Labo JPB-PHR 2015-2024

Auteur

Nicolas2

Forum » » Road map développement » » [Résolu] - Ghost formulaire dans user

Posté : 04-03-2021 14:05 icone du post

mainfile.php

[code php]
session_manage();

session_start();
[/code]

toujours mainfile.php

[code php]
function make_token($name = 'csrfToken')
{
  $max_time = 60 * 60 * 24; // token is valid for 1 day

  $csrf_token  = session_get_token($name);
  $stored_time = session_get_token($name .'_time');

  if ((($max_time + $stored_time) <= time()) || empty($csrf_token)) 
  {
    session_set_token($name, md5(uniqid(rand(), true)));
    session_set_token($name .'_time', time());
  }

  return session_get_token($name);
}

function is_token_valid($name = 'csrfToken')
{

var_dump($_POST, session_get_token($name));

  return ($_POST[$name] === session_get_token($name));
}

function session_set_token($key, $value = false)
{
  global $nuke_url;

  if (is_array($key) && $value === false) 
  {
    foreach ($key as $name => $value) 
    {
      $_SESSION[$name] = $value;
    }
  } 
  else 
  {
    $_SESSION[$key] = $value;
  }
}

function session_get_token($key)
{
  global $nuke_url;

  if (isset($_SESSION[$key])) 
  {
    return $_SESSION[$key];
  }

  return null;
}
[/code]

fichier user.php

[code php]
function Only_NewUser() {
   global $user, $memberpass;
   if (!$user) {
      global $smilies, $short_user, $memberpass;
      global $uname, $name, $email, $user_avatar, $user_occ, $user_from, $user_intrest, $user_sig, $user_viewemail, $pass, $vpass, $C1,$C2,$C3,$C4,$C5,$C6,$C7,$C8,$M1,$M2,$T1,$T2,$B1, $csrfToken;
[/code]

[code php]
function hidden_form() {
   global $uname, $name, $email, $user_avatar, $user_occ, $user_from, $user_intrest, $user_sig, $user_viewemail, $pass, $vpass, $C1,$C2,$C3,$C4,$C5,$C6,$C7,$C8,$M1,$M2,$T1,$T2,$B1,$charte,$user_lnl, $csrfToken;
   if (!$user_avatar) {$user_avatar="blank.gif";}
   echo '
   
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      ';
}
[/code]

[code php]
function finishNewUser($uname, $name, $email, $user_avatar, $user_occ, $user_from, $user_intrest, $user_sig, $user_viewemail, $pass,$user_lnl, $C1,$C2,$C3,$C4,$C5,$C6,$C7,$C8,$M1,$M2,$T1,$T2,$B1) {
   global $NPDS_Prefix;
   global $makepass, $system, $adminmail, $sitename, $AutoRegUser, $memberpass, $gmt;

   if (!is_token_valid()) {
       redirect_!url(!'index.php');
   }
[/code]

et fichier module/sform/extend_user/forulaire.php

[code php]
$m->add_field('op','','new user','hidden',false);
$m->add_field('csrfToken','', make_token(),'hidden',false);
[/code]

Cet article provient de Labo JPB-PHR 2015-2024
https://labo.infocapagde.com/viewtopic.php?topic=1477&forum=21