function lemon_csrf_token($token_name = 'form_token', $token_expiration_time = 300)
{
static $name = null;
static $expiration_time = null;
static $token;
if (isset($_SESSION[$token_name])) {
$name = $token_name;
$token = $_SESSION[$token_name];
$expiration_time = $_SESSION[$token_name . '_expiration_time'];
} else {
if (!is_null($name)) {
lemon_csrf_unset_token($name);
}
// unset previous token
$name = $token_name;
$token = md5(uniqid('auth', true));
if (is_null($expiration_time)) {
$expiration_time = $token_expiration_time;
}
$_SESSION[$name] = $token;
$_SESSION[$name . '_time'] = time();
$_SESSION[$name . '_expiration_time'] = $expiration_time;
}
return array('name' => $name, 'value' => $token, 'expiration_time' => $expiration_time);
}
function helye_espace_client_login()
{
if (lemon_csrf_require_valid_token('"Cross site request forgery" détectée. Requête interrompue.')) {
$errors = array();
if ($token_expired = lemon_csrf_token_expired()) {
$errors[] = 'Temps de connexion dépassé. Merci de vous bien vouloir vous identifier à nouveau.';
}
lemon_csrf_unset_token();
if (!$token_expired) {
$auth = lemon_auth(option('auth_config'));
// redirect to '/espace_client' if login successfuly
$errors = array_merge(lemon_auth_login($_POST['username'], $_POST['password'], '/espace_client'), $errors);
}
// else
unset($_SESSION['username']);
flash('errors', $errors);
flash('username', $_POST['username']);
redirect_to('/espace_client/login');
}
}
