[geeklog-devel] [geeklog-cvs] geeklog: Experimental: Give the user an idea how long they have ...
Joe Mucchiello
joe at ThrowingDice.com
Sat Oct 31 05:14:32 EDT 2009
As a suggestion, perhaps you should create a
SEC_addTokenToTemplate($Template) function to lib-security. This way
anywhere you need to add the security token to a form you don't need
to add code for this. If the form has {gltoken_name} {gl_token},
{gltoken_expirynotice} and {gltoken_expirytime} variables, they get
set. Then instead of generating the HTML as you have done here, you
could just add the HTML to the template file.
If the form doesn't have any GET urls, the code doesn't even have to
call SEC_createToken since this new function could take care of it.
Also, this makes it easy to add the expiry information to any form
and you can change how the expiration is handled without having to
recode a lot of PHP.
You could also add a few more variables: {gltoken_timeleft} in
seconds for use with javascript if someone wishes to add javascript
to their form.
Joe
At 01:12 PM 10/29/2009, geeklog-cvs at lists.geeklog.net wrote:
>diff -r 5260a7fb13df -r 37fcd14cdee2 public_html/admin/story.php
>--- a/public_html/admin/story.php Thu Oct 29 14:47:18 2009 +0100
>+++ b/public_html/admin/story.php Thu Oct 29 18:09:46 2009 +0100
>@@ -727,11 +727,22 @@
> $story_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
> $story_templates->set_var('lang_delete', $LANG_ADMIN['delete']);
> $story_templates->set_var('gltoken_name', CSRF_TOKEN);
>- $story_templates->set_var('gltoken', SEC_createToken());
>+ $token = SEC_createToken();
>+ $story_templates->set_var('gltoken', $token);
> $story_templates->parse('output','editor');
>
> $display .= COM_startBlock ($LANG24[5], '',
> COM_getBlockTemplate ('_admin_block', 'header'));
>+
>+ $expirytime = SEC_getTokenExpiryTime($token);
>+ if ($expirytime > 0) {
>+ $txt = '<p id="token-expirynotice">' . '' . '</p>';
>+ $exptime = '<span id="token-expirytime">'
>+ . strftime($_CONF['timeonly'], $expirytime) . '</span>';
>+ $display .= '<p id="token-expirynotice">'
>+ . sprintf($LANG24[91], $exptime) . '</p>';
>+ }
>+
> $display .=
> $story_templates->finish($story_templates->get_var('output'));
> $display .= COM_endBlock (COM_getBlockTemplate
> ('_admin_block', 'footer'));
----
Joe Mucchiello
Throwing Dice Games
http://www.throwingdice.com
More information about the geeklog-devel
mailing list