1
0
mirror of https://github.com/gamaio/lobli.git synced 2024-12-22 19:52:40 +00:00

Move token data to token.php

Since token requires db.php, I don't require it again. The token is no longer included in a GET request to process.php, use sessions instead.
This commit is contained in:
alopexc0de 2014-08-29 14:11:35 -04:00
parent f825c6bd29
commit 28e0ce013a
No known key found for this signature in database
GPG Key ID: 48E847F18074C953

View File

@ -16,19 +16,13 @@
ip:
link id - list holding all visiting IPs for that link
*/
// Generate a token on the fly. This should prevent POST spam attacks directly into process.php
$token = substr(number_format(time() * mt_rand(),0,'',''),0,10);
$token = base_convert($token, 10, 36);
$_SESSION['token'] = $token;
require('Include/PHP/token.php');
$catchid = substr(number_format(time() * mt_rand(),0,'',''),0,10);
$catchVal = hash('sha256', $catchid.mt_rand().time().substr(number_format(time() * mt_rand(),0,'',''),0,10));
$catchVal = base_convert($catchVal.$catchid, 10, 36);
$_SESSION['catch'] = $catchid.":".$catchVal;
require('Include/PHP/db.php');
function followLink($redis, $link){
if (isset($_SERVER["HTTP_CF_CONNECTING_IP"])) { // Get true IP of visiter if going through cloudflare
$_SERVER['REMOTE_ADDR'] = $_SERVER["HTTP_CF_CONNECTING_IP"];
@ -175,7 +169,7 @@
$("#theLoader").fadeIn("fast");
event.preventDefault();
event.stopPropagation();
$.post("process.php?token=<?php echo $token; ?>", $(this).serialize(), function(data){
$.post("process.php", $(this).serialize(), function(data){
$("#message").hide().html(data).slideDown("fast");
$("#theLoader").hide();
if($('#danger').length){