22 lines
753 B
PHP
22 lines
753 B
PHP
|
<?php
|
||
|
// Generates a token against CSRF
|
||
|
function generate_token($name = '')
|
||
|
{
|
||
|
if(session_id() == '') session_start();
|
||
|
$token = uniqid(rand(), true);
|
||
|
$_SESSION[$name.'_token'] = $token;
|
||
|
$_SESSION[$name.'_token_time'] = time();
|
||
|
return $token;
|
||
|
}
|
||
|
|
||
|
// Checks that the anti-CSRF token is correct
|
||
|
function check_token($time, $name = '')
|
||
|
{
|
||
|
if(session_id() == '') session_start();
|
||
|
if(isset($_SESSION[$name.'_token']) && isset($_SESSION[$name.'_token_time']) && isset($_POST['token']))
|
||
|
if($_SESSION[$name.'_token'] == $_POST['token'])
|
||
|
if($_SESSION[$name.'_token_time'] >= (time() - $time))
|
||
|
return true;
|
||
|
return false;
|
||
|
}
|