move the CSRF Function to global function for easy access

2024-10-09 17:05:23 +01:00 · 2024-10-09 17:05:23 +01:00 · bd30261e84
commit bd30261e84
parent 96365eef2a
2 changed files with 30 additions and 32 deletions
--- a/init.php
+++ b/init.php
@ -367,35 +367,3 @@ function isTableExist($table)
        return false;
    }
 }
 function generateCsrfToken($expiryTime = 3600)
 {
    $token = bin2hex(random_bytes(32));
    $_SESSION['csrf_token'] = $token;
    $_SESSION['csrf_token_time'] = time();
    $_SESSION['csrf_token_expiry'] = $expiryTime;
    return $token;
 }
 function validateCsrfToken($token)
 {
    if (!isset($_SESSION['csrf_token'])) {
        _log(Lang::T("CSRF token not set in session."));
        return false;
    }
    if (is_null($token)) {
        _log(Lang::T("Token passed is null."));
        return false;
    }
    $tokenAge = time() - $_SESSION['csrf_token_time'];
    if ($tokenAge > $_SESSION['csrf_token_expiry']) {
        _log(Lang::T("CSRF token has expired."));
        return false;
    }
    return hash_equals($_SESSION['csrf_token'], $token);
 }
--- a/system/autoload/Csrf.php
+++ b/system/autoload/Csrf.php
@ -0,0 +1,30 @@
 <?php
 /**
 *  PHP Mikrotik Billing (https://github.com/hotspotbilling/phpnuxbill/)
 *  by https://t.me/ibnux
 **/
 class Csrf {
    public static function generateToken($length = 16) {
        return bin2hex(random_bytes($length));
    }
    public static function validateToken($token, $storedToken) {
        return hash_equals($token, $storedToken);
    }
    public static function check($token) {
        if (isset($_SESSION['csrf_token']) && isset($token)) {
            return self::validateToken($token, $_SESSION['csrf_token']);
        }
        return false;
    }
    public static function generateAndStoreToken() {
        $token = self::generateToken();
        $_SESSION['csrf_token'] = $token;
        return $token;
    }
 }