phyks/bouffeatulm
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
da0a51f997
bouffeatulm/inc/CSRF.inc.php

30 lines
895 B
PHP
Raw Normal View History

CSRF protection Added a simple CSRF protection
2013-08-24 23:53:52 +02:00
<?php
// Generates a token against CSRF
Small improvements
2013-08-26 09:52:04 +02:00
// ==============================
Display name of the connected user
2013-08-30 22:33:06 +02:00
function generate_token($name = '') {
Small improvements
2013-08-26 09:52:04 +02:00
if(session_id() == '')
session_start();
CSRF protection Added a simple CSRF protection
2013-08-24 23:53:52 +02:00
$token = uniqid(rand(), true);
Small improvements
2013-08-26 09:52:04 +02:00
CSRF protection Added a simple CSRF protection
2013-08-24 23:53:52 +02:00
$_SESSION[$name.'_token'] = $token;
$_SESSION[$name.'_token_time'] = time();
Small improvements
2013-08-26 09:52:04 +02:00
CSRF protection Added a simple CSRF protection
2013-08-24 23:53:52 +02:00
return $token;
}
// Checks that the anti-CSRF token is correct
Small improvements
2013-08-26 09:52:04 +02:00
// ==========================================
Display name of the connected user
2013-08-30 22:33:06 +02:00
function check_token($time, $name = '') {
Small improvements
2013-08-26 09:52:04 +02:00
if(session_id() == '')
session_start();
if(isset($_SESSION[$name.'_token']) && isset($_SESSION[$name.'_token_time']) && isset($_POST['token'])) {
if($_SESSION[$name.'_token'] == $_POST['token']) {
if($_SESSION[$name.'_token_time'] >= (time() - (int) $time))
CSRF protection Added a simple CSRF protection
2013-08-24 23:53:52 +02:00
return true;
Small improvements
2013-08-26 09:52:04 +02:00
}
}
CSRF protection Added a simple CSRF protection
2013-08-24 23:53:52 +02:00
return false;
}
Reference in New Issue Copy Permalink