Forum » » Road map développement » » [Résolu] - Ghost formulaire dans user
Posté : 04-03-2021 14:05
mainfile.php[code php] session_manage(); session_start(); [/code]toujours mainfile.php
[code php] function make_token($name = 'csrfToken') { $max_time = 60 * 60 * 24; // token is valid for 1 day $csrf_token = session_get_token($name); $stored_time = session_get_token($name .'_time'); if ((($max_time + $stored_time) <= time()) || empty($csrf_token)) { session_set_token($name, md5(uniqid(rand(), true))); session_set_token($name .'_time', time()); } return session_get_token($name); } function is_token_valid($name = 'csrfToken') { var_dump($_POST, session_get_token($name)); return ($_POST[$name] === session_get_token($name)); } function session_set_token($key, $value = false) { global $nuke_url; if (is_array($key) && $value === false) { foreach ($key as $name => $value) { $_SESSION[$name] = $value; } } else { $_SESSION[$key] = $value; } } function session_get_token($key) { global $nuke_url; if (isset($_SESSION[$key])) { return $_SESSION[$key]; } return null; } [/code]fichier user.php
[code php] function Only_NewUser() { global $user, $memberpass; if (!$user) { global $smilies, $short_user, $memberpass; global $uname, $name, $email, $user_avatar, $user_occ, $user_from, $user_intrest, $user_sig, $user_viewemail, $pass, $vpass, $C1,$C2,$C3,$C4,$C5,$C6,$C7,$C8,$M1,$M2,$T1,$T2,$B1, $csrfToken; [/code]
[code php] function hidden_form() { global $uname, $name, $email, $user_avatar, $user_occ, $user_from, $user_intrest, $user_sig, $user_viewemail, $pass, $vpass, $C1,$C2,$C3,$C4,$C5,$C6,$C7,$C8,$M1,$M2,$T1,$T2,$B1,$charte,$user_lnl, $csrfToken; if (!$user_avatar) {$user_avatar="blank.gif";} echo '