From cb3008536dc5cdbecac8a6b8b08ca7faa3d54556 Mon Sep 17 00:00:00 2001 From: alopexc0de Date: Fri, 29 Aug 2014 14:14:49 -0400 Subject: [PATCH] Test for valid token. Whoops. http://lob.li/8pg While functional in theory, header(location:index.php) will load the index again in the message field with non-functioning javascript --- Website/process.php | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/Website/process.php b/Website/process.php index d3aff42..1b768fd 100644 --- a/Website/process.php +++ b/Website/process.php @@ -50,10 +50,16 @@ require('Include/PHP/functions.php'); if(isset($_GET['resolve']) && !empty($_POST['link'])){ - if(empty($_GET['token']) || $_GET['token'] != $_SESSION['token'] || empty($_POST[$catchid]) || $_POST[$catchid] != $catchVal){ + if(empty($_POST[$catchid]) || $_POST[$catchid] != $catchVal){ die("
Oh Noes! Something happened and I can't continue.
Please try again by using the form located at lob.li.
"); } + if(!$redis->exists("tokens:".$_SESSION['token']) || $redis->get("tokens:".$_SESSION['token']) == 1){ + echo ""; + include("Include/PHP/token.php"); + header("location:index.php"); + } + $link = $_POST['link']; $trTtl = $redis->ttl("links:$link"); if($trTtl == -2){ // Didn't find links:linkid, checking if long link @@ -76,10 +82,18 @@ } if(!empty($_POST['link']) || !empty($_POST['linkage'])){ - if(empty($_GET['token']) || $_GET['token'] != $_SESSION['token'] || empty($_POST[$catchid]) || $_POST[$catchid] != $catchVal){ + if(empty($_POST[$catchid]) || $_POST[$catchid] != $catchVal){ die("
Oh Noes! Something happened and I can't continue.
Please try again by using the form located at lob.li.
"); } + if(!$redis->exists("tokens:".$_SESSION['token']) || $redis->get("tokens:".$_SESSION['token']) == 1){ + echo ""; + include("Include/PHP/token.php"); + header("location:index.php"); + } + + $redis->set("tokens:".$_SESSION['token'], 1); + //$short = sanitize($_POST['link'], $seperator); $short = $_POST['link']; $linkage = $_POST['linkage'];