mirror of
https://github.com/maxpozdeev/mytinytodo.git
synced 2026-03-11 08:55:27 +00:00
parent
9f78149fe1
commit
f23ca43eea
3 changed files with 12 additions and 17 deletions
10
src/ajax.php
10
src/ajax.php
|
|
@ -947,16 +947,6 @@ function getUserListsSimple()
|
|||
return $a;
|
||||
}
|
||||
|
||||
function check_token()
|
||||
{
|
||||
if (!need_auth()) return true;
|
||||
if (!isset($_SESSION)) return true;
|
||||
if (!isset($_SESSION['token'])) return true;
|
||||
$headers = getallheaders();
|
||||
if (!isset($headers['MTT-Token']) || $headers['MTT-Token'] != $_SESSION['token']) {
|
||||
die("Access denied! Try to reload the page.");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
?>
|
||||
10
src/init.php
10
src/init.php
|
|
@ -127,6 +127,16 @@ function access_token()
|
|||
return $_SESSION['token'];
|
||||
}
|
||||
|
||||
function check_token()
|
||||
{
|
||||
$token = access_token();
|
||||
if ($token == '') return true;
|
||||
$headers = getallheaders();
|
||||
if (!isset($headers['MTT-Token']) || $headers['MTT-Token'] != $token) {
|
||||
die("Access denied! Try to reload the page.");
|
||||
}
|
||||
}
|
||||
|
||||
function timestampToDatetime($timestamp)
|
||||
{
|
||||
$format = Config::get('dateformat') .' '. (Config::get('clock') == 12 ? 'g:i A' : 'H:i');
|
||||
|
|
|
|||
|
|
@ -10,17 +10,13 @@ require_once('./init.php');
|
|||
|
||||
$lang = Lang::instance();
|
||||
|
||||
if ( !is_logged() )
|
||||
{
|
||||
if ( !is_logged() ) {
|
||||
die("Access denied!<br/> Disable password protection or Log in.");
|
||||
}
|
||||
check_token();
|
||||
|
||||
if(isset($_POST['save']))
|
||||
{
|
||||
if (need_auth() && _post('_token') != hash('gost', session_id())) {
|
||||
die("Access denied! Try to reload the settings page.");
|
||||
}
|
||||
|
||||
$t = array();
|
||||
$langs = getLangs();
|
||||
Config::$params['lang']['options'] = array_keys($langs);
|
||||
|
|
@ -181,7 +177,6 @@ header('Content-type:text/html; charset=utf-8');
|
|||
<div id="settings_msg" style="display:none"></div>
|
||||
|
||||
<form id="settings_form" method="post" action="settings.php">
|
||||
<input type="hidden" name="_token" value="<?php if(need_auth()) echo htmlspecialchars(hash('gost',session_id())) ?>">
|
||||
|
||||
<div class="mtt-settings-table">
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue