/**
* Erzeugt verstecktes Feld mit Page-Token zur Absicherung gegen Cross-Site-Request-Forgery
*/
public static function pageTokenField()
{
$tokenValue = \fpcm\classes\security::createPageToken();
self::hiddenInput(\fpcm\classes\security::getPageTokenFieldName(), $tokenValue);
}
/**
* Page-Token prüfen
* @return boolean
*/
protected function checkPageToken()
{
if (isset($_SERVER['HTTP_REFERER']) && !is_null($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], \fpcm\classes\baseconfig::$rootPath) === false) {
return false;
}
$fieldname = \fpcm\classes\security::getPageTokenFieldName();
$cache = new \fpcm\classes\cache($fieldname, \fpcm\classes\security::pageTokenCacheModule);
$tokenData = $cache->read();
$cache->cleanup($fieldname, \fpcm\classes\security::pageTokenCacheModule);
if (\fpcm\classes\http::getPageToken() == $tokenData) {
return true;
}
return false;
}
