/**
* Help Link
*
* Type: insert<br>
* Name: csrf_token
* Date: April 26, 2011
* Purpose: Returns session CSRF token.
* Input: key
* Example: {insert name="csrf_token"}
* @license http://www.gnu.org/licenses/gpl.html
* @copyright 2011-2012 Mark Wilkie
* @version 1.0
*/
function smarty_insert_csrf_token($params, &$smarty)
{
$csrf_token = Session::getCSRFToken();
if (isset($csrf_token)) {
return sprintf('<input type="hidden" name="csrf_token" value="%s" />', $csrf_token);
} else {
return '<!-- Error: no csrf token found in session -->';
}
}
/**
* Validate the CSRF token passed in the request data.
* @throws invalid InvalidCSRFTokenException
* @return bool True if $_POST['csrf_token'] or $_GET['csrf_token'] is valid
*/
public function validateCSRFToken()
{
$token = 'no token passed';
if (isset($_POST['csrf_token'])) {
$token = $_POST['csrf_token'];
} else {
if (isset($_GET['csrf_token'])) {
$token = $_GET['csrf_token'];
}
}
$session_token = Session::getCSRFToken();
if ($session_token && $session_token == $token) {
return true;
} else {
throw new InvalidCSRFTokenException($token);
}
}
public function testGetCSRFToken()
{
$val = array();
$val["id"] = 10;
$val["user_name"] = 'testuser';
$val["full_name"] = 'Test User';
$val['email'] = '*****@*****.**';
$val['last_login'] = '******';
$val["is_admin"] = 0;
$val["is_activated"] = 1;
$val["failed_logins"] = 0;
$val["account_status"] = '';
$owner = new Owner($val);
$session = new Session();
$this->assertNull($session->getCSRFToken());
$session->completeLogin($owner);
$this->assertNotNull($session->getCSRFToken());
}
public function testGetCSRFToken()
{
$val = array();
$val["id"] = 10;
$val["user_name"] = 'testuser';
$val["full_name"] = 'Test User';
$val['email'] = '*****@*****.**';
$val['last_login'] = '******';
$val["is_admin"] = 0;
$val["is_activated"] = 1;
$val["failed_logins"] = 0;
$val["account_status"] = '';
$val["timezone"] = 'America/New_York';
$val["joined"] = date('Y-m-d');
$val["api_key"] = '';
$val["api_key_private"] = '';
$val["email_notification_frequency"] = 'daily';
$val["membership_level"] = 0;
$owner = new Owner($val);
$session = new Session();
$this->assertNull($session->getCSRFToken());
$session->completeLogin($owner);
$this->assertNotNull($session->getCSRFToken());
}
