/** * Gatekeeper function that validates input forms and prevents csrf attacks. * Call this from your form action code. * * @param string $targetURL The URL of the form action that brought us here. * @param boolean $haltExecutionOnBadRequest If set to true, the function halts all execution if the form doesn't validate. (True by default.) * @return true|false */ public static function validateToken($action = '', $haltExecutionOnBadRequest = true) { if (Idno::site()->session()->isAPIRequest()) { return true; } return parent::validateToken($action, $haltExecutionOnBadRequest); }
<?php if (empty($vars['time'])) { $vars['time'] = time(); } ?> <input type="hidden" name="__bTs" value="<?php echo $vars['time']; ?> " /> <input type="hidden" name="__bTk" value="<?php echo \Bonita\Forms::token($vars['action'], $vars['time']); ?> " /> <input type="hidden" name="__bTa" value="<?php echo htmlentities($vars['action']); ?> " />
<?php /** * Howdy! This is a really simple example of how to use forms. If you haven't already, check out index.php first. */ // Load Bonita require_once dirname(dirname(__FILE__)) . '/start.php'; // Add this directory as an additional path \Bonita\Main::additionalPath(dirname(__FILE__)); // Instantiate template $t = new \Bonita\Templates(); // Set the body $t->body = $t->draw('pages/forms'); // Was the form already submitted? if (\Bonita\Forms::formSubmitted()) { // If so, validate the form token (to prevent nefarious tomfoolery) if (\Bonita\Forms::validateToken()) { // If the action completed, set the body to our form submission template $t->body = $t->draw('pages/example/formsubmitted'); } } // Draw the page $t->__(array('title' => 'Forms example'))->drawPage();