<?php
    // Generates a token against CSRF
    // ==============================
    function generate_token($name = '') {
        if(session_id() == '')
            session_start();

        $token = uniqid(rand(), true);

        $_SESSION[$name.'_token'] = $token;
        $_SESSION[$name.'_token_time'] = time();

        return $token;
    }

    // Checks that the anti-CSRF token is correct
    // ==========================================
    function check_token($time, $name = '') {
        if(session_id() == '')
            session_start();

        if(isset($_SESSION[$name.'_token']) && isset($_SESSION[$name.'_token_time']) && (isset($_POST['token']) || isset($_GET['token']))) {
            if(!empty($_POST['token']))
                $token = $_POST['token'];
            else
                $token = $_GET['token'];

            if($_SESSION[$name.'_token'] == $token) {
                if($_SESSION[$name.'_token_time'] >= (time() - (int) $time))
                    return true;
            }
        }
        return false;
    }