Il y a actuellement 67 visiteur(s) et 0 membre(s) en ligne.
Devenez membre privilégié en cliquant ici
Pages vues depuis 20/04/2015 : 23 201 274
Updated Apr 17
Index du forum »» Road map développement »» [Résolu] - Ghost formulaire dans user
function make_token($name = 'csrfToken')
{
global $nuke_url;
$max_time = 60 * 60 * 24;
$csrf_token = $_SESSION[$nuke_url.$name];
$stored_time = $_SESSION[$nuke_url.$name .'_time'];
if ((($max_time + $stored_time) <= time()) || empty($csrf_token))
{
$_SESSION[$nuke_url.$name, md5(uniqid(rand(), true))];
$_SESSION[$nuke_url.$name .'_time', time()];
}
return $_SESSION[$nuke_url.$name];
}
function is_token_valid($name = 'csrfToken')
{
global $nuke_url;
return ($_POST[$name] === $_SESSION[$nuke_url.$name]);
}
make_token('csrfToken');
global $nuke_url;
if (!is_token_valid()) {
redirect_!!!!url(!!!!'index.php');
}
session_start();
/*session is started if you don't write this line can't use $_Session global variable*/
session_manage();
session_start();
function make_token($name = 'csrfToken')
{
$max_time = 60 * 60 * 24; // token is valid for 1 day
$csrf_token = session_get_token($name);
$stored_time = session_get_token($name .'_time');
if ((($max_time + $stored_time) <= time()) || empty($csrf_token))
{
session_set_token($name, md5(uniqid(rand(), true)));
session_set_token($name .'_time', time());
}
return session_get_token($name);
}
function is_token_valid($name = 'csrfToken')
{
var_dump($_POST, session_get_token($name));
return ($_POST[$name] === session_get_token($name));
}
function session_set_token($key, $value = false)
{
global $nuke_url;
if (is_array($key) && $value === false)
{
foreach ($key as $name => $value)
{
$_SESSION[$name] = $value;
}
}
else
{
$_SESSION[$key] = $value;
}
}
function session_get_token($key)
{
global $nuke_url;
if (isset($_SESSION[$key]))
{
return $_SESSION[$key];
}
return null;
}
function Only_NewUser() {
global $user, $memberpass;
if (!$user) {
global $smilies, $short_user, $memberpass;
global $uname, $name, $email, $user_avatar, $user_occ, $user_from, $user_intrest, $user_sig, $user_viewemail, $pass, $vpass, $C1,$C2,$C3,$C4,$C5,$C6,$C7,$C8,$M1,$M2,$T1,$T2,$B1, $csrfToken;
function hidden_form() {
global $uname, $name, $email, $user_avatar, $user_occ, $user_from, $user_intrest, $user_sig, $user_viewemail, $pass, $vpass, $C1,$C2,$C3,$C4,$C5,$C6,$C7,$C8,$M1,$M2,$T1,$T2,$B1,$charte,$user_lnl, $csrfToken;
if (!$user_avatar) {$user_avatar="blank.gif";}
echo '
<form action="user.php" method="post">
<input type="hidden" name="uname" value="'.$uname.'" />
<input type="hidden" name="name" value="'.removeHack($name).'" />
<input type="hidden" name="email" value="'.$email.'" />
<input type="hidden" name="user_avatar" value="'.$user_avatar.'" />
<input type="hidden" name="user_from" value="'.StripSlashes(removeHack($user_from)).'" />
<input type="hidden" name="user_occ" value="'.StripSlashes(removeHack($user_occ)).'" />
<input type="hidden" name="user_intrest" value="'.StripSlashes(removeHack($user_intrest)).'" />
<input type="hidden" name="user_sig" value="'.StripSlashes(removeHack($user_sig)).'" />
<input type="hidden" name="user_viewemail" value="'.$user_viewemail.'" />
<input type="hidden" name="pass" value="'.removeHack($pass).'" />
<input type="hidden" name="user_lnl" value="'.removeHack($user_lnl).'" />
<input type="hidden" name="C1" value="'.StripSlashes(removeHack($C1)).'" />
<input type="hidden" name="C2" value="'.StripSlashes(removeHack($C2)).'" />
<input type="hidden" name="C3" value="'.StripSlashes(removeHack($C3)).'" />
<input type="hidden" name="C4" value="'.StripSlashes(removeHack($C4)).'" />
<input type="hidden" name="C5" value="'.StripSlashes(removeHack($C5)).'" />
<input type="hidden" name="C6" value="'.StripSlashes(removeHack($C6)).'" />
<input type="hidden" name="C7" value="'.StripSlashes(removeHack($C7)).'" />
<input type="hidden" name="C8" value="'.StripSlashes(removeHack($C8)).'" />
<input type="hidden" name="M1" value="'.StripSlashes(removeHack($M1)).'" />
<input type="hidden" name="M2" value="'.StripSlashes(removeHack($M2)).'" />
<input type="hidden" name="T1" value="'.StripSlashes(removeHack($T1)).'" />
<input type="hidden" name="T2" value="'.StripSlashes(removeHack($T2)).'" />
<input type="hidden" name="B1" value="'.StripSlashes(removeHack($B1)).'" />
<input type="hidden" name="csrfToken" value="'.$csrfToken.'" />';
}
function finishNewUser($uname, $name, $email, $user_avatar, $user_occ, $user_from, $user_intrest, $user_sig, $user_viewemail, $pass,$user_lnl, $C1,$C2,$C3,$C4,$C5,$C6,$C7,$C8,$M1,$M2,$T1,$T2,$B1) {
global $NPDS_Prefix;
global $makepass, $system, $adminmail, $sitename, $AutoRegUser, $memberpass, $gmt;
if (!is_token_valid()) {
redirect_!url(!'index.php');
}
$m->add_field('op','','new user','hidden',false);
$m->add_field('csrfToken','', make_token(),'hidden',false);
Citation : Nicolas2
et dans user.php
function finishNewUser($uname, $name, $email, $user_avatar, $user_occ, $user_from, $user_intrest, $user_sig, $user_viewemail, $pass,$user_lnl, $C1,$C2,$C3,$C4,$C5,$C6,$C7,$C8,$M1,$M2,$T1,$T2,$B1)
tu ajoute sur chaque champ
StripSlashes(removeHack($NOM_DU_CHAMP))