if(err != null)\r
RenderMessage(res,err,info);\r
else{\r
- result.token = info.token;\r
+ result.token = req.session._csrf;\r
res.setHeader("X-FRAME-OPTIONS","DENY");\r
res.render("profile/admin",result);\r
}\r
\r
function admin_postproc(req,res)\r
{\r
- if(req.session.items.token != req.body.token){\r
- RenderMessage(res,resource.invaild_parameter,req.session.items);\r
- return;\r
- }\r
async.waterfall([\r
function(cb){\r
if(typeof(req.body.removeall) != "undefined")\r
RenderMessage(res,resource.notfound_name,req.session.items);\r
else{\r
res.setHeader("X-FRAME-OPTIONS","DENY");\r
- res.render("profile/detail",{list:result,token:req.session.items.token,admin:req.session.items.admin});\r
+ res.render("profile/detail",{list:result,token:req.session._csrf,admin:req.session.items.admin});\r
}\r
});\r
}\r
\r
function detail_postproc(req, res)\r
{\r
- if(req.session.items.token != req.body.token){\r
- RenderMessage(res,resource.invaild_parameter,req.session.items);\r
- return;\r
- }\r
if(typeof(req.body.remove) != "undefined"){\r
async.waterfall([\r
function(cb){\r
RenderMessage(res,err,req.session.items);\r
}else if(result != null){\r
res.setHeader("X-FRAME-OPTIONS","DENY");\r
- res.render("profile/edit",{list:result,token:req.body.token});\r
+ res.render("profile/edit",{list:result,token:req.session._csrf});\r
}else{\r
RenderMessage(res,resource.unmatch_password,req.session.items);\r
}\r
\r
function edit_postproc(req, res)\r
{\r
- if(req.session.items.token != req.body.token){\r
- RenderMessage(res,resource.invaild_parameter,req.session.items);\r
- return;\r
- }\r
if(typeof(req.body.name) == "undefined")\r
{\r
RenderMessage(res,resource.invaild_parameter,req.session.items);\r
\r
function registor_postproc(req, res)\r
{\r
- if(req.session.items.token != req.body.token){\r
- RenderMessage(res,resource.invaild_parameter,req.session.items);\r
- return;\r
- }\r
if(typeof(req.body.registor) != "undefined"){\r
async.waterfall([\r
function(cb){\r
req.session.items = new security.SessionInfomation(false);\r
\r
res.setHeader("X-FRAME-OPTIONS","DENY");\r
- res.render("profile/registor",{token:req.session.items.token});\r
+ res.render("profile/registor",{token:req.session._csrf});\r
}\r
\r
function RenderMessage(res,msg,info)\r
{\r
- if(typeof(info) == "undefined")\r
- res.render("profile/message",{message:msg});\r
+ if(typeof(info) == "undefined" || typeof(info.admin) == "undefined")\r
+ res.render("profile/message",{message:msg,admin:false});\r
else\r
res.render("profile/message",{message:msg,admin:info.admin});\r
}\r