[xoops-cvslog 1673] CVS update: xoops2jp/html/class

Back to archive index

Minahito minah****@users*****
2006年 1月 12日 (木) 14:27:46 JST


Index: xoops2jp/html/class/XCube_ActionForm.class.php
diff -u xoops2jp/html/class/XCube_ActionForm.class.php:1.1.2.15 xoops2jp/html/class/XCube_ActionForm.class.php:1.1.2.16
--- xoops2jp/html/class/XCube_ActionForm.class.php:1.1.2.15	Thu Jan 12 13:22:06 2006
+++ xoops2jp/html/class/XCube_ActionForm.class.php	Thu Jan 12 14:27:46 2006
@@ -36,6 +36,17 @@
 	{
 	}
 	
+	function getTokenName()
+	{
+		return null;
+	}
+	
+	function getToken()
+	{
+        srand (microtime() * 100000);
+        return md5(XOOPS_SALT . uniqid(rand(), true));
+	}
+	
 	function set()
 	{
 		if(isset($this->mFormProperties[func_get_arg(0)])) {
@@ -95,6 +106,24 @@
 
 	function validate()
 	{
+		//
+		// check onetime & transaction token
+		//
+		if ($this->getTokenName() != null) {
+			$token = xoops_getrequest($this->getTokenName());
+			if (!isset($_SESSION['XCUBE_TOKEN'][$this->getTokenName()])) {
+				$this->addErrorMessage(_TOKEN_ERROR);
+			}
+			elseif (!$_SESSION['XCUBE_TOKEN'][$this->getTokenName()] != $token) {
+				$this->addErrorMessage(_TOKEN_ERROR);
+			}
+			
+			//
+			// clear token
+			//
+			unset($_SESSION['XCUBE_TOKEN'][$this->getTokenName()]);
+		}
+		
 		foreach(array_keys($this->mFormProperties) as $name) {
 			if(isset($this->mFieldProperties[$name])) {
 				$this->mFieldProperties[$name]->validate($this->getVar($name));
@@ -129,110 +158,6 @@
 	}
 }
 
-/**
- * This class depends on POST or GET.
- *
- * 1) Must define getTokenErrorMessage()
- */
-class XCube_TokenActionForm extends XCube_ActionForm
-{
-	var $mToken = null;
-
-	function prepare()
-	{
-		parent::prepare();
-		if(xoops_getenv('REQUEST_METHOD')=="GET") {
-			$this->_setupToken();
-		}
-		else {
-			$this->_fetchToken();
-		}
-	}
-
-	function _setupToken()
-	{
-		$tokenHandler=&$this->_createTokenHandler();
-
-		if($tokenHandler==null)
-			die();	// TODO
-
-		$this->mToken=&$tokenHandler->create($this->getTokenName());
-		$tokenHandler->register($this->mToken);
-	}
-	
-	function _fetchToken()
-	{
-		$tokenHandler=&$this->_createTokenHandler();
-
-		if($tokenHandler==null)
-			die();	// TODO
-
-		$this->mToken=&$tokenHandler->fetch($this->getTokenName());
-	}
-	
-	function &_createTokenHandler()
-	{
-		$tokenHandler=null;
-		if($this->getTokenType==XCUBE_TOKEN_TYPE_SINGLE) {
-			$tokenHandler=new XoopsSingleTokenHandler();
-		}
-		elseif($this->getTokenType==XCUBE_TOKEN_TYPE_MULTI) {
-			$tokenHandler=new XoopsMultiTokenHandler();
-		}
-		
-		return $tokenHandler;
-	}
-	
-	function valite()
-	{
-		parent::validate();
-		
-		$tokenHandler=&$this->_createTokenHandler();
-
-		if($tokenHandler!=null && is_object($this->mToken)) {
-			if($tokenHandler->validate($this->mToken)) {
-				//
-				// Success
-				//
-				return;
-			}
-			else {
-				$tokenHandler->unregister($this->mToken);
-			}
-		}
-
-		$this->addErrorMessage($this->getTokenErrorMessage());
-		$this->_setupToken();
-	}
-
-	/**
-	 * Return string as token name.
-	 * @return string
-	 */
-	function getTokenName()
-	{
-		return get_class($this);
-	}
-
-	/**
-	 * Return XCUBE_TOKEN_TYPE_SINGLE or XCUBE_TOKEN_TYPE_MULTI
-	 * @return XCUBE_TOKEN_TYPE_SINGLE or XCUBE_TOKEN_TYPE_MULTI
-	 */
-	function getTokenType()
-	{
-		return XCUBE_TOKEN_TYPE_MULTI;
-	}
-	
-	/**
-	 * Return string as error message about one-time token.
-	 * @return string
-	 */
-	function getTokenErrorMessage()
-	{
-		return "Ticket Error";
-	}
-}
-
 class XCube_AbstractProperty
 {
 	var $mName=null;


xoops-cvslog メーリングリストの案内
Back to archive index