28 lines
766 B
PHP
28 lines
766 B
PHP
|
<?php
|
||
|
if(!defined('ONYX')) exit;
|
||
|
|
||
|
if (empty($sess->values["connected"]) && !defined("xCSRF"))
|
||
|
define("xCSRF", true);
|
||
|
|
||
|
require_once("functions.php"); //Inclusion des principales fonctions
|
||
|
|
||
|
//On charge la session
|
||
|
$SESS = new Session();
|
||
|
|
||
|
$template = new Template();
|
||
|
|
||
|
$template->assign("ERRmessage", false);
|
||
|
$template->assign("auth_lvl", $SESS->level);
|
||
|
$template->assign("SESS", $SESS->values);
|
||
|
|
||
|
if (!empty($LANG))
|
||
|
$template->assign("LANG", $LANG);
|
||
|
|
||
|
//Evite les attaques CSRF
|
||
|
if ($SESS->level > 2 && !empty($_SERVER["HTTP_REFERER"]) && !(preg_match('#^http://'.$_SERVER['HTTP_HOST'].'#', $_SERVER["HTTP_REFERER"]) && defined("xCSRF")))
|
||
|
{
|
||
|
elog("Possibilité d'attaque CSRF\n".var_export($_REQUEST, TRUE), 2);
|
||
|
unset($_POST, $_GET);
|
||
|
$_GET = $_POST = array();
|
||
|
}
|
||
|
?>
|