1: <?php defined('_JOOS_CORE') or exit();
2:
3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17:
18: class joosCSRF
19: {
20: public static function hash($seed)
21: {
22: return md5(JSECRET_CODE . md5($seed));
23: }
24:
25: public static function get_code($alt = null)
26: {
27: if ($alt) {
28: $random = $alt . date('Ymd');
29: } else {
30: $random = date('dmY');
31: }
32:
33: return 'joosCSRF-' . self::hash(JPATH_BASE . $random . (joosCore::user() ? joosCore::user()->id : 'null'));
34: }
35:
36: public static function check_code($alt = null, $method = 'post')
37: {
38: switch (strtolower($method)) {
39: case 'get':
40: $validate = joosRequest::get(self::get_code($alt), 0);
41: break;
42:
43: case 'request':
44: $validate = joosRequest::request(self::get_code($alt), 0);
45:
46: break;
47:
48: case 'post':
49: default:
50: $validate = joosRequest::post(self::get_code($alt), 0);
51: break;
52: }
53:
54: if (!$validate) {
55: joosPages::page403();
56: }
57:
58: if (!isset($_SERVER['HTTP_USER_AGENT'])) {
59: joosPages::page403();
60: }
61:
62: if (!$_SERVER['REQUEST_METHOD'] == 'POST') {
63: joosPages::page403();
64: }
65: }
66:
67: }
68: