kevinowino869/mitrobill
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added token expiration: 30 minutes by default

Browse Source
This commit is contained in:
Focuslinkstech 2024-10-09 17:24:28 +01:00 committed by Ibnu Maksum
parent 99e8b20bb3
commit 9bc3ccc02b
No known key found for this signature in database
GPG Key ID: 7FC82848810579E5
1 changed files with 28 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
system/autoload/Csrf.php
View File

@ -6,25 +6,46 @@
**/ **/
class Csrf { class Csrf
public static function generateToken($length = 16) { {
private static $tokenExpiration = 1800; // 30 minutes
public static function generateToken($length = 16)
{
return bin2hex(random_bytes($length)); return bin2hex(random_bytes($length));
} }
public static function validateToken($token, $storedToken) { public static function validateToken($token, $storedToken)
{
return hash_equals($token, $storedToken); return hash_equals($token, $storedToken);
} }
public static function check($token) { public static function check($token)
if (isset($_SESSION['csrf_token']) && isset($token)) { {
return self::validateToken($token, $_SESSION['csrf_token']); if (isset($_SESSION['csrf_token'], $_SESSION['csrf_token_time'], $token)) {
$storedToken = $_SESSION['csrf_token'];
$tokenTime = $_SESSION['csrf_token_time'];
if (time() - $tokenTime > self::$tokenExpiration) {
self::clearToken();
return false;
}
return self::validateToken($token, $storedToken);
} }
return false; return false;
} }
public static function generateAndStoreToken() { public static function generateAndStoreToken()
{
$token = self::generateToken(); $token = self::generateToken();
$_SESSION['csrf_token'] = $token; $_SESSION['csrf_token'] = $token;
$_SESSION['csrf_token_time'] = time();
return $token; return $token;
} }
public static function clearToken()
{
unset($_SESSION['csrf_token'], $_SESSION['csrf_token_time']);
}
} }