diff options
author | nikrou <nikrou@piwigo.org> | 2009-12-14 22:38:04 +0000 |
---|---|---|
committer | nikrou <nikrou@piwigo.org> | 2009-12-14 22:38:04 +0000 |
commit | 9bbe72df1e0973da05968b38f97f9a435780246c (patch) | |
tree | 3faa7ebd8e2378dbd789e17d77aaeeb75054f710 /admin/include | |
parent | c76b39da6fa606dc6c39ef40a333a69d1a887378 (diff) |
Bug 1328 : improve check function
git-svn-id: http://piwigo.org/svn/trunk@4493 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'admin/include')
-rw-r--r-- | admin/include/functions.php | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/admin/include/functions.php b/admin/include/functions.php index 0e5a2b5d8..5a7f791f3 100644 --- a/admin/include/functions.php +++ b/admin/include/functions.php @@ -34,13 +34,18 @@ function check_token() { global $conf; - $token = hash_hmac('md5', session_id(), $conf['secret_key']); + $valid_token = hash_hmac('md5', session_id(), $conf['secret_key']); + $given_token = null; - if (!empty($_POST['pwg_token']) && ($_POST['pwg_token'] != $token)) + if (!empty($_POST['pwg_token'])) { - access_denied(); + $given_token = $_POST['pwg_token']; + } + elseif (!empty($_GET['pwg_token'])) + { + $given_token = $_GET['pwg_token']; } - elseif (!empty($_GET['pwg_token']) && ($_GET['pwg_token'] != $token)) + if ($given_token != $valid_token) { access_denied(); } |