[geeklog-devel] [geeklog-cvs] geeklog: Experimental: Give the user an idea how long they have ...

Joe Mucchiello joe at ThrowingDice.com
Sat Oct 31 05:14:32 EDT 2009 

As a suggestion, perhaps you should create a 
SEC_addTokenToTemplate($Template) function to lib-security. This way 
anywhere you need to add the security token to a form you don't need 
to add code for this. If the form has {gltoken_name} {gl_token}, 
{gltoken_expirynotice} and {gltoken_expirytime} variables, they get 
set. Then instead of generating the HTML as you have done here, you 
could just add the HTML to the template file.

If the form doesn't have any GET urls, the code doesn't even have to 
call SEC_createToken since this new function could take care of it. 
Also, this makes it easy to add the expiry information to any form 
and you can change how the expiration is handled without having to 
recode a lot of PHP.

You could also add a few more variables: {gltoken_timeleft} in 
seconds for use with javascript if someone wishes to add javascript 
to their form.

   Joe

At 01:12 PM 10/29/2009, geeklog-cvs at lists.geeklog.net wrote:
>diff -r 5260a7fb13df -r 37fcd14cdee2 public_html/admin/story.php
>--- a/public_html/admin/story.php       Thu Oct 29 14:47:18 2009 +0100
>+++ b/public_html/admin/story.php       Thu Oct 29 18:09:46 2009 +0100
>@@ -727,11 +727,22 @@
>      $story_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
>      $story_templates->set_var('lang_delete', $LANG_ADMIN['delete']);
>      $story_templates->set_var('gltoken_name', CSRF_TOKEN);
>-    $story_templates->set_var('gltoken', SEC_createToken());
>+    $token = SEC_createToken();
>+    $story_templates->set_var('gltoken', $token);
>      $story_templates->parse('output','editor');
>
>      $display .= COM_startBlock ($LANG24[5], '',
>                          COM_getBlockTemplate ('_admin_block', 'header'));
>+
>+    $expirytime = SEC_getTokenExpiryTime($token);
>+    if ($expirytime > 0) {
>+        $txt = '<p id="token-expirynotice">' . '' . '</p>';
>+        $exptime = '<span id="token-expirytime">'
>+                 . strftime($_CONF['timeonly'], $expirytime) . '</span>';
>+        $display .= '<p id="token-expirynotice">'
>+                 . sprintf($LANG24[91], $exptime) . '</p>';
>+    }
>+
>      $display .= 
> $story_templates->finish($story_templates->get_var('output'));
>      $display .= COM_endBlock (COM_getBlockTemplate 
> ('_admin_block', 'footer'));


----
Joe Mucchiello
Throwing Dice Games
http://www.throwingdice.com

More information about the geeklog-devel mailing list