kienan
/
AlternC
mirror of https://github.com/kienanstewart/AlternC.git
1
0
Fork 0
Code Issues Releases Wiki Activity

petit oubli de màj de $err -> $msg dans functions.php

This commit is contained in:
quenenni 2017-08-22 18:02:46 +02:00
parent 7dce491b10
commit 65f994f763
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
bureau/class/functions.php
View File

@ -1081,7 +1081,7 @@ function PercentToColor($p = 0) {
/** /**
* *
* @global m_err $err * @global m_messages $msg
* @global m_mem $mem * @global m_mem $mem
* @global int $cuid * @global int $cuid
* @return boolean * @return boolean
@ -1096,7 +1096,7 @@ function panel_lock() {
/** /**
* *
* @global m_err $err * @global m_messages $msg
* @global m_mem $mem * @global m_mem $mem
* @global int $cuid * @global int $cuid
* @return boolean * @return boolean
@ -1143,29 +1143,29 @@ function csrf_get($return=false) {
* a token can be only checked once, it's disabled then * a token can be only checked once, it's disabled then
* @param $token string the token to check in the DB + session * @param $token string the token to check in the DB + session
* @return $result integer 0 for invalid token, 1 for good token, -1 for expired token (already used) * @return $result integer 0 for invalid token, 1 for good token, -1 for expired token (already used)
* if a token is invalid or expired, an $err is raised, that can be displayed * if a token is invalid or expired, an $msg is raised, that can be displayed
*/ */
function csrf_check($token=null) { function csrf_check($token=null) {
global $db,$err; global $db,$msg;
if (is_null($token)) $token=$_POST["csrf"]; if (is_null($token)) $token=$_POST["csrf"];
if (!isset($_SESSION["csrf"])) { if (!isset($_SESSION["csrf"])) {
$err->raise("functions", _("The posted form token is incorrect. Maybe you need to allow cookies")); $msg->raise('Error', "functions", _("The posted form token is incorrect. Maybe you need to allow cookies"));
return 0; // no csrf cookie :/ return 0; // no csrf cookie :/
} }
if (strlen($token)!=32 || strlen($_SESSION["csrf"])!=32) { if (strlen($token)!=32 || strlen($_SESSION["csrf"])!=32) {
unset($_SESSION["csrf"]); unset($_SESSION["csrf"]);
$err->raise("functions", _("Your cookie or token is invalid")); $msg->raise('Error', "functions", _("Your cookie or token is invalid"));
return 0; // invalid csrf cookie return 0; // invalid csrf cookie
} }
$db->query("SELECT used FROM csrf WHERE cookie=? AND token=?;",array($_SESSION["csrf"],$token)); $db->query("SELECT used FROM csrf WHERE cookie=? AND token=?;",array($_SESSION["csrf"],$token));
if (!$db->next_record()) { if (!$db->next_record()) {
$err->raise("functions", _("Your token is invalid")); $msg->raise('Error', "functions", _("Your token is invalid"));
return 0; // invalid csrf cookie return 0; // invalid csrf cookie
} }
if ($db->f("used")) { if ($db->f("used")) {
$err->raise("functions", _("Your token is expired. Please refill the form.")); $msg->raise('Error', "functions", _("Your token is expired. Please refill the form."));
return -1; // expired return -1; // expired
} }
$db->query("UPDATE csrf SET used=1 WHERE cookie=? AND token=?;",array($_SESSION["csrf"],$token)); $db->query("UPDATE csrf SET used=1 WHERE cookie=? AND token=?;",array($_SESSION["csrf"],$token));