HTML and CSS Reference
In-Depth Information
Add the following bold code to the
Controller
class:
protected function check_nonce( )
{
if (
isset($_SESSION['nonce']) && !empty($_SESSION['nonce'])
&& isset($_POST['nonce']) && !empty($_POST['nonce'])
&& $_SESSION['nonce']===$_POST['nonce']
) {
$_SESSION['nonce'] = NULL;
return TRUE;
} else {
return FALSE;
}
}
/**
* Handles form submissions
*
* @param $action string The form action being performed
* @return void
*/
protected function handle_form_submission( $action )
{
if ($this->check_nonce()) {
// Calls the method specified by the action
$output = $this->{$this->actions[$action]}();
if (is_array($output) && isset($output['room_id'])) {
$room_id = $output['room_id'];
} else {
throw new Exception('Form submission failed.');
}
header('Location: ' . APP_URI . 'room/' . $room_id);
exit;
} else {
throw new Exception('Invalid nonce.');
}
}
/**
* Performs basic input sanitization on a given string
*
* @param $dirty string The string to be sanitized
* @return string The sanitized string
*/
protected function sanitize( $dirty )
{
return htmlentities(strip_tags($dirty), ENT_QUOTES);
}
Search WWH ::
Custom Search