コード例 #1
0
ファイル: lib-security.php プロジェクト: spacequad/glfusion
/**
* Check a security token.
*
* Checks the POST and GET data for a security token, if one exists, validates
* that it's for this user and URL. If the token is not valid, it asks the user
* to re-authenticate and resends the request if authentication was successful.
*
* @return   boolean     true if the token is valid; does not return if not!
*
*/
function SEC_checkToken()
{
    global $_CONF, $LANG20, $LANG_ADMIN;
    if (_sec_checkToken()) {
        SEC_createToken(-1);
        return true;
    }
    // determine the destination of this request
    $destination = COM_getCurrentURL();
    // validate the destination is not blank and is part of our site...
    if ($destination == '') {
        $destination = $_CONF['site_url'] . '/index.php';
    }
    if (substr($destination, 0, strlen($_CONF['site_url'])) != $_CONF['site_url']) {
        $destination = $_CONF['site_url'] . '/index.php';
    }
    $method = strtoupper($_SERVER['REQUEST_METHOD']) == 'GET' ? 'GET' : 'POST';
    $postdata = serialize($_POST);
    $getdata = serialize($_GET);
    $filedata = '';
    if (!empty($_FILES)) {
        foreach ($_FILES as $key => $file) {
            if (is_array($file['name'])) {
                foreach ($file['name'] as $offset => $filename) {
                    if (!empty($file['name'][$offset])) {
                        $filename = basename($file['tmp_name'][$offset]);
                        move_uploaded_file($file['tmp_name'][$offset], $_CONF['path_data'] . 'temp/' . $filename);
                        $_FILES[$key]['tmp_name'][$offset] = $filename;
                    }
                }
            } else {
                if (!empty($file['name']) && !empty($file['tmp_name'])) {
                    $filename = basename($file['tmp_name']);
                    move_uploaded_file($file['tmp_name'], $_CONF['path_data'] . 'temp/' . $filename);
                    $_FILES[$key]['tmp_name'] = $filename;
                }
            }
        }
        $filedata = serialize($_FILES);
    }
    SESS_setVar('glfusion.auth.method', $method);
    SESS_setVar('glfusion.auth.dest', $destination);
    SESS_setVar('glfusion.auth.post', $postdata);
    SESS_setVar('glfusion.auth.get', $getdata);
    if (!empty($filedata)) {
        SESS_setVar('glfusion.auth.file', $filedata);
    }
    $display = COM_siteHeader();
    $display .= SEC_tokenreauthForm('', $destination);
    $display .= COM_siteFooter();
    echo $display;
    exit;
}
コード例 #2
0
function SP_toggleStatus($enabledstaticpages, $sp_idarray)
{
    global $_TABLES, $_DB_table_prefix;
    if (!_sec_checkToken(1)) {
        $retval['statusMessage'] = 'Invalid security token. Please refresh the page.';
        $retval['errorCode'] = 1;
    } else {
        if (isset($sp_idarray) && is_array($sp_idarray)) {
            foreach ($sp_idarray as $sp_id => $junk) {
                $sp_id = COM_applyFilter($sp_id);
                if (isset($enabledstaticpages[$sp_id])) {
                    DB_query("UPDATE {$_TABLES['staticpage']} SET sp_status = '1' WHERE sp_id = '" . DB_escapeString($sp_id) . "'");
                } else {
                    DB_query("UPDATE {$_TABLES['staticpage']} SET sp_status = '0' WHERE sp_id = '" . DB_escapeString($sp_id) . "'");
                }
            }
        }
        PLG_itemSaved($sp_id, 'staticpages');
        CTL_clearCache();
        $retval['statusMessage'] = 'StaticPage state has been toggled.';
        $retval['errorCode'] = 0;
        $return["json"] = json_encode($retval);
        echo json_encode($return);
    }
}