• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Using FlashData Problem

#1
[eluser]akifemre[/eluser]
Hello,
I've coded a CSRF library, goes as follows. But there is a method problem. I wanna use flashdata instead of userdata function. When i'm trying to use flashdata funx, my csrf library doesn't work. Because get() funx always gives the currency token value and variable, so check() funx doesn't work, how it should be. :-\

Here's my workin' CSRF library class.
Code:
<?php
if ( !defined('BASEPATH') )
    exit('No direct script access allowed');

class CI_AE_CSRF
{
    public $CI;
    public $uri;
    public $post;
    
    function __construct ( )
    {

        $this->CI = & get_instance( );
        $this->uri = $this->CI->uri->uri_string( ); #Get currency URI / Exp: /Blog/ComposeForm
        $this->post = @$_POST['token'];
    }
    
    /*
     * Set Token Variable and Value
     */
    function set ( )
    {

        $word = 'abcdefghijklmnopqrstuvwxyz0123456789';
        $start_pos = mt_rand(0, (strlen($word) - 3));
        $this->CI->session->set_userdata('CSRF_VAR_' . $this->uri, substr(str_shuffle($word), $start_pos, 3));
        $this->CI->session->set_userdata('CSRF_VAL_' . $this->uri, dohash(microtime( ) . mt_rand( )));
        return TRUE;
    

    }
    
    /*
     * Get Token Variable and Value
     */
    function get ($type = FALSE)
    {

        if ( $type == 'var' )
            return $this->CI->session->userdata('CSRF_VAR_' . $this->uri);
        elseif ( $type == 'val' )
            return $this->CI->session->userdata('CSRF_VAL_' . $this->uri);
        else
            return FALSE;
    
    }
    
    /*
     * Check Token Validaty
     */
    function check ( )
    {
        #To Debug
        echo '<h2>' . $this->get('var') . ' - ' . $this->get('val') . '</h2>';
        
        if ( count($this->post) > 0 )
        {
            if ( $this->get('var') && isset($this->post[$this->get('var')]) )
            {
                if ( $this->get('val') == FALSE || $this->get('val') != $this->post[$this->get('var')] )
                {
                    show_error('Token isnt valid!');
                }
            }
        }
    }
}

?&gt;

And my csrf() funx. to use after &lt;form ..&gt; tags.
Code:
function csrf ( )
{

    $CSRF = & load_class('AE_CSRF');
    $CSRF->check( );
    $CSRF->set( );
    return '&lt;input type="hidden" name="token[' . $CSRF-&gt;get('var') . ']" value="' . $CSRF->get('val') . '" /> ';
}

Btw i wanna say that. There should be used flashdata funx, because userdata funx blowin' up cookie.

Regards.


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.