kevinowino869/mitrobill
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

move the CSRF Function to global function for easy access

Browse Source
This commit is contained in:
Focuslinkstech 2024-10-09 17:05:23 +01:00 committed by Ibnu Maksum
parent 96365eef2a
commit bd30261e84
No known key found for this signature in database
GPG Key ID: 7FC82848810579E5
2 changed files with 30 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
init.php
View File

@ -367,35 +367,3 @@ function isTableExist($table)
return false;
}
}
function generateCsrfToken($expiryTime = 3600)
{
$token = bin2hex(random_bytes(32));
$_SESSION['csrf_token'] = $token;
$_SESSION['csrf_token_time'] = time();
$_SESSION['csrf_token_expiry'] = $expiryTime;
return $token;
}
function validateCsrfToken($token)
{
if (!isset($_SESSION['csrf_token'])) {
_log(Lang::T("CSRF token not set in session."));
return false;
}
if (is_null($token)) {
_log(Lang::T("Token passed is null."));
return false;
}
$tokenAge = time() - $_SESSION['csrf_token_time'];
if ($tokenAge > $_SESSION['csrf_token_expiry']) {
_log(Lang::T("CSRF token has expired."));
return false;
}
return hash_equals($_SESSION['csrf_token'], $token);
}

30
system/autoload/Csrf.php Normal file
View File

@ -0,0 +1,30 @@
<?php
/**
* PHP Mikrotik Billing (https://github.com/hotspotbilling/phpnuxbill/)
* by https://t.me/ibnux
**/
class Csrf {
public static function generateToken($length = 16) {
return bin2hex(random_bytes($length));
}
public static function validateToken($token, $storedToken) {
return hash_equals($token, $storedToken);
}
public static function check($token) {
if (isset($_SESSION['csrf_token']) && isset($token)) {
return self::validateToken($token, $_SESSION['csrf_token']);
}
return false;
}
public static function generateAndStoreToken() {
$token = self::generateToken();
$_SESSION['csrf_token'] = $token;
return $token;
}
}