PHP csrf_check_tokens示例

编程语言: PHP

方法/功能: csrf_check_tokens

hotexamples.com的示例: 3

PHP csrf_check_tokens - 已找到3个示例。这些是从开源项目中提取的最受好评的csrf_check_tokens现实PHP示例。您可以评价示例，以帮助我们提高示例质量。

示例#1

显示文件

文件： csrf-magic.php 项目： HarshalVoonna/CSRF_Project

/**
 * Checks if this is a post request, and if it is, checks if the nonce is valid.
 */
function csrf_check($fatal = true)
{
    //pass the GET request
    if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
        return true;
    }
    csrf_start();
    $name = $GLOBALS['csrf']['input-name'];
    $ok = false;
    $tokens = '';
    do {
        if (!isset($_POST[$name])) {
            break;
        }
        $tokens = $_POST[$name];
        if (!csrf_check_tokens($tokens)) {
            break;
        }
        $ok = true;
    } while (false);
    if ($fatal && !$ok) {
        $callback = $GLOBALS['csrf']['callback'];
        if (trim($tokens, 'A..Za..z0..9:;,') !== '') {
            $tokens = 'hidden';
        }
        $callback($tokens);
        exit;
    }
    return $ok;
}

示例#2

显示文件

文件： csrf-magic.php 项目： andrei1489/cacti

/**
 * Checks if this is a post request, and if it is, checks if the nonce is valid.
 * @param bool $fatal Whether or not to fatally error out if there is a problem.
 * @return True if check passes or is not necessary, false if failure.
 */
function csrf_check($fatal = true)
{
    if (!isset($_SERVER['REQUEST_METHOD']) || $_SERVER['REQUEST_METHOD'] !== 'POST') {
        return true;
    }
    csrf_start();
    $name = $GLOBALS['csrf']['input-name'];
    $ok = false;
    $tokens = '';
    do {
        if (!isset($_POST[$name])) {
            break;
        }
        // we don't regenerate a token and check it because some token creation
        // schemes are volatile.
        $tokens = $_POST[$name];
        if (!csrf_check_tokens($tokens)) {
            break;
        }
        $ok = true;
    } while (false);
    if ($fatal && !$ok) {
        $callback = $GLOBALS['csrf']['callback'];
        if (trim($tokens, 'A..Za..z0..9:;,') !== '') {
            $tokens = 'hidden';
        }
        $callback($tokens);
        exit;
    }
    return $ok;
}

示例#3

显示文件

文件： csrf-magic.php 项目： nyov/thehostingtool

/**
 * Checks if this is a post request, and if it is, checks if the nonce is valid.
 * @param bool $fatal Whether or not to fatally error out if there is a problem.
 * @return True if check passes or is not necessary, false if failure.
 */
function csrf_check($fatal = true)
{
    if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
        return true;
    }
    csrf_start();
    $name = $GLOBALS['csrf']['input-name'];
    $ok = false;
    $tokens = '';
    // PayPal CSRF hack
    if (substr($_SERVER['SCRIPT_NAME'], -16) == 'client/index.php' && isset($_GET['page']) && $_GET['page'] == 'invoices' && isset($_GET['paypalcsrf'])) {
        $_POST[$name] = $_GET['paypalcsrf'];
    }
    //
    do {
        if (!isset($_POST[$name])) {
            break;
        }
        // we don't regenerate a token and check it because some token creation
        // schemes are volatile.
        $tokens = $_POST[$name];
        if (!csrf_check_tokens($tokens)) {
            break;
        }
        $ok = true;
    } while (false);
    if ($fatal && !$ok) {
        $callback = $GLOBALS['csrf']['callback'];
        if (trim($tokens, 'A..Za..z0..9:;,') !== '') {
            $tokens = 'hidden';
        }
        $callback($tokens);
        exit;
    }
    return $ok;
}