<?php
    // Generates a token against CSRF
    function generate_token($name = '')
    {
        if(session_id() == '') session_start();
        $token = uniqid(rand(), true);
        $_SESSION[$name.'_token'] = $token;
        $_SESSION[$name.'_token_time'] = time();
        return $token;
    }

    // Checks that the anti-CSRF token is correct
    function check_token($time, $name = '')
    {
        if(session_id() == '') session_start();
        if(isset($_SESSION[$name.'_token']) && isset($_SESSION[$name.'_token_time']) && isset($_POST['token']))
            if($_SESSION[$name.'_token'] == $_POST['token'])
                if($_SESSION[$name.'_token_time'] >= (time() - $time))
                    return true;
        return false;
    }