private function handleNoCSRF()
{
require_once 'green_nocsrf.php';
# first look for forms
if (!empty($_POST) && count($_POST) > 0) {
try {
NoCSRF::check('gwc_csrf', $_POST, true, 60 * 10, false);
} catch (Exception $e) {
throw new Exception('Invalid form request detected');
}
}
# generate token
$this->CSRF_TOKEN = NoCSRF::generate('gwc_csrf');
}
if (isset($_POST['field'])) {
try {
// Run CSRF check, on POST data, in exception mode, for 10 minutes, in one-time mode.
NoCSRF::check('csrf_token', $_POST, true, 60 * 10, false);
// form parsing, DB inserts, etc.
// ...
$result = 'CSRF check passed. Form parsed.';
} catch (Exception $e) {
// CSRF attack detected
$result = $e->getMessage() . ' Form ignored.';
}
} else {
$result = 'No post data yet.';
}
// Generate CSRF token to use in form hidden field
$token = NoCSRF::generate('csrf_token');
?>
<h1>CSRF sandbox</h1>
<pre style="color: red"><?php
echo $result;
?>
</pre>
<form name="csrf_form" action="#" method="post">
<h2>Form using generated token.</h2>
<input type="hidden" name="csrf_token" value="<?php
echo $token;
?>
">
<input type="text" name="field" value="somevalue">
$_SESSION['tb_height'] = $_GET['height'] - $adj_height;
$_SESSION['set_width'] = 1;
} else {
$_SESSION['tb_width'] = 1000;
$_SESSION['tb_height'] = 520;
$_SESSION['set_width'] = 1;
}
if (!isset($_POST['nocsrf'])) {
include '../nocsrf.php';
}
//if user alreay logged in, then do not load this page. Take them back to the protected area
if (isset($_SESSION['MVGitHub_logstatus']) && ($_SESSION['MVGitHub_logstatus'] = "IS_LOGGED_IN") && isset($_SESSION['MVGitHub_idacname']) && isset($_SESSION['MVGitHub_iduserrole']) && isset($_SESSION['MVGitHub_idacteam']) && isset($_SESSION['MVGitHub_iduserprofile'])) {
header('location:../../myac/');
exit;
}
$token = NoCSRF::generate('nocsrf');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Installation</title>
<link href="../assets_backend/css/style.css" rel="stylesheet" type="text/css" />
<link href="../user_login/a/slider.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="../scripts/jquery_1.4.2.js"></script>
<script type="text/javascript" src="../scripts/jquery.simpleSlide.js"></script>
<script type="text/javascript" src="../uilock/jquery.uilock.js"></script>
<script language="Javascript">
$(document).ready(function(){
$('input').keypress(function(e) {
var s = String.fromCharCode( e.which );
protected function get()
{
NoCSRF::generate('csrf_token');
}
<?php
$app->get('/', function () use($app) {
$work = new Portfolio($app);
$app->render('index.twig', ['portfolio' => $work->getPortfolio(), 'csrf_token' => NoCSRF::generate('csrf_token')]);
});
// Mail it
//mail($to, $subject, $message, $headers);
mail($to, $subject, $message, $headers);
$acknowledge = 1;
$msg = "<div class=\"msg_success\">" . $msg_pwdreset_success . "</div><div><a href=\"" . $_SERVER["SERVER_NAME"] . "\">Account Log In</a></div>";
}
//is not set error message
}
//close secure
} catch (Exception $e) {
// CSRF attack detected
$result = $e->getMessage() . ' Form Error ';
}
}
//close if form is set
$token = NoCSRF::generate('dkm');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title><?php
echo $pagetitle;
?>
- <?php
echo $fet_team['usrteamname'];
?>
</title>
<link href="../../assets_backend/css/style.css" rel="stylesheet" type="text/css" />
</head>
<body>
/**
* assign a CSRF token to be added to the form.
* Will be checked by the corresponding checkCSRF method on form submission
*/
public function setCSRF()
{
$this->form['csrf_token'] = array('elementType' => 'input', 'type' => 'hidden', 'name' => 'csrf_token', 'value' => NoCSRF::generate('csrf_token'));
}
