/** * Form token validation * @param array $validations The array of validation rules * @return void */ function form_validate($validations = null) { if (!isset($_POST['lc_formToken_' . _cfg('formTokenName')])) { Validation::addError('', _t('Invalid form token.')); return false; } $token = _decrypt(session_get(_cfg('formTokenName'))); $postedToken = _decrypt(_post($_POST['lc_formToken_' . _cfg('formTokenName')])); $result = false; # check token first if ($token == $postedToken) { # check referer if it is requesting in the same site if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] && _cfg('siteDomain')) { $siteDomain = _cfg('siteDomain'); $siteDomain = preg_replace('/^www\\./', '', $siteDomain); $parsedURL = parse_url($_SERVER['HTTP_REFERER']); $parsedURL['host'] = preg_replace('/^www\\./', '', $parsedURL['host']); if (strcasecmp($siteDomain, $parsedURL['host']) == 0) { $result = true; } } } if ($result == false) { Validation::addError('', _t('Error occured during form submission. Please refresh the page to try again.')); return false; } if ($validations && Validation::check($validations) === false) { return false; } return true; }
/** * Check all inputs according to the validation rules provided * * @param array $validations The array of the validation rules * @param string $type The return form of the error message: * "multi" to return all error messages occurred; * "single" to return the first error message occurred * * @return void */ function validation_check($validations, $type = 'multi') { return Validation::check($validations, $type); }