CSRFT_OK
Jurek Muszyński edited this page Oct 24, 2019
·
4 revisions
Verifies user session's current CSRF token. It assumes it's in csrft field of the query string / payload.
Returns true if token is valid, otherwise false.
/* --------------------------------------------------------------------------
Show My Account form
-------------------------------------------------------------------------- */
void myacc_form(int ci)
{
CSFRT_REFRESH;
// ...
OUT("<form action=\"save_myacc\" method=\"POST\">");
OUT_CSRFT;
OUT("<input name=\"name\">");
OUT("<input name=\"passwd\" type=\"password\">");
// ...
OUT("</form>");
// ...
}
/* --------------------------------------------------------------------------
APP main
-------------------------------------------------------------------------- */
void silgy_app_main(int ci)
{
// ...
else if ( REQ("myacc") )
{
myacc_form(ci);
}
else if ( REQ("save_myacc") )
{
if ( CSRFT_OK )
{
ret = silgy_usr_save_account(ci);
}
else
{
WAR("CSRFT validation failed");
ret = ERR_CSRFT;
}
if ( ret == OK )
RES_LOCATION("myacc?msg=%d", MSG_CHANGES_SAVED);
else if ( ret == MSG_ACCOUNT_DELETED )
RES_LOCATION("farewell");
else // error
RES_LOCATION("myacc?msg=%d", ret);
}
// ...
}