} $this->assign('u', $u); $this->page('manage/users/view'); $this->getToken(); $this->getExtendedToken(); if (isset($_GET['updated'])) { $this->assign('message', 'The user password have been updated.'); } break; case 'delete': if (!$this->request(3) || !$this->request(4)) { break; } $this->acceptExtendedToken($this->request(4)); // can not delete current user if (Session::Get(Authentification::SESSION_USER_ID) == intval($this->request(3))) { $this->errorPage('Unable to delete your own account', 'You can not delete yourself. Please ask another administrator to do it!', FALSE); } $u = new User(); $u->loadFromId(intval($this->request(3))); if (!$u->exists()) { break; } if (!empty($_POST)) { $this->acceptToken(); try { if (empty($_POST['delete'])) { throw new \Exception('Nobody will be deleted until you check the box…'); } if (empty($_POST['user_id']) || $_POST['user_id'] != intval($this->request(3))) { $this->hackAttempt();
public function isLogged() { return Session::Exists(self::SESSION_LOGGED) && Session::Get(self::SESSION_LOGGED); }
public function getExtendedToken() { $token = Session::Exists('current_ext_token') ? Session::Get('current_ext_token') : Token::Generate(TRUE); Session::Add('current_ext_token', $token); $this->template->assign('extended_token', $token); return $token; }