Using secured actions is a 2-step process. You must first generate a link with the security key, and then later verify that key when the user clicks on the action that will execute a file function in the action/
directory.
The securiser_action() function
This securiser_action
function, stored in the ecrire/inc/securiser_action.php file, creates or verifies an action. During creation, depending on the $mode
argument, it will create a URL, a form or simply return an array with the requested parameters and the generated key. During verification, it compares the elements submitted with a GET (URL) or POST (form) and kills the script with an error message and exits
if the key does not match the current author.
Generating a key
To generate a key, you need to call the function with the right parameters:
$securiser_action = charger_fonction('securiser_action','inc');
$securiser_action($action, $arg, $redirect, $mode);
These four parameters are the main ones used:
-
$action
is the name of the action file and the corresponding action(action/name.php
and the associated functionaction_name_dist()
) -
$arg
is a passed argument, for examplesupprimer/article/3
which will be used, among other things, to generate the security key. -
$redirect
is a URL for redirection after the action has been performed. -
$mode
indicates what should be returned:-
false
: a URL -
-1
: an array of parameters - a content text: a form to be submitted (the content is then added into the form)
-
Inside an action, verifying and retrieving the argument
Within an action function (action_name_dist()
), we verify the security key by calling the function without an argument. It returns the argument (otherwise displays an error and kills the script):
$securiser_action = charger_fonction('securiser_action','inc');
$arg = $securiser_action();
// from here on, we know that the author is the right person!