|
|
|
@ -756,30 +756,33 @@
|
|
|
|
|
|
|
|
|
|
function csrf_check($nam, $show=1)
|
|
|
|
|
{
|
|
|
|
|
if(!array_key_exists('csrf',$_REQUEST) || !array_key_exists('csrf_'.$nam,$_SESSION))
|
|
|
|
|
{
|
|
|
|
|
$_SESSION['csrf_'.$nam]="";
|
|
|
|
|
if($show) showheader(_("My CAcert.org Account!"));
|
|
|
|
|
echo _("CSRF Hash is missing. Please try again.")."\n";
|
|
|
|
|
if($show) showfooter();
|
|
|
|
|
exit();
|
|
|
|
|
}
|
|
|
|
|
if(strlen($_REQUEST['csrf'])!=32 || $_SESSION['csrf_'.$nam] != $_REQUEST['csrf'])
|
|
|
|
|
{
|
|
|
|
|
$_SESSION['csrf_'.$nam]="";
|
|
|
|
|
if($show) showheader(_("My CAcert.org Account!"));
|
|
|
|
|
echo _("CSRF Hash is wrong. Please try again.")."\n";
|
|
|
|
|
if($show) showfooter();
|
|
|
|
|
exit();
|
|
|
|
|
}
|
|
|
|
|
// CSRF Hash is ok.
|
|
|
|
|
$_SESSION['csrf_'.$nam]="";
|
|
|
|
|
|
|
|
|
|
if(!array_key_exists('csrf',$_REQUEST) || !array_key_exists('csrf_'.$nam,$_SESSION))
|
|
|
|
|
{
|
|
|
|
|
showheader(_("My CAcert.org Account!"));
|
|
|
|
|
echo _("CSRF Hash is missing. Please try again.")."\n";
|
|
|
|
|
showfooter();
|
|
|
|
|
exit();
|
|
|
|
|
}
|
|
|
|
|
if(strlen($_REQUEST['csrf'])!=32)
|
|
|
|
|
{
|
|
|
|
|
showheader(_("My CAcert.org Account!"));
|
|
|
|
|
echo _("CSRF Hash is wrong. Please try again.")."\n";
|
|
|
|
|
showfooter();
|
|
|
|
|
exit();
|
|
|
|
|
}
|
|
|
|
|
if(!array_key_exists($_REQUEST['csrf'],$_SESSION['csrf_'.$nam]))
|
|
|
|
|
{
|
|
|
|
|
showheader(_("My CAcert.org Account!"));
|
|
|
|
|
echo _("CSRF Hash is wrong. Please try again.")."\n";
|
|
|
|
|
showfooter();
|
|
|
|
|
exit();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
function make_csrf($nam)
|
|
|
|
|
{
|
|
|
|
|
$_SESSION['csrf_'.$nam]=make_hash();
|
|
|
|
|
return($_SESSION['csrf_'.$nam]);
|
|
|
|
|
$hash=make_hash();
|
|
|
|
|
$_SESSION['csrf_'.$nam][$hash]=1;
|
|
|
|
|
return($hash);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function clean_csr($CSR)
|
|
|
|
|