From 9bbe72df1e0973da05968b38f97f9a435780246c Mon Sep 17 00:00:00 2001
From: nikrou <nikrou@piwigo.org>
Date: Mon, 14 Dec 2009 22:38:04 +0000
Subject: Bug 1328 : improve check function

git-svn-id: http://piwigo.org/svn/trunk@4493 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 admin/include/functions.php | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

(limited to 'admin/include')

diff --git a/admin/include/functions.php b/admin/include/functions.php
index 0e5a2b5d8..5a7f791f3 100644
--- a/admin/include/functions.php
+++ b/admin/include/functions.php
@@ -34,13 +34,18 @@ function check_token()
 {
   global $conf;
 
-  $token = hash_hmac('md5', session_id(), $conf['secret_key']);
+  $valid_token = hash_hmac('md5', session_id(), $conf['secret_key']);
+  $given_token = null;
 
-  if (!empty($_POST['pwg_token']) && ($_POST['pwg_token'] != $token))
+  if (!empty($_POST['pwg_token']))
   {
-    access_denied();    
+    $given_token = $_POST['pwg_token'];
+  }
+  elseif (!empty($_GET['pwg_token']))
+  {
+    $given_token = $_GET['pwg_token'];
   }
-  elseif (!empty($_GET['pwg_token']) && ($_GET['pwg_token'] != $token))
+  if ($given_token != $valid_token)
   {
     access_denied();    
   }
-- 
cgit v1.2.3