mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-10 08:34:09 +02:00
Code Issues Releases Wiki Activity

EONE-62 (New Feature): Introducing user tokens (token logic could change in the future);

Browse Source 
init_session automated user token check (POST or GET);
new referal e_form method (hidden field with proper user token value);
Admin UI protects now all its forms;
This commit is contained in:
secretr
2010-05-19 15:28:52 +00:00
parent 1fefab53d3
commit 40391d9856
3 changed files with 47 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
class2.php
View File

@@ -1603,6 +1603,15 @@ function init_session()
$user = e107::getUser();
define('USERIP', $e107->getip());
define('POST_REFERER', md5($user->getToken()));
// Check for intruders - outside the model for now
if((isset($_POST['__referer']) && !$user->checkToken($_POST['__referer']))
|| (isset($_GET['__referer']) && !$user->checkToken($_GET['__referer'])))
{
// Die, die, die! DIE!!!
die('Unauthorized access!');
}
if(e107::isCli())
{