Bug 1328 add function to check token

git-svn-id: http://piwigo.org/svn/trunk@4492 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
nikrou
2009-12-14 22:16:52 +00:00
parent 8938db7136
commit c76b39da6f
+22
View File
@@ -23,6 +23,28 @@
include(PHPWG_ROOT_PATH.'admin/include/functions_metadata.php');
/**
* check token comming from form posted or get params to prevent csrf attacks
* if pwg_token is empty action doesn't require token
* else pwg_token is compare to server token
*
* @return void access denied if token given is not equal to server token
*/
function check_token()
{
global $conf;
$token = hash_hmac('md5', session_id(), $conf['secret_key']);
if (!empty($_POST['pwg_token']) && ($_POST['pwg_token'] != $token))
{
access_denied();
}
elseif (!empty($_GET['pwg_token']) && ($_GET['pwg_token'] != $token))
{
access_denied();
}
}
// The function delete_site deletes a site and call the function
// delete_categories for each primary category of the site