phyks/bouffeatulm
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
b9b2d9d5e9
bouffeatulm/inc/CSRF.inc.php
Phyks c276d719cd CSRF protection 
Added a simple CSRF protection
2013-08-24 23:54:21 +02:00

22 lines
753 B
PHP
Raw Blame History

<?php
// Generates a token against CSRF
function generate_token($name = '')
{
if(session_id() == '') session_start();
$token = uniqid(rand(), true);
$_SESSION[$name.'_token'] = $token;
$_SESSION[$name.'_token_time'] = time();
return $token;
}
// Checks that the anti-CSRF token is correct
function check_token($time, $name = '')
{
if(session_id() == '') session_start();
if(isset($_SESSION[$name.'_token']) && isset($_SESSION[$name.'_token_time']) && isset($_POST['token']))
if($_SESSION[$name.'_token'] == $_POST['token'])
if($_SESSION[$name.'_token_time'] >= (time() - $time))
return true;
return false;
}
Reference in New Issue View Git Blame Copy Permalink