';
}
function assoc_verify_csrf() {
// Return true if the POST CSRF token matches the session token.
return isset($_POST['assoc_profile_csrf'], $_SESSION['assoc_profile_csrf'])
&& hash_equals($_SESSION['assoc_profile_csrf'], $_POST['assoc_profile_csrf']);
}
// ----------------------------------------------------------------------------
// CONTENT ROUTER
// ----------------------------------------------------------------------------
function assoc_profile_content() {
// Load assets and route /assoc_profile/manage/* requests.
if (function_exists('head_add_css')) {
head_add_css('/addon/assoc_profile/view/css/assoc_profile.css');
}
if (function_exists('head_add_js')) {
head_add_js('/addon/assoc_profile/view/js/assoc_profile.js');
}
$action = argv(1) ?? '';
if ($action !== 'manage') {
return '';
}
if (!assoc_is_operator()) {
return 'Operator access required.
';
}
$sub = argv(2) ?? '';
$slug = argv(3) ?? '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
return assoc_handle_post();
}
if (!$sub) return assoc_render_manage_index();
if ($sub === 'assoc') {
if (!$slug) return assoc_render_add_association_form();
return assoc_render_edit_association_form($slug);
}
if ($sub === 'fields') return assoc_render_fields_form();
if ($sub === 'import') return assoc_render_import_form();
return 'Unknown management action.
';
}