Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Using FlashData Problem
Using FlashData Problem
  • El Forum
    Guest
  •  
#1
10-03-2008, 04:31 PM

[eluser]akifemre[/eluser]
Hello,
I've coded a CSRF library, goes as follows. But there is a method problem. I wanna use flashdata instead of userdata function. When i'm trying to use flashdata funx, my csrf library doesn't work. Because get() funx always gives the currency token value and variable, so check() funx doesn't work, how it should be. :-\

Here's my workin' CSRF library class.
Code:
<?php
if ( !defined('BASEPATH') )
    exit('No direct script access allowed');

class CI_AE_CSRF
{
    public $CI;
    public $uri;
    public $post;
    
    function __construct ( )
    {

        $this->CI = & get_instance( );
        $this->uri = $this->CI->uri->uri_string( ); #Get currency URI / Exp: /Blog/ComposeForm
        $this->post = @$_POST['token'];
    }
    
    /*
     * Set Token Variable and Value
     */
    function set ( )
    {

        $word = 'abcdefghijklmnopqrstuvwxyz0123456789';
        $start_pos = mt_rand(0, (strlen($word) - 3));
        $this->CI->session->set_userdata('CSRF_VAR_' . $this->uri, substr(str_shuffle($word), $start_pos, 3));
        $this->CI->session->set_userdata('CSRF_VAL_' . $this->uri, dohash(microtime( ) . mt_rand( )));
        return TRUE;
    

    }
    
    /*
     * Get Token Variable and Value
     */
    function get ($type = FALSE)
    {

        if ( $type == 'var' )
            return $this->CI->session->userdata('CSRF_VAR_' . $this->uri);
        elseif ( $type == 'val' )
            return $this->CI->session->userdata('CSRF_VAL_' . $this->uri);
        else
            return FALSE;
    
    }
    
    /*
     * Check Token Validaty
     */
    function check ( )
    {
        #To Debug
        echo '<h2>' . $this->get('var') . ' - ' . $this->get('val') . '</h2>';
        
        if ( count($this->post) > 0 )
        {
            if ( $this->get('var') && isset($this->post[$this->get('var')]) )
            {
                if ( $this->get('val') == FALSE || $this->get('val') != $this->post[$this->get('var')] )
                {
                    show_error('Token isnt valid!');
                }
            }
        }
    }
}

?&gt;

And my csrf() funx. to use after &lt;form ..&gt; tags.
Code:
function csrf ( )
{

    $CSRF = & load_class('AE_CSRF');
    $CSRF->check( );
    $CSRF->set( );
    return '&lt;input type="hidden" name="token[' . $CSRF-&gt;get('var') . ']" value="' . $CSRF->get('val') . '" /> ';
}

Btw i wanna say that. There should be used flashdata funx, because userdata funx blowin' up cookie.

Regards.




Theme © iAndrew 2016 - Forum software by © MyBB