if ($objFWUser->objUser->login($backend)) {
return true;
}
}
return false;
}
/**
* Remove the CSRF protection parameter from the query string and referrer
*/
public static function cleanRequestURI()
{
// This will remove the parameter from the first position in the query string
// and leave an URI like "index.php&name=value", which is invalid
//$csrfUrlModifierPattern = '#(?:\&(?:amp\;)?|\?)?'.self::$formkey.'\=[a-zA-Z0-9_]+#';
// Better cut the parameter plus trailing ampersand, if any.
$csrfUrlModifierPattern = '/' . self::$formkey . '\\=[a-zA-Z0-9_]+\\&?/';
// This will leave the URI valid, even if it's the last parameter;
// a trailing question mark or ampersand does no harm.
!empty($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] = preg_replace($csrfUrlModifierPattern, '', $_SERVER['QUERY_STRING']) : false;
!empty($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] = preg_replace($csrfUrlModifierPattern, '', $_SERVER['REQUEST_URI']) : false;
!empty($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] = preg_replace($csrfUrlModifierPattern, '', $_SERVER['HTTP_REFERER']) : false;
!empty($_SERVER['argv']) ? $_SERVER['argv'] = preg_grep($csrfUrlModifierPattern, $_SERVER['argv'], PREG_GREP_INVERT) : false;
}
public static function setFrontendMode()
{
self::$frontend_mode = true;
@ini_set('url_rewriter.tags', 'area=href,frame=src,iframe=src,input=src,form=,fieldset=');
}
}
Csrf::cleanRequestURI();
