gama.io/lobli
1
0
Fork 0
mirror of https://github.com/gamaio/lobli.git synced 2024-12-22 19:52:40 +00:00
Code Issues Projects Releases Wiki Activity

Test for valid token.

Browse Source 
Whoops. http://lob.li/8pg
While functional in theory, header(location:index.php) will load the index again in the message field with non-functioning javascript
This commit is contained in:
alopexc0de 2014-08-29 14:14:49 -04:00
parent 28e0ce013a
commit cb3008536d
No known key found for this signature in database
GPG Key ID: 48E847F18074C953
1 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
Website/process.php
View File

@ -50,10 +50,16 @@
require('Include/PHP/functions.php'); require('Include/PHP/functions.php');
if(isset($_GET['resolve']) && !empty($_POST['link'])){ if(isset($_GET['resolve']) && !empty($_POST['link'])){
if(empty($_GET['token']) || $_GET['token'] != $_SESSION['token'] || empty($_POST[$catchid]) || $_POST[$catchid] != $catchVal){ if(empty($_POST[$catchid]) || $_POST[$catchid] != $catchVal){
die("<div id=\"danger\" class=\"alert alert-danger\">Oh Noes! Something happened and I can't continue.<br />Please try again by using the form located at <a href=\"http://lob.li\">lob.li</a>.</div>"); die("<div id=\"danger\" class=\"alert alert-danger\">Oh Noes! Something happened and I can't continue.<br />Please try again by using the form located at <a href=\"http://lob.li\">lob.li</a>.</div>");
} }
if(!$redis->exists("tokens:".$_SESSION['token']) || $redis->get("tokens:".$_SESSION['token']) == 1){
echo "<script>alert('Invalid or expired token. Please try again');</script>";
include("Include/PHP/token.php");
header("location:index.php");
}
$link = $_POST['link']; $link = $_POST['link'];
$trTtl = $redis->ttl("links:$link"); $trTtl = $redis->ttl("links:$link");
if($trTtl == -2){ // Didn't find links:linkid, checking if long link if($trTtl == -2){ // Didn't find links:linkid, checking if long link
@ -76,10 +82,18 @@
} }
if(!empty($_POST['link']) || !empty($_POST['linkage'])){ if(!empty($_POST['link']) || !empty($_POST['linkage'])){
if(empty($_GET['token']) || $_GET['token'] != $_SESSION['token'] || empty($_POST[$catchid]) || $_POST[$catchid] != $catchVal){ if(empty($_POST[$catchid]) || $_POST[$catchid] != $catchVal){
die("<div id=\"danger\" class=\"alert alert-danger\">Oh Noes! Something happened and I can't continue.<br />Please try again by using the form located at <a href=\"http://lob.li\">lob.li</a>.</div>"); die("<div id=\"danger\" class=\"alert alert-danger\">Oh Noes! Something happened and I can't continue.<br />Please try again by using the form located at <a href=\"http://lob.li\">lob.li</a>.</div>");
} }
if(!$redis->exists("tokens:".$_SESSION['token']) || $redis->get("tokens:".$_SESSION['token']) == 1){
echo "<script>alert('Invalid or expired token. Please try again');</script>";
include("Include/PHP/token.php");
header("location:index.php");
}
$redis->set("tokens:".$_SESSION['token'], 1);
//$short = sanitize($_POST['link'], $seperator); //$short = sanitize($_POST['link'], $seperator);
$short = $_POST['link']; $short = $_POST['link'];
$linkage = $_POST['linkage']; $linkage = $_POST['linkage'];