Revision 1312
Added by Dietmar over 14 years ago
| class.wb.php | ||
|---|---|---|
| 269 | 269 |
} |
| 270 | 270 |
} |
| 271 | 271 |
|
| 272 |
/* |
|
| 273 |
* creates Formular transactionnumbers for unique use |
|
| 274 |
* @access public |
|
| 275 |
* @param bool $asTAG: true returns a complete prepared, hidden HTML-Input-Tag (default) |
|
| 276 |
* false returns an array including FTAN0 and FTAN1 |
|
| 277 |
* @return mixed: array or string |
|
| 278 |
* |
|
| 279 |
* requirements: an active session must be available |
|
| 280 |
*/ |
|
| 281 |
public function getFTAN( $asTAG = true) |
|
| 282 |
{
|
|
| 283 |
if(function_exists('microtime'))
|
|
| 284 |
{
|
|
| 285 |
list($usec, $sec) = explode(" ", microtime());
|
|
| 286 |
$time = ((float)$usec + (float)$sec); |
|
| 287 |
}else{
|
|
| 288 |
$time = time(); |
|
| 289 |
} |
|
| 290 |
$ftan = md5(((string)$time).$_SERVER['SERVER_ADDR']); |
|
| 291 |
$_SESSION['FTAN'] = $ftan; |
|
| 292 |
$ftan0 = 'a'.substr($ftan, -(10 + hexdec(substr($ftan, 1))), 10); |
|
| 293 |
$ftan1 = 'a'.substr($ftan, hexdec(substr($ftan, -1)), 10); |
|
| 294 |
if($asTAG == true) |
|
| 295 |
{
|
|
| 296 |
return '<input type="hidden" name="'.$ftan0.'" value="'.$ftan1.'" title="" />'; |
|
| 297 |
}else{
|
|
| 298 |
return array('FTAN0' => $ftan0, 'FTAN1' => $ftan1);
|
|
| 299 |
} |
|
| 300 |
} |
|
| 301 |
|
|
| 302 |
/* |
|
| 303 |
* checks received form-transactionnumbers against session-stored one |
|
| 304 |
* @access public |
|
| 305 |
* @param string $mode: requestmethode POST(default) or GET |
|
| 306 |
* @return bool: true if numbers matches against stored ones |
|
| 307 |
* |
|
| 308 |
* requirements: an active session must be available |
|
| 309 |
* this check will prevent from multiple sending a form. history.back() also will never work |
|
| 310 |
*/ |
|
| 311 |
public function checkFTAN( $mode = 'POST') |
|
| 312 |
{
|
|
| 313 |
$retval = false; |
|
| 314 |
if(isset($_SESSION['FTAN']) && strlen($_SESSION['FTAN']) == strlen(md5('dummy')))
|
|
| 315 |
{
|
|
| 316 |
$ftan = $_SESSION['FTAN']; |
|
| 317 |
$ftan0 = 'a'.substr($ftan, -(10 + hexdec(substr($ftan, 1))), 10); |
|
| 318 |
$ftan1 = 'a'.substr($ftan, hexdec(substr($ftan, -1)), 10); |
|
| 319 |
unset($_SESSION['FTAN']); |
|
| 320 |
if(strtoupper($mode) == 'POST') |
|
| 321 |
{
|
|
| 322 |
$retval = (isset($_POST[$ftan0]) && $_POST[$ftan0] == ($ftan1)); |
|
| 323 |
$_POST[$ftan0] = ''; |
|
| 324 |
}else{
|
|
| 325 |
$retval = (isset($_GET[$ftan0]) && $_GET[$ftan0] == ($ftan1)); |
|
| 326 |
$_GET[$ftan0] = ''; |
|
| 327 |
} |
|
| 328 |
} |
|
| 329 |
return $retval; |
|
| 330 |
} |
|
| 331 |
|
|
| 272 | 332 |
// Print a success message which then automatically redirects the user to another page |
| 273 | 333 |
function print_success($message, $redirect = 'index.php') {
|
| 274 | 334 |
global $TEXT, $database; |
Also available in: Unified diff
Ticket #971 Using $_POST in Admin - account - login.php (tks to Aldus)
update class.wb.php added tokens function