nestict/mitrobill
1
0
Fork 0
forked from kevinowino869/mitrobill
Code Pull Requests Activity

Enhancement and Improvements

Browse Source 
Refactor CSRF class: improve token handling and update session variable names

Replace bulk message with ajax based message sending.
Added support for multiple recipients in bulk message, and also router based filtering.

Add support for multiple recipients in bulk message from customer list as requested by one of our Member. you can now send messages to multiple recipients at once from customer list.

Added Exception for CRON but not tested yet. i dont have multiple routers.
Added notify to know if cron has been executed or not.
This commit is contained in:
Focuslinks Digital Solutions
2025-02-09 16:06:59 +01:00
parent 60d945d87f
commit 0a3205915f
5 changed files with 863 additions and 493 deletions
Download Patch File Download Diff File Expand all files Collapse all files

127
system/autoload/Csrf.php
View File

@ -6,50 +6,83 @@
**/
class Csrf
{
private static $tokenExpiration = 1800; // 30 minutes
public static function generateToken($length = 16)
{
return bin2hex(random_bytes($length));
}
public static function validateToken($token, $storedToken)
{
return hash_equals($token, $storedToken);
}
public static function check($token)
{
global $config;
if($config['csrf_enabled'] == 'yes') {
if (isset($_SESSION['csrf_token'], $_SESSION['csrf_token_time'], $token)) {
$storedToken = $_SESSION['csrf_token'];
$tokenTime = $_SESSION['csrf_token_time'];
if (time() - $tokenTime > self::$tokenExpiration) {
self::clearToken();
return false;
}
return self::validateToken($token, $storedToken);
}
return false;
}
return true;
}
public static function generateAndStoreToken()
{
$token = self::generateToken();
$_SESSION['csrf_token'] = $token;
$_SESSION['csrf_token_time'] = time();
return $token;
}
public static function clearToken()
{
unset($_SESSION['csrf_token'], $_SESSION['csrf_token_time']);
}
}
class Csrf
{
private const int TOKEN_LENGTH = 16;
private const int TOKEN_EXPIRATION = 1800;
/**
* Generate a CSRF token.
*
* @param int $length
* @return string
*/
public static function generateToken(int $length = self::TOKEN_LENGTH): string
{
return bin2hex(random_bytes($length));
}
/**
* Validate the provided CSRF token against the stored token.
*
* @param string $token
* @param string $storedToken
* @return bool
*/
public static function validateToken(string $token, string $storedToken): bool
{
return hash_equals($token, $storedToken);
}
/**
* Check if the CSRF token is valid.
*
* @param string|null $token
* @return bool
*/
public static function check(?string $token): bool
{
global $config;
if ($config['csrf_enabled'] === 'yes') {
if (isset($_SESSION['nux_csrf_token'], $_SESSION['nux_csrf_token_time'], $token)) {
$storedToken = $_SESSION['nux_csrf_token'];
$tokenTime = $_SESSION['nux_csrf_token_time'];
if (time() - $tokenTime > self::TOKEN_EXPIRATION) {
self::clearToken();
return false;
}
return self::validateToken($token, $storedToken);
}
return false;
}
return true; // CSRF is disabled
}
/**
* Generate and store a new CSRF token in the session.
*
* @return string
*/
public static function generateAndStoreToken(): string
{
$token = self::generateToken();
$_SESSION['nux_csrf_token'] = $token;
$_SESSION['nux_csrf_token_time'] = time();
return $token;
}
/**
* Clear the stored CSRF token from the session.
*
* @return void
*/
public static function clearToken(): void
{
unset($_SESSION['nux_csrf_token'], $_SESSION['nux_csrf_token_time']);
}
}