PHP functions\CSRF примеры использования

Пример #1

Файл: page-routes.php Проект: sarcoma/microframework

            $content['excerpt'] = $_POST['excerpt'];
            if (functions\CSRF::check($_POST['csrf'])) {
                $page->setName($content['name']);
                $page->setSlug($content['slug'], $entityManager);
                $page->setContent($content['content']);
                $page->setExcerpt($content['excerpt']);
                $entityManager->persist($page);
                $entityManager->flush();
                $app->flash('message', 'Page Updated Successfully!');
                $app->redirect($app->urlFor('message'));
            }
        }
        $app->render('/pages/page-form.twig', array('title' => 'Edit Page', 'content' => $content, 'csrf' => functions\CSRF::generate()));
    })->via('GET', 'POST')->name('edit')->conditions(array('id' => '\\d+'));
    $app->map('/delete/:id/', function ($id) use($app, $entityManager) {
        if ($app->request->isPost()) {
            if (isset($_POST['delete'])) {
                if (functions\CSRF::check($_POST['csrf'])) {
                    $page = $entityManager->find('Page', $id);
                    $entityManager->remove($page);
                    $entityManager->flush();
                    $app->flash('message', 'Page Deleted Successfully!');
                    $app->redirect($app->urlFor('message'));
                }
            } else {
                $app->redirect($app->urlFor('list-pages'));
            }
        }
        $app->render('delete.twig', array('csrf' => functions\CSRF::generate()));
    })->via('GET', 'POST')->name('delete')->conditions(array('id' => '\\d+'));
});

Пример #2

Файл: user-routes.php Проект: sarcoma/microframework

        if ($hash == $user->hashUsername($user->getUsername())) {
            $user->setActivationToken(true);
            $entityManager->persist($user);
            $entityManager->flush();
            $app->flash('message', 'User activated');
            $app->redirect($app->urlFor('message'));
        }
    }
    $app->flash('message', 'Could not activate account');
    $app->redirect($app->urlFor('message'));
})->name('activate');
$app->post('/create-user/', function () use($app, $view, $entityManager) {
    $username = trim($_POST['username']);
    $email = trim($_POST['email']);
    $password = trim($_POST['password']);
    if (functions\CSRF::check($_POST['csrf'])) {
        $user = new Users();
        $error = $user->validate($username, $email, $password);
        if (empty($error)) {
            $user->setUsername($username);
            $user->setEmail($email);
            $user->setPasswordHash($password);
            $user->setRole();
            $user->setActivationToken();
            $entityManager->persist($user);
            $entityManager->flush();
            $createUser = $user->getId() ? true : false;
            if ($createUser) {
                $link = 'http://localhost' . $app->urlFor('activate', array('token' => $user->getActivationToken(), 'hash' => $user->hashUsername($user->getUsername())));
                $message = new Email('#262729', 18);
                $message->setBodyColor('#eeeeee');