File core/libraries/csrf.php | Joostina CMS / CMF v2.* API

 1: <?php defined('_JOOS_CORE') or exit();
 2: 
 3: /**
 4:  * Работа с защитой от межсайтового скриптинга
 5:  *
 6:  * @version    1.0
 7:  * @package    Core\Libraries
 8:  * @subpackage Csrf
 9:  * @category   Libraries
10:  * @author     Joostina Team <info@joostina.ru>
11:  * @copyright  (C) 2007-2012 Joostina Team
12:  * @license    MIT License http://www.opensource.org/licenses/mit-license.php
13:  * Информация об авторах и лицензиях стороннего кода в составе Joostina CMS: docs/copyrights
14:  *
15:  *
16:  * @todo документировать, почистить, расширить для работы с Ajax
17:  * */
18: class joosCSRF
19: {
20:     public static function hash($seed)
21:     {
22:         return md5(JSECRET_CODE . md5($seed));
23:     }
24: 
25:     public static function get_code($alt = null)
26:     {
27:         if ($alt) {
28:             $random = $alt . date('Ymd');
29:         } else {
30:             $random = date('dmY');
31:         }
32: 
33:         return 'joosCSRF-' . self::hash(JPATH_BASE . $random . (joosCore::user() ? joosCore::user()->id : 'null'));
34:     }
35: 
36:     public static function check_code($alt = null, $method = 'post')
37:     {
38:         switch (strtolower($method)) {
39:             case 'get':
40:                 $validate = joosRequest::get(self::get_code($alt), 0);
41:                 break;
42: 
43:             case 'request':
44:                 $validate = joosRequest::request(self::get_code($alt), 0);
45: 
46:                 break;
47: 
48:             case 'post':
49:             default:
50:                 $validate = joosRequest::post(self::get_code($alt), 0);
51:                 break;
52:         }
53: 
54:         if (!$validate) {
55:             joosPages::page403();
56:         }
57: 
58:         if (!isset($_SERVER['HTTP_USER_AGENT'])) {
59:             joosPages::page403();
60:         }
61: 
62:         if (!$_SERVER['REQUEST_METHOD'] == 'POST') {
63:             joosPages::page403();
64:         }
65:     }
66: 
67: }
68:
Packages

Classes
