From 96365eef2a14f4976476e0b663e1f38116f393fb Mon Sep 17 00:00:00 2001
From: Focuslinkstech <45756999+Focuslinkstech@users.noreply.github.com>
Date: Wed, 9 Oct 2024 15:56:47 +0100
Subject: [PATCH] Added more security flags to prevent XSS attack from cookie.

---
 init.php                      | 31 +++++++++++++++++++++++++++++++
 system/controllers/admin.php  |  4 ++++
 system/controllers/login.php  |  4 ++++
 system/controllers/logout.php |  7 ++++++-
 4 files changed, 45 insertions(+), 1 deletion(-)

diff --git a/init.php b/init.php
index 46cac083..dbfbad70 100644
--- a/init.php
+++ b/init.php
@@ -368,3 +368,34 @@ function isTableExist($table)
     }
 }
 
+function generateCsrfToken($expiryTime = 3600)
+{
+    $token = bin2hex(random_bytes(32));
+    $_SESSION['csrf_token'] = $token;
+    $_SESSION['csrf_token_time'] = time();
+    $_SESSION['csrf_token_expiry'] = $expiryTime;
+
+    return $token;
+}
+
+function validateCsrfToken($token)
+{
+    if (!isset($_SESSION['csrf_token'])) {
+        _log(Lang::T("CSRF token not set in session."));
+        return false;
+    }
+
+    if (is_null($token)) {
+        _log(Lang::T("Token passed is null."));
+        return false;
+    }
+
+    $tokenAge = time() - $_SESSION['csrf_token_time'];
+    if ($tokenAge > $_SESSION['csrf_token_expiry']) {
+        _log(Lang::T("CSRF token has expired."));
+        return false;
+    }
+
+
+    return hash_equals($_SESSION['csrf_token'], $token);
+}
diff --git a/system/controllers/admin.php b/system/controllers/admin.php
index e8064bd0..c91f495d 100644
--- a/system/controllers/admin.php
+++ b/system/controllers/admin.php
@@ -5,6 +5,10 @@
  *  by https://t.me/ibnux
  **/
 
+ header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
+ header("Expires: Tue, 01 Jan 2000 00:00:00 GMT");
+ header("Pragma: no-cache");
+
 if(Admin::getID()){
     r2(U.'dashboard', "s", Lang::T("You are already logged in"));
 }
diff --git a/system/controllers/login.php b/system/controllers/login.php
index 3a25e6dc..20746630 100644
--- a/system/controllers/login.php
+++ b/system/controllers/login.php
@@ -5,6 +5,10 @@
  *  by https://t.me/ibnux
  **/
 
+header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
+header("Expires: Tue, 01 Jan 2000 00:00:00 GMT");
+header("Pragma: no-cache");
+
 $maintenance_mode = $config['maintenance_mode'];
 if ($maintenance_mode == true) {
     displayMaintenanceMessage();
diff --git a/system/controllers/logout.php b/system/controllers/logout.php
index 3db002ba..68ebff72 100644
--- a/system/controllers/logout.php
+++ b/system/controllers/logout.php
@@ -1,12 +1,17 @@
 <?php
+
 /**
  *  PHP Mikrotik Billing (https://github.com/hotspotbilling/phpnuxbill/)
  *  by https://t.me/ibnux
  **/
 
+header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
+header("Expires: Tue, 01 Jan 2000 00:00:00 GMT");
+header("Pragma: no-cache");
+
 run_hook('customer_logout'); #HOOK
 if (session_status() == PHP_SESSION_NONE) session_start();
 Admin::removeCookie();
 User::removeCookie();
 session_destroy();
-_alert(Lang::T('Logout Successful'),'warning', "login");
\ No newline at end of file
+_alert(Lang::T('Logout Successful'), 'warning', "login");