From 2119631cd7e390cb13899f657c9bb96518cae870 Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Thu, 17 Dec 2009 22:47:31 +0000
Subject: bug 1328: implement check_pwg_token for emails on user comments
 management.

The check_pwg_token and get_pwg_token functions were moved to the public side
(for use on comments.php)

The email sent to admins on new user comment does not directly includes
validate/delete actions.

git-svn-id: http://piwigo.org/svn/branches/2.0@4508 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 admin/include/functions.php | 33 ---------------------------------
 1 file changed, 33 deletions(-)

(limited to 'admin')

diff --git a/admin/include/functions.php b/admin/include/functions.php
index b0013b29b..1081c9f3d 100644
--- a/admin/include/functions.php
+++ b/admin/include/functions.php
@@ -23,39 +23,6 @@
 
 include(PHPWG_ROOT_PATH.'admin/include/functions_metadata.php');
 
-/**
- * check token comming from form posted or get params to prevent csrf attacks
- * if pwg_token is empty action doesn't require token
- * else pwg_token is compare to server token
- *
- * @return void access denied if token given is not equal to server token 
- */
-function check_pwg_token()
-{
-  $valid_token = get_pwg_token();
-  $given_token = null;
-
-  if (!empty($_POST['pwg_token']))
-  {
-    $given_token = $_POST['pwg_token'];
-  }
-  elseif (!empty($_GET['pwg_token']))
-  {
-    $given_token = $_GET['pwg_token'];
-  }
-  if ($given_token != $valid_token)
-  {
-    access_denied();    
-  }
-}
-
-function get_pwg_token()
-{
-  global $conf;
-
-  return hash_hmac('md5', session_id(), $conf['secret_key']);
-}
-
 // The function delete_site deletes a site and call the function
 // delete_categories for each primary category of the site
 function delete_site( $id )
-- 
cgit v1.2.3