diff options
| author | Henry Sudhof <kellanved@phpbb.com> | 2007-10-09 11:21:08 +0000 |
|---|---|---|
| committer | Henry Sudhof <kellanved@phpbb.com> | 2007-10-09 11:21:08 +0000 |
| commit | ea9c1d7ea9fce82cc3b7a87b52d1c3005927a26d (patch) | |
| tree | 5cc400e4b41eeacff63feef8ed5770f77e21abd3 /phpBB/includes/functions.php | |
| parent | e8b2c4128ec285314ce6c58d3989a9c92f8a456c (diff) | |
| download | forums-ea9c1d7ea9fce82cc3b7a87b52d1c3005927a26d.tar forums-ea9c1d7ea9fce82cc3b7a87b52d1c3005927a26d.tar.gz forums-ea9c1d7ea9fce82cc3b7a87b52d1c3005927a26d.tar.bz2 forums-ea9c1d7ea9fce82cc3b7a87b52d1c3005927a26d.tar.xz forums-ea9c1d7ea9fce82cc3b7a87b52d1c3005927a26d.zip | |
new clicky thingies.
git-svn-id: file:///svn/phpbb/trunk@8156 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/functions.php')
| -rw-r--r-- | phpBB/includes/functions.php | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index b88d1d9e30..aa7729d406 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2006,9 +2006,10 @@ function meta_refresh($time, $url) */ function add_form_key($form_name) { - global $template, $user; + global $config, $template, $user; $now = time(); - $token = sha1($now . $user->data['user_form_salt'] . $form_name); + $token_sid = ($user->data['user_id'] == ANONYMOUS && !empty($config['form_token_sid_guests'])) ? $user->session_id : ''; + $token = sha1($now . $user->data['user_form_salt'] . $form_name . $token_sid); $s_fields = build_hidden_fields(array( 'creation_time' => $now, @@ -2029,7 +2030,7 @@ function add_form_key($form_name) */ function check_form_key($form_name, $timespan = false, $return_page = '', $trigger = false, $miniumum_time = false) { - global $user, $config; + global $config, $user; if ($timespan === false) { @@ -2039,6 +2040,7 @@ function check_form_key($form_name, $timespan = false, $return_page = '', $trigg { $miniumum_time = $config['form_token_mintime']; } + if (isset($_POST['creation_time']) && isset($_POST['form_token'])) { $creation_time = abs(request_var('creation_time', 0)); @@ -2046,9 +2048,11 @@ function check_form_key($form_name, $timespan = false, $return_page = '', $trigg $diff = (time() - $creation_time); - if (($diff > $miniumum_time) && (($diff < $timespan) || $timespan == -1)) + if (($diff >= $miniumum_time) && (($diff <= $timespan) || $timespan == -1)) { - $key = sha1($creation_time . $user->data['user_form_salt'] . $form_name); + $token_sid = ($user->data['user_id'] == ANONYMOUS && !empty($config['form_token_sid_guests'])) ? $user->session_id : ''; + + $key = sha1($creation_time . $user->data['user_form_salt'] . $form_name . $token_sid); if ($key === $token) { return true; |