Using secured actions is a 2-step process. You must first generate a link with the security key, and then later verify that key when the user clicks on the action that will execute a file function in the action/ directory.
The securiser_action() function
This securiser_action function, stored in the ecrire/inc/securiser_action.php file, creates or verifies an action. During creation, depending on the $mode argument, it will create a URL, a form or simply return an array with the requested parameters and the generated key. During verification, it compares the elements submitted with a GET (URL) or POST (form) and kills the script with an error message and exits if the key does not match the current author.
Generating a key
To generate a key, you need to call the function with the right parameters:
$securiser_action = charger_fonction('securiser_action','inc');
$securiser_action($action, $arg, $redirect, $mode);
These four parameters are the main ones used:
-
$actionis the name of the action file and the corresponding action(action/name.phpand the associated functionaction_name_dist()) -
$argis a passed argument, for examplesupprimer/article/3which will be used, among other things, to generate the security key. -
$redirectis a URL for redirection after the action has been performed. -
$modeindicates what should be returned:-
false: a URL -
-1: an array of parameters - a content text: a form to be submitted (the content is then added into the form)
-
Inside an action, verifying and retrieving the argument
Within an action function (action_name_dist()), we verify the security key by calling the function without an argument. It returns the argument (otherwise displays an error and kills the script):
$securiser_action = charger_fonction('securiser_action','inc');
$arg = $securiser_action();
// from here on, we know that the author is the right person!