Skip to content

Commit

Permalink
preserve new form data after session timeout
Browse files Browse the repository at this point in the history
  • Loading branch information
@mepsinas
mepsinas committed Apr 8, 2017
1 parent 7ef0694 commit ba9fd5a
Showing 1 changed file with 10 additions and 7 deletions.
17 changes: 10 additions & 7 deletions lib/framework/FormHandler.php
View file
Expand Up @@ -68,17 +68,20 @@ public function submit($token)
{
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (list($controller, $method) = self::origin(2)) {
if (isset($token, $_SESSION[$controller][$method]['csrf']) && $token == $_SESSION[$controller][$method]['csrf']) {
// this is a new submission, so wipe out any previous errors
unset($_SESSION[$controller][$method]['failed']);
// this is a new submission, so wipe out any previous errors
unset($_SESSION[$controller][$method]['failed']);

// preserve new data in case of failure
$_SESSION[$controller][$method]['preserved'] = $_POST;
// preserve new data in case of failure
$_SESSION[$controller][$method]['preserved'] = $_POST;

// reset the CSRF token
$_SESSION[$controller][$method]['csrf'] = self::getToken();
// reset the CSRF token
$_SESSION[$controller][$method]['csrf'] = self::getToken();

// check for token match
if ($token == $this->token) {
return true;
} else {
self::error('Invalid token. It is possible the session timed out due to inactivity, please try submitting again.');
}
}
}
Expand Down

0 comments on commit ba9fd5a

Please sign in to comment.