function lemon_csrf_token($token_name = 'form_token', $token_expiration_time = 300) { static $name = null; static $expiration_time = null; static $token; if (isset($_SESSION[$token_name])) { $name = $token_name; $token = $_SESSION[$token_name]; $expiration_time = $_SESSION[$token_name . '_expiration_time']; } else { if (!is_null($name)) { lemon_csrf_unset_token($name); } // unset previous token $name = $token_name; $token = md5(uniqid('auth', true)); if (is_null($expiration_time)) { $expiration_time = $token_expiration_time; } $_SESSION[$name] = $token; $_SESSION[$name . '_time'] = time(); $_SESSION[$name . '_expiration_time'] = $expiration_time; } return array('name' => $name, 'value' => $token, 'expiration_time' => $expiration_time); }
function helye_espace_client_login() { if (lemon_csrf_require_valid_token('"Cross site request forgery" détectée. Requête interrompue.')) { $errors = array(); if ($token_expired = lemon_csrf_token_expired()) { $errors[] = 'Temps de connexion dépassé. Merci de vous bien vouloir vous identifier à nouveau.'; } lemon_csrf_unset_token(); if (!$token_expired) { $auth = lemon_auth(option('auth_config')); // redirect to '/espace_client' if login successfuly $errors = array_merge(lemon_auth_login($_POST['username'], $_POST['password'], '/espace_client'), $errors); } // else unset($_SESSION['username']); flash('errors', $errors); flash('username', $_POST['username']); redirect_to('/espace_client/login'); } }