diff options
author | plegall <plg@piwigo.org> | 2009-12-17 22:47:31 +0000 |
---|---|---|
committer | plegall <plg@piwigo.org> | 2009-12-17 22:47:31 +0000 |
commit | 2119631cd7e390cb13899f657c9bb96518cae870 (patch) | |
tree | fa9fe76cd6acd80cc12596234e27562c018906ff /admin | |
parent | 587aaa02102e97f71a7dfb07ec48efc36593b924 (diff) |
bug 1328: implement check_pwg_token for emails on user comments management.
The check_pwg_token and get_pwg_token functions were moved to the public side
(for use on comments.php)
The email sent to admins on new user comment does not directly includes
validate/delete actions.
git-svn-id: http://piwigo.org/svn/branches/2.0@4508 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'admin')
-rw-r--r-- | admin/include/functions.php | 33 |
1 files changed, 0 insertions, 33 deletions
diff --git a/admin/include/functions.php b/admin/include/functions.php index b0013b29b..1081c9f3d 100644 --- a/admin/include/functions.php +++ b/admin/include/functions.php @@ -23,39 +23,6 @@ include(PHPWG_ROOT_PATH.'admin/include/functions_metadata.php'); -/** - * check token comming from form posted or get params to prevent csrf attacks - * if pwg_token is empty action doesn't require token - * else pwg_token is compare to server token - * - * @return void access denied if token given is not equal to server token - */ -function check_pwg_token() -{ - $valid_token = get_pwg_token(); - $given_token = null; - - if (!empty($_POST['pwg_token'])) - { - $given_token = $_POST['pwg_token']; - } - elseif (!empty($_GET['pwg_token'])) - { - $given_token = $_GET['pwg_token']; - } - if ($given_token != $valid_token) - { - access_denied(); - } -} - -function get_pwg_token() -{ - global $conf; - - return hash_hmac('md5', session_id(), $conf['secret_key']); -} - // The function delete_site deletes a site and call the function // delete_categories for each primary category of the site function delete_site( $id ) |