diff --git a/src/Controller/ModuleController.php b/src/Controller/ModuleController.php
index fe96d82..a486158 100644
--- a/src/Controller/ModuleController.php
+++ b/src/Controller/ModuleController.php
@@ -129,18 +129,28 @@ class ModuleController extends AbstractController
Request $request
): Response
{
+ // Connect memcached
+ $memcached = new \Memcached();
+ $memcached->addServer(
+ $this->getParameter('app.memcached.host'),
+ $this->getParameter('app.memcached.port')
+ );
+
+ // Create token
+ $token = crc32(
+ microtime(true) + rand()
+ );
+
+ $memcached->add(
+ $token,
+ time()
+ );
+
// Check user session exist
$username = false;
if (!empty($request->cookies->get('KEVACHAT_SESSION')) && preg_match('/[A-z0-9]{32}/', $request->cookies->get('KEVACHAT_SESSION')))
{
- // Connect memcached
- $memcached = new \Memcached();
- $memcached->addServer(
- $this->getParameter('app.memcached.host'),
- $this->getParameter('app.memcached.port')
- );
-
// Check username exist for this session
if ($value = $memcached->get($request->cookies->get('KEVACHAT_SESSION')))
{
@@ -203,6 +213,7 @@ class ModuleController extends AbstractController
'error' => $request->get('error'),
'warning' => $request->get('warning'),
'sign' => $sign,
+ 'token' => $token,
'message' => $message,
'username' => $username,
'cost' => $this->getParameter('app.add.post.cost.kva'),
@@ -223,10 +234,28 @@ class ModuleController extends AbstractController
Request $request
): Response
{
+ // Connect memcached
+ $memcached = new \Memcached();
+ $memcached->addServer(
+ $this->getParameter('app.memcached.host'),
+ $this->getParameter('app.memcached.port')
+ );
+
+ // Create token
+ $token = crc32(
+ microtime(true) + rand()
+ );
+
+ $memcached->add(
+ $token,
+ time()
+ );
+
return $this->render(
'default/module/room.html.twig',
[
'request' => $request,
+ 'token' => $token,
'cost' => $this->getParameter('app.add.room.cost.kva')
]
);
diff --git a/src/Controller/RoomController.php b/src/Controller/RoomController.php
index fa66ef8..0db6b28 100644
--- a/src/Controller/RoomController.php
+++ b/src/Controller/RoomController.php
@@ -442,6 +442,29 @@ class RoomController extends AbstractController
}
*/
+ // Validate form token
+ if ($memcached->get($request->get('token')))
+ {
+ $memcached->delete(
+ $request->get('token')
+ );
+ }
+
+ else
+ {
+ return $this->redirectToRoute(
+ 'room_namespace',
+ [
+ 'mode' => $request->get('mode'),
+ 'namespace' => $request->get('namespace'),
+ 'message' => $request->get('message'),
+ 'sign' => $request->get('sign'),
+ 'error' => $translator->trans('Session token expired'),
+ '_fragment' => 'latest'
+ ]
+ );
+ }
+
// Validate access to the room namespace
if
(
@@ -794,6 +817,26 @@ class RoomController extends AbstractController
$request->get('name')
);
+ // Validate form token
+ if ($memcached->get($request->get('token')))
+ {
+ $memcached->delete(
+ $request->get('token')
+ );
+ }
+
+ else
+ {
+ return $this->redirectToRoute(
+ 'room_list',
+ [
+ 'mode' => $request->get('mode'),
+ 'name' => $name,
+ 'error' => $translator->trans('Session token expired')
+ ]
+ );
+ }
+
// Validate kevacoin key requirements
if (mb_strlen($name) < 1 || mb_strlen($name) > 520)
{
diff --git a/src/Controller/UserController.php b/src/Controller/UserController.php
index e11768f..3bf1bd7 100644
--- a/src/Controller/UserController.php
+++ b/src/Controller/UserController.php
@@ -159,6 +159,23 @@ class UserController extends AbstractController
?Request $request
): Response
{
+ // Connect memcached
+ $memcached = new \Memcached();
+ $memcached->addServer(
+ $this->getParameter('app.memcached.host'),
+ $this->getParameter('app.memcached.port')
+ );
+
+ // Create token
+ $token = crc32(
+ microtime(true) + rand()
+ );
+
+ $memcached->add(
+ $token,
+ time()
+ );
+
// Check user session does not exist to continue
if (!empty($request->cookies->get('KEVACHAT_SESSION')))
{
@@ -172,6 +189,7 @@ class UserController extends AbstractController
'default/user/join.html.twig',
[
'request' => $request,
+ 'token' => $token,
'cost' => $this->getParameter('app.add.user.cost.kva')
]
);
@@ -189,6 +207,23 @@ class UserController extends AbstractController
?Request $request
): Response
{
+ // Connect memcached
+ $memcached = new \Memcached();
+ $memcached->addServer(
+ $this->getParameter('app.memcached.host'),
+ $this->getParameter('app.memcached.port')
+ );
+
+ // Create token
+ $token = crc32(
+ microtime(true) + rand()
+ );
+
+ $memcached->add(
+ $token,
+ time()
+ );
+
// Check user session does not exist to continue
if (!empty($request->cookies->get('KEVACHAT_SESSION')))
{
@@ -201,7 +236,8 @@ class UserController extends AbstractController
return $this->render(
'default/user/login.html.twig',
[
- 'request' => $request
+ 'request' => $request,
+ 'token' => $token
]
);
}
@@ -298,6 +334,25 @@ class UserController extends AbstractController
),
);
+ // Validate form token
+ if ($memcached->get($request->get('token')))
+ {
+ $memcached->delete(
+ $request->get('token')
+ );
+ }
+
+ else
+ {
+ return $this->redirectToRoute(
+ 'user_add',
+ [
+ 'username' => $request->get('username'),
+ 'error' => $translator->trans('Session token expired')
+ ]
+ );
+ }
+
// Validate remote IP limits
if ($delay = (int) $memcached->get($memory))
{
@@ -629,6 +684,25 @@ class UserController extends AbstractController
$this->getParameter('app.memcached.port')
);
+ // Validate form token
+ if ($memcached->get($request->get('token')))
+ {
+ $memcached->delete(
+ $request->get('token')
+ );
+ }
+
+ else
+ {
+ return $this->redirectToRoute(
+ 'user_login',
+ [
+ 'username' => $request->get('username'),
+ 'error' => $translator->trans('Session token expired')
+ ]
+ );
+ }
+
// Check client connection
if (!$client = $this->_client())
{
diff --git a/templates/default/module/post.html.twig b/templates/default/module/post.html.twig
index 0c3a8e5..a7a2b32 100644
--- a/templates/default/module/post.html.twig
+++ b/templates/default/module/post.html.twig
@@ -34,5 +34,6 @@
{% if cost %}
{{ 'cost: %s KVA' | format(cost) | trans }}
{% endif %}
+
{% endif %}
\ No newline at end of file
diff --git a/templates/default/module/room.html.twig b/templates/default/module/room.html.twig
index cc8e0f4..4f538c8 100644
--- a/templates/default/module/room.html.twig
+++ b/templates/default/module/room.html.twig
@@ -10,4 +10,5 @@
{% if cost %}
{{ 'cost: %s KVA' | format(cost) | trans }}
{% endif %}
+
\ No newline at end of file
diff --git a/templates/default/user/join.html.twig b/templates/default/user/join.html.twig
index 6437b64..c71d7cb 100644
--- a/templates/default/user/join.html.twig
+++ b/templates/default/user/join.html.twig
@@ -19,5 +19,6 @@
{% if cost %}
{{ 'cost: %s KVA' | format(cost) | trans }}
{% endif %}
+
{% endblock %}
\ No newline at end of file
diff --git a/templates/default/user/login.html.twig b/templates/default/user/login.html.twig
index 959f9cd..9256686 100644
--- a/templates/default/user/login.html.twig
+++ b/templates/default/user/login.html.twig
@@ -11,5 +11,6 @@
{{ 'Create account' | trans }}
+
{% endblock %}
\ No newline at end of file