/** * Processes all form data * * @access public * @param \Zepi\Turbo\Request\WebRequest $request */ public function processFormData(WebRequest $request) { /** * If there is no csrf-key or csrf-token we return immediately * because this could be a hacker. */ if (!$request->hasParam('csrf-key') || !$request->hasParam('csrf-token')) { return; } /** * Otherwise lookup the csrf-key and csrf-token in the session and * validate them */ $key = $request->getParam('csrf-key'); $token = $request->getParam('csrf-token'); $sessionToken = $request->getSessionData($key); /** * Remove the old token */ $request->deleteSessionData($key); /** * If the token from the form not is equal with the token in the session * we will return here */ if ($sessionToken !== $token) { return; } /** * Process the form data if the csrf tokens are valid */ foreach ($this->getChildrenByType('\\Zepi\\Web\\UserInterface\\Form\\Field\\FieldAbstract') as $field) { if ($request->hasParam($field->getHtmlName())) { $field->setValue($request->getParam($field->getHtmlName()), $request); } } }
/** * Returns the Form object for the login form * * @access protected * @param \Zepi\Turbo\Framework $framework * @param \Zepi\Turbo\Request\WebRequest $request * @param \Zepi\Turbo\Response\Response $response * @return \Zepi\Web\UserInterface\Form\Form */ protected function createForm(Framework $framework, WebRequest $request, Response $response) { // Create the form $form = new Form('login', $request->getFullRoute('login'), 'post'); // Add the user data group $errorBox = new ErrorBox('login-errors', 1); $form->addPart($errorBox); $origin = ''; if ($request->hasParam('_origin')) { $origin = $request->getParam('_origin'); } $helpText = ''; if ($this->getSetting('accesscontrol.allowRenewPassword')) { $helpText = $this->translate('Lost your password? <a href="%link%">Renew it here.</a>', '\\Zepi\\Web\\AccessControl', array('link' => $request->getFullRoute('request-new-password'))); } // Add the user data group $group = new Group('user-data', $this->translate('User data', '\\Zepi\\Web\\AccessControl'), array(new Text('username', $this->translate('Username', '\\Zepi\\Web\\AccessControl'), true), new Password('password', $this->translate('Password', '\\Zepi\\Web\\AccessControl'), true, '', $helpText), new Hidden('origin', $origin)), 10); $form->addPart($group); // Add the submit button $buttonGroup = new ButtonGroup('buttons', array(new Submit('submit', $this->translate('Login', '\\Zepi\\Web\\AccessControl'))), 100); $form->addPart($buttonGroup); return $form; }