PHP csrf::get_token 예제들

예제 #1

파일: controller.php 프로젝트: sail3/PIPLibelula

 public function make_response($response)
 {
     require_once APP_DIR . "plugins/csrf.php";
     $csrf_obj = new csrf();
     $csrf_obj->clear_values();
     $token_id = $csrf_obj->get_token_id();
     $token = $csrf_obj->get_token();
     $response["token_id"] = $token_id;
     $response["token"] = $token;
     echo json_encode($response);
 }

예제 #2

파일: guestbook.php 프로젝트: valarmoghulis/php

<?php

define('IN_GB', TRUE);
session_start();
include "includes/gb.class.php";
include "includes/config.php";
include "language/{$default_language}";
include "includes/rain.tpl.class.php";
include "includes/csrf.class.php";
raintpl::configure("base_url", null);
raintpl::configure("tpl_dir", "themes/{$theme}/");
raintpl::configure("cache_dir", "cache/");
// Generate Token Id and Valid
$csrf = new csrf();
$token_id = $csrf->get_token_id();
$token_value = $csrf->get_token($token_id);
//initialize a Rain TPL object
$tpl = new RainTPL();
$tpl->assign("theme", $theme);
$tpl->assign("title", $title);
$tpl->assign("headingtitletxt", $headingtitletxt);
$tpl->assign("addentrytxt", $addentrytxt);
$tpl->assign("viewguestbooktxt", $viewguestbooktxt);
$tpl->assign("newpostfirsttxt", $newpostfirsttxt);
$tpl->assign("newpostlasttxt", $newpostlasttxt);
$tpl->assign("searchlabeltxt", $searchlabeltxt);
$tpl->assign("searchbuttontxt", $searchbuttontxt);
$tpl->assign("yournametxt", $yournametxt);
$tpl->assign("youremailtxt", $youremailtxt);
$tpl->assign("yourMessagetxt", $yourMessagetxt);
$tpl->assign("yourCountrytxt", $yourCountrytxt);

예제 #3

파일: index.php 프로젝트: raakesh/php-security-pitfalls

 * It is meant for demonstration purposes only. 
 * Do not use this code in a production environment!
 */
require 'functions.php';
require 'csrf.php';
$csrf = new csrf();
if (!empty($_SESSION['loggedin']) && $_SESSION['loggedin'] === TRUE) {
    $account = isset($_GET['account']) ? (int) $_GET['account'] : 0;
    $amount = isset($_GET['amount']) ? (int) $_GET['amount'] : 0;
    if ($account > 0 && $amount > 0) {
        // Transfer
        $token = $csrf->get_token_from_url();
        if ($csrf->check_token($token) == FALSE) {
            die('You rascal!');
        }
        $filename = 'transfers.txt';
        $data = file_get_contents($filename);
        $msg = "A transfer of {$amount} has been made to account {$account}\n";
        $data .= $msg;
        file_put_contents($filename, $data);
        echo $msg;
    } else {
        $token = $csrf->get_token();
        echo '<h1>No transfer could be made</h1>';
        echo '<a href="index.php?amount=10&account=1234&token=' . $token . '">Transfer $10 into account 1234</a>';
    }
} else {
    $token = $csrf->get_token();
    echo '<h1>You need to login, man!</h1>';
    echo '<a href="login.php?token=' . $token . '">Login</a>';
}