aboutsummaryrefslogtreecommitdiffhomepage
path: root/inc/functions.php
diff options
context:
space:
mode:
Diffstat (limited to 'inc/functions.php')
-rwxr-xr-xinc/functions.php30
1 files changed, 27 insertions, 3 deletions
diff --git a/inc/functions.php b/inc/functions.php
index 45828bf2..30e00393 100755
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -125,7 +125,7 @@ function prepare_url($url)
125/** 125/**
126 * Appel d'une action (mark as fav, archive, delete) 126 * Appel d'une action (mark as fav, archive, delete)
127 */ 127 */
128function action_to_do($action, $id) 128function action_to_do($action, $id, $url, $token)
129{ 129{
130 global $db; 130 global $db;
131 131
@@ -140,8 +140,11 @@ function action_to_do($action, $id)
140 $params_action = array($url, $parametres_url['title'], $parametres_url['content']); 140 $params_action = array($url, $parametres_url['title'], $parametres_url['content']);
141 break; 141 break;
142 case 'delete': 142 case 'delete':
143 $sql_action = "DELETE FROM entries WHERE id=?"; 143 if (verif_token($token)) {
144 $params_action = array($id); 144 $sql_action = "DELETE FROM entries WHERE id=?";
145 $params_action = array($id);
146 }
147 else die('CSRF problem');
145 break; 148 break;
146 default: 149 default:
147 break; 150 break;
@@ -224,4 +227,25 @@ function get_article($id)
224 } 227 }
225 228
226 return $entry; 229 return $entry;
230}
231
232/**
233 * Vérifie si le jeton passé en $_POST correspond à celui en session
234 */
235function verif_token($token)
236{
237 if(isset($_SESSION['token_poche']) && isset($_SESSION['token_time_poche']) && isset($token))
238 {
239 if($_SESSION['token_poche'] == $token)
240 {
241 $old_timestamp = time() - (15*60);
242 if($_SESSION['token_time_poche'] >= $old_timestamp)
243 {
244 return TRUE;
245 }
246 else return FALSE;
247 }
248 else return FALSE;
249 }
250 else return FALSE;
227} \ No newline at end of file 251} \ No newline at end of file