if ($objFWUser->objUser->login($backend)) { return true; } } return false; } /** * Remove the CSRF protection parameter from the query string and referrer */ public static function cleanRequestURI() { // This will remove the parameter from the first position in the query string // and leave an URI like "index.php&name=value", which is invalid //$csrfUrlModifierPattern = '#(?:\&(?:amp\;)?|\?)?'.self::$formkey.'\=[a-zA-Z0-9_]+#'; // Better cut the parameter plus trailing ampersand, if any. $csrfUrlModifierPattern = '/' . self::$formkey . '\\=[a-zA-Z0-9_]+\\&?/'; // This will leave the URI valid, even if it's the last parameter; // a trailing question mark or ampersand does no harm. !empty($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] = preg_replace($csrfUrlModifierPattern, '', $_SERVER['QUERY_STRING']) : false; !empty($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] = preg_replace($csrfUrlModifierPattern, '', $_SERVER['REQUEST_URI']) : false; !empty($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] = preg_replace($csrfUrlModifierPattern, '', $_SERVER['HTTP_REFERER']) : false; !empty($_SERVER['argv']) ? $_SERVER['argv'] = preg_grep($csrfUrlModifierPattern, $_SERVER['argv'], PREG_GREP_INVERT) : false; } public static function setFrontendMode() { self::$frontend_mode = true; @ini_set('url_rewriter.tags', 'area=href,frame=src,iframe=src,input=src,form=,fieldset='); } } Csrf::cleanRequestURI();