2024-10-09 17:05:23 +01:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* PHP Mikrotik Billing (https://github.com/hotspotbilling/phpnuxbill/)
|
|
|
|
|
* by https://t.me/ibnux
|
|
|
|
|
**/
|
|
|
|
|
|
|
|
|
|
|
2024-10-09 17:24:28 +01:00
|
|
|
class Csrf
|
|
|
|
|
{
|
|
|
|
|
private static $tokenExpiration = 1800; // 30 minutes
|
|
|
|
|
|
|
|
|
|
public static function generateToken($length = 16)
|
|
|
|
|
{
|
2024-10-09 17:05:23 +01:00
|
|
|
return bin2hex(random_bytes($length));
|
|
|
|
|
}
|
|
|
|
|
|
2024-10-09 17:24:28 +01:00
|
|
|
public static function validateToken($token, $storedToken)
|
|
|
|
|
{
|
2024-10-09 17:05:23 +01:00
|
|
|
return hash_equals($token, $storedToken);
|
|
|
|
|
}
|
|
|
|
|
|
2024-10-09 17:24:28 +01:00
|
|
|
public static function check($token)
|
|
|
|
|
{
|
2025-03-11 14:39:05 +07:00
|
|
|
global $config, $isApi;
|
|
|
|
|
if($config['csrf_enabled'] == 'yes' && !$isApi) {
|
2024-11-04 12:05:08 +07:00
|
|
|
if (isset($_SESSION['csrf_token'], $_SESSION['csrf_token_time'], $token)) {
|
|
|
|
|
$storedToken = $_SESSION['csrf_token'];
|
|
|
|
|
$tokenTime = $_SESSION['csrf_token_time'];
|
|
|
|
|
|
|
|
|
|
if (time() - $tokenTime > self::$tokenExpiration) {
|
|
|
|
|
self::clearToken();
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return self::validateToken($token, $storedToken);
|
2024-10-09 17:24:28 +01:00
|
|
|
}
|
2024-11-04 12:05:08 +07:00
|
|
|
return false;
|
2024-10-09 17:05:23 +01:00
|
|
|
}
|
2024-11-04 12:05:08 +07:00
|
|
|
return true;
|
2024-10-09 17:05:23 +01:00
|
|
|
}
|
|
|
|
|
|
2024-10-09 17:24:28 +01:00
|
|
|
public static function generateAndStoreToken()
|
|
|
|
|
{
|
2024-10-09 17:05:23 +01:00
|
|
|
$token = self::generateToken();
|
|
|
|
|
$_SESSION['csrf_token'] = $token;
|
2024-10-09 17:24:28 +01:00
|
|
|
$_SESSION['csrf_token_time'] = time();
|
2024-10-09 17:05:23 +01:00
|
|
|
return $token;
|
|
|
|
|
}
|
2024-10-09 17:24:28 +01:00
|
|
|
|
|
|
|
|
public static function clearToken()
|
|
|
|
|
{
|
|
|
|
|
unset($_SESSION['csrf_token'], $_SESSION['csrf_token_time']);
|
|
|
|
|
}
|
2024-10-09 17:05:23 +01:00
|
|
|
}
|
