go(true);