"; } /** * Generates a new CSFR token. * @author Bobby Allen (ballen@bobbyallen.me) * @return bool */ static function Tokeniser() { $_SESSION['zpcsfr'] = runtime_randomstring::randomHash(); return true; } /** * Verfies that the submitted form has a valid CSFR token. * @author Bobby Allen (ballen@bobbyallen.me) * @return bool */ static function ProtectAjax() { global $controller; $csfr_token = runtime_xss::xssClean(runtime_sanatizeItem::sanatizeItem(trim($_POST['csfr_token']),'string')); if ( $csfr_token != '' && $csfr_token == $_SESSION['zpcsfr'] ) { self::Tokeniser(); return true; }else{ $return = array("status"=>"csfr_verify_failed"); echo json_encode($return);exit; } } static function Protect() { global $controller; $csfr_token = runtime_xss::xssClean(runtime_sanatizeItem::sanatizeItem(trim($_POST['csfr_token']),'string')); if($csfr_token == '' || empty($csfr_token)){ header("location: ./?ovipass=". $controller->LoginAccessKey() ."&module=".$controller->GetControllerRequest('URL', 'module')); }else{ //var_dump($csfr_token); var_dump($_SESSION); var_dump($_COOKIE); // if ( $csfr_token != '' && ( $csfr_token == $_SESSION['zpcsfr'] || $csfr_token == $_COOKIE['zpcsfr'])) { if ( $csfr_token != '' && ( $csfr_token == $_SESSION['zpcsfr'])) { //echo "came 1"; exit; self::Tokeniser(); return true; }else{ header("location: ./?ovipass=". $controller->LoginAccessKey() ."&module=".$controller->GetControllerRequest('URL', 'module')); } return true; } } static function updatecsfrajax() { $html=trim(self::Token()); $doc = DOMDocument::loadHTML($html); $xpath = new DOMXPath($doc); $query = "//input"; $entries = $xpath->query($query); foreach ($entries as $entry) { return trim($entry->getAttribute("value")); } } } ?>