PHP Security_Csrf::checkPost примеры использования

Пример #1

Файл: Authorised.php Проект: vgrish/dvelum

 /**
  * Check user permissions and authentication
  */
 public function checkAuth()
 {
     $user = User::getInstance();
     $uid = false;
     if ($user->isAuthorized()) {
         $uid = $user->id;
     }
     if (!$uid) {
         if (Request::isAjax()) {
             Response::jsonError($this->_lang->MSG_AUTHORIZE);
         } else {
             $this->loginAction();
         }
     }
     /*
      * Check CSRF token
      */
     if ($this->_configFrontend->get('use_csrf_token') && Request::hasPost()) {
         $csrf = new Security_Csrf();
         $csrf->setOptions(array('lifetime' => $this->_configFrontend->get('use_csrf_token_lifetime'), 'cleanupLimit' => $this->_configFrontend->get('use_csrf_token_garbage_limit')));
         if (!$csrf->checkHeader() && !$csrf->checkPost()) {
             $this->_errorResponse($this->_lang->MSG_NEED_CSRF_TOKEN);
         }
     }
     $this->_user = $user;
 }

Пример #2

Файл: Controller.php Проект: vgrish/dvelum

 /**
  * Check user permissions and authentication
  */
 public function checkAuth()
 {
     $user = User::getInstance();
     $uid = false;
     if ($user->isAuthorized()) {
         $uid = $user->id;
     }
     if (!$uid || !$user->isAdmin()) {
         if (Request::isAjax()) {
             Response::jsonError($this->_lang->MSG_AUTHORIZE);
         } else {
             $this->loginAction();
         }
     }
     /*
      * Check CSRF token
      */
     if ($this->_configBackend->get('use_csrf_token') && Request::hasPost()) {
         $csrf = new Security_Csrf();
         $csrf->setOptions(array('lifetime' => $this->_configBackend->get('use_csrf_token_lifetime'), 'cleanupLimit' => $this->_configBackend->get('use_csrf_token_garbage_limit')));
         if (!$csrf->checkHeader() && !$csrf->checkPost()) {
             $this->_errorResponse($this->_lang->MSG_NEED_CSRF_TOKEN);
         }
     }
     $this->_user = $user;
     $isSysController = in_array(get_called_class(), $this->_configBackend->get('system_controllers'), true);
     if ($isSysController) {
         return;
     }
     if (!$this->_user->canView($this->_module)) {
         $this->_errorResponse($this->_lang->CANT_VIEW);
     }
     $moduleManager = new Backend_Modules_Manager();
     // $modules = Config::factory(Config::File_Array , $this->_configMain['backend_modules']);
     /*
      * Redirect for undefined module
      */
     if (!$moduleManager->isValidModule($this->_module)) {
         $this->_errorResponse($this->_lang->WRONG_REQUEST);
     }
     $moduleCfg = $moduleManager->getModuleConfig($this->_module);
     /*
      * Redirect for disabled module
      */
     if ($moduleCfg['active'] == false) {
         $this->_errorResponse($this->_lang->CANT_VIEW);
     }
     /*
      * Redirect for dev module at prouction
      */
     if ($moduleCfg['dev'] && !$this->_configMain['development']) {
         $this->_errorResponse($this->_lang->CANT_VIEW);
     }
 }