diff --git a/init.php b/init.php index 46cac083..dbfbad70 100644 --- a/init.php +++ b/init.php @@ -368,3 +368,34 @@ function isTableExist($table) } } +function generateCsrfToken($expiryTime = 3600) +{ + $token = bin2hex(random_bytes(32)); + $_SESSION['csrf_token'] = $token; + $_SESSION['csrf_token_time'] = time(); + $_SESSION['csrf_token_expiry'] = $expiryTime; + + return $token; +} + +function validateCsrfToken($token) +{ + if (!isset($_SESSION['csrf_token'])) { + _log(Lang::T("CSRF token not set in session.")); + return false; + } + + if (is_null($token)) { + _log(Lang::T("Token passed is null.")); + return false; + } + + $tokenAge = time() - $_SESSION['csrf_token_time']; + if ($tokenAge > $_SESSION['csrf_token_expiry']) { + _log(Lang::T("CSRF token has expired.")); + return false; + } + + + return hash_equals($_SESSION['csrf_token'], $token); +} diff --git a/system/controllers/admin.php b/system/controllers/admin.php index e8064bd0..c91f495d 100644 --- a/system/controllers/admin.php +++ b/system/controllers/admin.php @@ -5,6 +5,10 @@ * by https://t.me/ibnux **/ + header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0"); + header("Expires: Tue, 01 Jan 2000 00:00:00 GMT"); + header("Pragma: no-cache"); + if(Admin::getID()){ r2(U.'dashboard', "s", Lang::T("You are already logged in")); } diff --git a/system/controllers/login.php b/system/controllers/login.php index 3a25e6dc..20746630 100644 --- a/system/controllers/login.php +++ b/system/controllers/login.php @@ -5,6 +5,10 @@ * by https://t.me/ibnux **/ +header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0"); +header("Expires: Tue, 01 Jan 2000 00:00:00 GMT"); +header("Pragma: no-cache"); + $maintenance_mode = $config['maintenance_mode']; if ($maintenance_mode == true) { displayMaintenanceMessage(); diff --git a/system/controllers/logout.php b/system/controllers/logout.php index 3db002ba..68ebff72 100644 --- a/system/controllers/logout.php +++ b/system/controllers/logout.php @@ -1,12 +1,17 @@