enable/disable CSRF

2024-11-04 12:05:08 +07:00 · 2024-11-04 12:05:08 +07:00 · 8908f4bdc3
commit 8908f4bdc3
parent 7fb08eb76f
1 changed files with 13 additions and 9 deletions
--- a/system/autoload/Csrf.php
+++ b/system/autoload/Csrf.php
@ -22,18 +22,22 @@ class Csrf

    public static function check($token)
    {
-        if (isset($_SESSION['csrf_token'], $_SESSION['csrf_token_time'], $token)) {
-            $storedToken = $_SESSION['csrf_token'];
-            $tokenTime = $_SESSION['csrf_token_time'];
+        global $config;
+        if($config['csrf_enabled'] == 'yes') {
+            if (isset($_SESSION['csrf_token'], $_SESSION['csrf_token_time'], $token)) {
+                $storedToken = $_SESSION['csrf_token'];
+                $tokenTime = $_SESSION['csrf_token_time'];

-            if (time() - $tokenTime > self::$tokenExpiration) {
-                self::clearToken();
-                return false;
+                if (time() - $tokenTime > self::$tokenExpiration) {
+                    self::clearToken();
+                    return false;
+                }
+
+                return self::validateToken($token, $storedToken);
            }
-
-            return self::validateToken($token, $storedToken);
+            return false;
        }
-        return false;
+        return true;
    }

    public static function generateAndStoreToken()