*/
public static function getFormSecurityToken($typename = '')
{
- $user = User::getById(DI::app()->getUserId(), ['guid', 'prvkey']);
+ $user = User::getById(DI::app()->getLoggedInUserId(), ['guid', 'prvkey']);
$timestamp = time();
$sec_hash = hash('whirlpool', ($user['guid'] ?? '') . ($user['prvkey'] ?? '') . session_id() . $timestamp . $typename);
$max_livetime = 10800; // 3 hours
- $user = User::getById(DI::app()->getUserId(), ['guid', 'prvkey']);
+ $user = User::getById(DI::app()->getLoggedInUserId(), ['guid', 'prvkey']);
$x = explode('.', $hash);
if (time() > (intval($x[0]) + $max_livetime)) {
public static function checkFormSecurityTokenRedirectOnError($err_redirect, $typename = '', $formname = 'form_security_token')
{
if (!self::checkFormSecurityToken($typename, $formname)) {
- Logger::log('checkFormSecurityToken failed: user ' . DI::app()->getNickname() . ' - form element ' . $typename);
+ Logger::log('checkFormSecurityToken failed: user ' . DI::app()->getLoggedInUserNickname() . ' - form element ' . $typename);
Logger::log('checkFormSecurityToken failed: _REQUEST data: ' . print_r($_REQUEST, true), Logger::DATA);
notice(self::getFormSecurityStandardErrorMessage());
DI::baseUrl()->redirect($err_redirect);
public static function checkFormSecurityTokenForbiddenOnError($typename = '', $formname = 'form_security_token')
{
if (!self::checkFormSecurityToken($typename, $formname)) {
- Logger::log('checkFormSecurityToken failed: user ' . DI::app()->getNickname() . ' - form element ' . $typename);
+ Logger::log('checkFormSecurityToken failed: user ' . DI::app()->getLoggedInUserNickname() . ' - form element ' . $typename);
Logger::log('checkFormSecurityToken failed: _REQUEST data: ' . print_r($_REQUEST, true), Logger::DATA);
throw new \Friendica\Network\HTTPException\ForbiddenException();