/** * Form token validation * @param array $validations The array of validation rules * @return void */ function form_validate($validations = null) { if (!isset($_POST['lc_formToken_' . _cfg('formTokenName')])) { Validation::addError('', _t('Invalid form token.')); return false; } $token = _decrypt(session_get(_cfg('formTokenName'))); $postedToken = _decrypt(_post($_POST['lc_formToken_' . _cfg('formTokenName')])); $result = false; # check token first if ($token == $postedToken) { # check referer if it is requesting in the same site if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] && _cfg('siteDomain')) { $siteDomain = _cfg('siteDomain'); $siteDomain = preg_replace('/^www\\./', '', $siteDomain); $parsedURL = parse_url($_SERVER['HTTP_REFERER']); $parsedURL['host'] = preg_replace('/^www\\./', '', $parsedURL['host']); if (strcasecmp($siteDomain, $parsedURL['host']) == 0) { $result = true; } } } if ($result == false) { Validation::addError('', _t('Error occured during form submission. Please refresh the page to try again.')); return false; } if ($validations && Validation::check($validations) === false) { return false; } return true; }
/** * Add an external error messsage * * @param string $id HTML ID * @param string $msg The error message to show * * @return void */ function validation_addError($id, $msg) { Validation::addError($id, $msg); }