checks if CSRF token in session is same as in the form submitted
| public static isTokenValid ( ) : boolean | ||
| 리턴 | boolean | |
/**
* The login action, when you do login/login
*/
public function login()
{
// check if csrf token is valid
if (!Csrf::isTokenValid()) {
LoginModel::logout();
Redirect::home();
exit;
}
// perform the login method, put result (true or false) into $login_successful
$login_successful = LoginModel::login(Request::post('user_name'), Request::post('user_password'), Request::post('set_remember_me_cookie'));
// check login status: if true, then redirect user to user/index, if false, then to login form again
if ($login_successful) {
if (Request::post('redirect')) {
Redirect::toPreviousViewedPageAfterLogin(ltrim(urldecode(Request::post('redirect')), '/'));
} else {
Redirect::to('user/index');
}
} else {
if (Request::post('redirect')) {
Redirect::to('login?redirect=' . ltrim(urlencode(Request::post('redirect')), '/'));
} else {
Redirect::to('login/index');
}
}
}
/**
* Edit user name (perform the real action after form has been submitted)
*/
public function editUsername_action()
{
// check if csrf token is valid
if (!Csrf::isTokenValid()) {
LoginModel::logout();
Redirect::home();
exit;
}
UserModel::editUserName(Request::post('user_name'));
Redirect::to('user/editUsername');
}
public function login()
{
if (!Csrf::isTokenValid()) {
self::logout();
}
$success = LoginModel::login(Request::post('user_name'), Request::post('user_password'), Request::post('set_remember_me_cookie'));
// check login status: if true, then redirect user login/showProfile, if false, then to login form again
if ($success) {
if (Request::post('redirect')) {
Redirect::to(ltrim(urldecode(Request::post('redirect')), '/'));
} else {
Redirect::to('login/showProfile');
}
} else {
Redirect::to('login/index');
}
}
public function ajaxLogin()
{
if (!Csrf::isTokenValid()) {
LoginModel::logout();
echo 'NT';
return;
}
openssl_private_decrypt(base64_decode(Request::get_post('password')), $password, Session::get('RSA_private'));
$login_successful = LoginModel::login(Request::get_post('username'), $password, Request::get_post('remember_me'));
if ($login_successful) {
if ($redirect = Request::get_post('redirect')) {
echo ltrim(urldecode($redirect), '/');
} else {
echo Config::get('URL') . '/account';
}
} else {
echo 'N';
}
}
/**
* Edit user name (perform the real action after form has been submitted)
* Auth::checkAuthentication() makes sure that only logged in users can use this action
*/
public function editUsername_action()
{
Auth::checkAuthentication();
// check if csrf token is valid
if (!Csrf::isTokenValid()) {
self::logout();
}
UserModel::editUserName(Request::post('user_name'));
Redirect::to('login/index');
}
