mirror of
https://github.com/kevachat/webapp.git
synced 2025-01-22 12:34:25 +00:00
implement form tokens
This commit is contained in:
ghost
parent
6a08ac558a
commit
be100a1420
@ -129,18 +129,28 @@ class ModuleController extends AbstractController
|
||||
Request $request
|
||||
): Response
|
||||
{
|
||||
// Connect memcached
|
||||
$memcached = new \Memcached();
|
||||
$memcached->addServer(
|
||||
$this->getParameter('app.memcached.host'),
|
||||
$this->getParameter('app.memcached.port')
|
||||
);
|
||||
|
||||
// Create token
|
||||
$token = crc32(
|
||||
microtime(true) + rand()
|
||||
);
|
||||
|
||||
$memcached->add(
|
||||
$token,
|
||||
time()
|
||||
);
|
||||
|
||||
// Check user session exist
|
||||
$username = false;
|
||||
|
||||
if (!empty($request->cookies->get('KEVACHAT_SESSION')) && preg_match('/[A-z0-9]{32}/', $request->cookies->get('KEVACHAT_SESSION')))
|
||||
{
|
||||
// Connect memcached
|
||||
$memcached = new \Memcached();
|
||||
$memcached->addServer(
|
||||
$this->getParameter('app.memcached.host'),
|
||||
$this->getParameter('app.memcached.port')
|
||||
);
|
||||
|
||||
// Check username exist for this session
|
||||
if ($value = $memcached->get($request->cookies->get('KEVACHAT_SESSION')))
|
||||
{
|
||||
@ -203,6 +213,7 @@ class ModuleController extends AbstractController
|
||||
'error' => $request->get('error'),
|
||||
'warning' => $request->get('warning'),
|
||||
'sign' => $sign,
|
||||
'token' => $token,
|
||||
'message' => $message,
|
||||
'username' => $username,
|
||||
'cost' => $this->getParameter('app.add.post.cost.kva'),
|
||||
@ -223,10 +234,28 @@ class ModuleController extends AbstractController
|
||||
Request $request
|
||||
): Response
|
||||
{
|
||||
// Connect memcached
|
||||
$memcached = new \Memcached();
|
||||
$memcached->addServer(
|
||||
$this->getParameter('app.memcached.host'),
|
||||
$this->getParameter('app.memcached.port')
|
||||
);
|
||||
|
||||
// Create token
|
||||
$token = crc32(
|
||||
microtime(true) + rand()
|
||||
);
|
||||
|
||||
$memcached->add(
|
||||
$token,
|
||||
time()
|
||||
);
|
||||
|
||||
return $this->render(
|
||||
'default/module/room.html.twig',
|
||||
[
|
||||
'request' => $request,
|
||||
'token' => $token,
|
||||
'cost' => $this->getParameter('app.add.room.cost.kva')
|
||||
]
|
||||
);
|
||||
|
||||
@ -442,6 +442,29 @@ class RoomController extends AbstractController
|
||||
}
|
||||
*/
|
||||
|
||||
// Validate form token
|
||||
if ($memcached->get($request->get('token')))
|
||||
{
|
||||
$memcached->delete(
|
||||
$request->get('token')
|
||||
);
|
||||
}
|
||||
|
||||
else
|
||||
{
|
||||
return $this->redirectToRoute(
|
||||
'room_namespace',
|
||||
[
|
||||
'mode' => $request->get('mode'),
|
||||
'namespace' => $request->get('namespace'),
|
||||
'message' => $request->get('message'),
|
||||
'sign' => $request->get('sign'),
|
||||
'error' => $translator->trans('Session token expired'),
|
||||
'_fragment' => 'latest'
|
||||
]
|
||||
);
|
||||
}
|
||||
|
||||
// Validate access to the room namespace
|
||||
if
|
||||
(
|
||||
@ -794,6 +817,26 @@ class RoomController extends AbstractController
|
||||
$request->get('name')
|
||||
);
|
||||
|
||||
// Validate form token
|
||||
if ($memcached->get($request->get('token')))
|
||||
{
|
||||
$memcached->delete(
|
||||
$request->get('token')
|
||||
);
|
||||
}
|
||||
|
||||
else
|
||||
{
|
||||
return $this->redirectToRoute(
|
||||
'room_list',
|
||||
[
|
||||
'mode' => $request->get('mode'),
|
||||
'name' => $name,
|
||||
'error' => $translator->trans('Session token expired')
|
||||
]
|
||||
);
|
||||
}
|
||||
|
||||
// Validate kevacoin key requirements
|
||||
if (mb_strlen($name) < 1 || mb_strlen($name) > 520)
|
||||
{
|
||||
|
||||
@ -159,6 +159,23 @@ class UserController extends AbstractController
|
||||
?Request $request
|
||||
): Response
|
||||
{
|
||||
// Connect memcached
|
||||
$memcached = new \Memcached();
|
||||
$memcached->addServer(
|
||||
$this->getParameter('app.memcached.host'),
|
||||
$this->getParameter('app.memcached.port')
|
||||
);
|
||||
|
||||
// Create token
|
||||
$token = crc32(
|
||||
microtime(true) + rand()
|
||||
);
|
||||
|
||||
$memcached->add(
|
||||
$token,
|
||||
time()
|
||||
);
|
||||
|
||||
// Check user session does not exist to continue
|
||||
if (!empty($request->cookies->get('KEVACHAT_SESSION')))
|
||||
{
|
||||
@ -172,6 +189,7 @@ class UserController extends AbstractController
|
||||
'default/user/join.html.twig',
|
||||
[
|
||||
'request' => $request,
|
||||
'token' => $token,
|
||||
'cost' => $this->getParameter('app.add.user.cost.kva')
|
||||
]
|
||||
);
|
||||
@ -189,6 +207,23 @@ class UserController extends AbstractController
|
||||
?Request $request
|
||||
): Response
|
||||
{
|
||||
// Connect memcached
|
||||
$memcached = new \Memcached();
|
||||
$memcached->addServer(
|
||||
$this->getParameter('app.memcached.host'),
|
||||
$this->getParameter('app.memcached.port')
|
||||
);
|
||||
|
||||
// Create token
|
||||
$token = crc32(
|
||||
microtime(true) + rand()
|
||||
);
|
||||
|
||||
$memcached->add(
|
||||
$token,
|
||||
time()
|
||||
);
|
||||
|
||||
// Check user session does not exist to continue
|
||||
if (!empty($request->cookies->get('KEVACHAT_SESSION')))
|
||||
{
|
||||
@ -201,7 +236,8 @@ class UserController extends AbstractController
|
||||
return $this->render(
|
||||
'default/user/login.html.twig',
|
||||
[
|
||||
'request' => $request
|
||||
'request' => $request,
|
||||
'token' => $token
|
||||
]
|
||||
);
|
||||
}
|
||||
@ -298,6 +334,25 @@ class UserController extends AbstractController
|
||||
),
|
||||
);
|
||||
|
||||
// Validate form token
|
||||
if ($memcached->get($request->get('token')))
|
||||
{
|
||||
$memcached->delete(
|
||||
$request->get('token')
|
||||
);
|
||||
}
|
||||
|
||||
else
|
||||
{
|
||||
return $this->redirectToRoute(
|
||||
'user_add',
|
||||
[
|
||||
'username' => $request->get('username'),
|
||||
'error' => $translator->trans('Session token expired')
|
||||
]
|
||||
);
|
||||
}
|
||||
|
||||
// Validate remote IP limits
|
||||
if ($delay = (int) $memcached->get($memory))
|
||||
{
|
||||
@ -629,6 +684,25 @@ class UserController extends AbstractController
|
||||
$this->getParameter('app.memcached.port')
|
||||
);
|
||||
|
||||
// Validate form token
|
||||
if ($memcached->get($request->get('token')))
|
||||
{
|
||||
$memcached->delete(
|
||||
$request->get('token')
|
||||
);
|
||||
}
|
||||
|
||||
else
|
||||
{
|
||||
return $this->redirectToRoute(
|
||||
'user_login',
|
||||
[
|
||||
'username' => $request->get('username'),
|
||||
'error' => $translator->trans('Session token expired')
|
||||
]
|
||||
);
|
||||
}
|
||||
|
||||
// Check client connection
|
||||
if (!$client = $this->_client())
|
||||
{
|
||||
|
||||
@ -34,5 +34,6 @@
|
||||
{% if cost %}
|
||||
<span>{{ 'cost: %s KVA' | format(cost) | trans }}</span>
|
||||
{% endif %}
|
||||
<input type="hidden" name="token" value="{{ token }}" />
|
||||
</form>
|
||||
{% endif %}
|
||||
@ -10,4 +10,5 @@
|
||||
{% if cost %}
|
||||
<span>{{ 'cost: %s KVA' | format(cost) | trans }}</span>
|
||||
{% endif %}
|
||||
<input type="hidden" name="token" value="{{ token }}" />
|
||||
</form>
|
||||
@ -19,5 +19,6 @@
|
||||
{% if cost %}
|
||||
<span>{{ 'cost: %s KVA' | format(cost) | trans }}</span>
|
||||
{% endif %}
|
||||
<input type="hidden" name="token" value="{{ token }}" />
|
||||
</form>
|
||||
{% endblock %}
|
||||
@ -11,5 +11,6 @@
|
||||
<input type="password" name="password" id="password" value="" />
|
||||
<a href="{{ path('user_join') }}">{{ 'Create account' | trans }}</a>
|
||||
<button type="submit">{{ 'login' | trans }}</button>
|
||||
<input type="hidden" name="token" value="{{ token }}" />
|
||||
</form>
|
||||
{% endblock %}
|
||||
Loading…
x
Reference in New Issue
Block a user