Topic: Csrf_token and Confirm_cancel ($_POST)

Hi !

I have one question about some code from include/common.php.

if (!empty($_POST) && (isset($_POST['confirm_cancel']) || (!isset($_POST['csrf_token']) || $_POST['csrf_token'] !== generate_form_token(get_current_url()))) && !defined('FORUM_SKIP_CSRF_CONFIRM'))
    csrf_confirm_form();

Where i found a $_POST['confirm_cancel'] ? and this constants "FORUM_SKIP_CSRF_CONFIRM" ?

/Sorry for my English tongue

Re: Csrf_token and Confirm_cancel ($_POST)

$_POST['confirm_cancel'] - button in the CSRF-confirmation form. The constant "FORUM_SKIP_CSRF_CONFIRM" defined only in "<FORUM_ROOT>/post.php", because at this page there is another CSRF-checking.

Re: Csrf_token and Confirm_cancel ($_POST)

Ok, can you tell me what is this csrf token ?
This is to update the list online & Status Online user?

Re: Csrf_token and Confirm_cancel ($_POST)

http://en.wikipedia.org/wiki/Cross-site_request_forgery

Re: Csrf_token and Confirm_cancel ($_POST)

Ok, i have last question (i think so..:P)

In the prefix_online (structure) we can see "idle" please tell me, what is this?

Re: Csrf_token and Confirm_cancel ($_POST)

Here the description of structure of online table.

Re: Csrf_token and Confirm_cancel ($_POST)

OK, thanks for help big_smile

/Close topic ;-)