コード例 #1
0
function check_csrf($token)
{
    global $lang_common;
    $is_hash_authorized = pun_hash_equals($token, pun_csrf_token());
    if (!isset($token) || !$is_hash_authorized) {
        message($lang_common['Bad csrf hash'], false, '404 Not Found');
    }
}
コード例 #2
0
ファイル: login.php プロジェクト: geg89/fluxbb
     // If there is a salt in the database we have upgraded from 1.3-legacy though haven't yet logged in
     if (!empty($cur_user['salt'])) {
         $is_salt_authorized = pun_hash_equals(sha1($cur_user['salt'] . sha1($form_password)), $cur_user['password']);
         if ($is_salt_authorized) {
             $authorized = true;
             $db->query('UPDATE ' . $db->prefix . 'users SET password=\'' . $form_password_hash . '\', salt=NULL WHERE id=' . $cur_user['id']) or error('Unable to update user password', __FILE__, __LINE__, $db->error());
         }
     } else {
         if (strlen($cur_user['password']) != 40) {
             $is_md5_authorized = pun_hash_equals(md5($form_password), $cur_user['password']);
             if ($is_md5_authorized) {
                 $authorized = true;
                 $db->query('UPDATE ' . $db->prefix . 'users SET password=\'' . $form_password_hash . '\' WHERE id=' . $cur_user['id']) or error('Unable to update user password', __FILE__, __LINE__, $db->error());
             }
         } else {
             $authorized = pun_hash_equals($cur_user['password'], $form_password_hash);
         }
     }
 }
 if (!$authorized) {
     message($lang_login['Wrong user/pass'] . ' <a href="login.php?action=forget">' . $lang_login['Forgotten pass'] . '</a>');
 }
 flux_hook('login_after_validation');
 // Update the status if this is the first time the user logged in
 if ($cur_user['group_id'] == PUN_UNVERIFIED) {
     $db->query('UPDATE ' . $db->prefix . 'users SET group_id=' . $pun_config['o_default_user_group'] . ' WHERE id=' . $cur_user['id']) or error('Unable to update user status', __FILE__, __LINE__, $db->error());
     // Regenerate the users info cache
     if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
         require PUN_ROOT . 'include/cache.php';
     }
     generate_users_info_cache();