PHP Classes
elePHPant
Icontem

File: test_secure_submit.php

Recommend this page to a friend!
Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us
  Classes of Manuel Lemos  >  Forms generation and validation  >  test_secure_submit.php  >  Download  
File: test_secure_submit.php
Role: Example script
Content type: text/plain
Description: Example to demonstrate how use the secure submit custom input to prevent CSRF attacks
Class: Forms generation and validation
HTML forms generation and validation.
Author: By
Last change: Added an example of the ExpireTime parameter.
Date: 2 years ago
Size: 1,953 bytes
 

Contents

Class file image Download
<?php
/*
 * test_secure_submit.php
 *
 * @(#) $Header: /opt2/ena/metal/forms/test_secure_submit.php,v 1.2 2007/05/09 01:43:29 mlemos Exp $
 *
 */

   
require('forms.php');
    require(
'form_secure_submit.php');

   
$key="my secret key";
   
$form=new form_class;
   
$form->ID='secure_form';
   
$form->METHOD='POST';
   
$form->ACTION='?';
   
$form->debug='trigger_error';
   
$error=$form->AddInput(array(
       
'TYPE'=>'custom',
       
'VALUE'=>'Secure submit',
       
'ID'=>'secure_submit',
       
'NAME'=>'secure_submit',
       
'CustomClass'=>'form_secure_submit_class',
       
'Key'=>$key,
/*
        'ExpiryTime'=>300,
        "SRC"=>"http://www.phpclasses.org/graphics/add.gif",
*/
   
));
    if(
strlen($error))
        die(
"Error: ".$error);
   
$submitted=$form->WasSubmitted('secure_submit');
   
$form->LoadInputValues($submitted);
   
$verify=array();
    if(
$submitted)
    {
        if(
strlen($error_message=$form->Validate($verify))==0)
           
$doit=1;
        else
        {
           
$doit=0;
           
$error_message=HtmlEntities($error_message);
        }
    }
    else
    {
       
$error_message='';
       
$doit=0;
    }

    if(!
$doit)
    {
       
$focus='secure_submit';
       
$form->ConnectFormToInput($focus, 'ONLOAD', 'Focus', array());
    }

   
$onload=HtmlSpecialChars($form->PageLoad());

?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Test for Manuel Lemos' PHP form class secure submit button</title>
</head>
<body onload="<?php echo $onload; ?>" bgcolor="#cccccc">
<h1><center>Test for Manuel Lemos' PHP form class secure submit button</center></h1>
<hr />
<?php
   
if($doit)
    {
?>
<center><h2>The form was submitted securely!</h2></center>
<?php
   
}
  else
  {
       
$form->StartLayoutCapture();
        if(
strlen($error=$form->GetInputProperty('secure_submit', 'Expired', $expired))==0
       
&& $expired)
        {
?><center><h2>The form submission expired. Please submit the form again.</h2></center><?php
       
}
?>
<center><?php
        $form
->AddInputPart('secure_submit');
?></center>
<?php
        $form
->EndLayoutCapture();

       
$form->DisplayOutput();
    }
?>
<hr />
</body>
</html>