CSRF : Allow to get the CSRF token from the CSRF or FORM classes

git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@2790 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
2016-06-28 08:43:18 +00:00
parent 5f49609a28
commit d621438f0c
2 changed files with 19 additions and 0 deletions
--- a/csrf.php
+++ b/csrf.php
@@ -68,4 +68,12 @@ class csrf
    $res .= "value='$this->csrfToken'/>\n";
    return $res;
  }
+
+  /** Return the token if exists or create a new one if needed */
+  public function getToken ()
+  {
+    if ($this->csrfToken === "")
+      $this->createToken ();
+    return $this->csrfToken;
+  }
 }
--- a/form.php
+++ b/form.php
@@ -24,6 +24,8 @@ class form
  public $csrf=TRUE;
  /** Name of the CSRF hidden field in HTML page */
  public $csrfField = "CSRF_TOKEN";
+  /** The CSRF token value */
+  private $csrfToken = "";

  /** The method used to send the values */
  private $method = "post";
@@ -193,6 +195,7 @@ class form
      $csrf = new csrf ();
      $csrf->field = $this->formName."[".$this->csrfField."]";
      $res .= $csrf->displayFormCSRF ();
+      $this->csrfToken = $csrf->getToken ();
    }

    // Manage the focus. On the first visible element if there is no error, on
@@ -225,6 +228,14 @@ class form
    $csrf->checkToken ($tokenFromUser);
  }

+  /** Return the token generated in form */
+  public function getToken ()
+  {
+    if ($this->csrfToken === "")
+      $this->createToken ();
+    return $this->csrfToken;
+  }
+
  /** Check if the parameters are correct with the defined fields
    * Need the session !
    * @return array containing the errors