From bd30261e842bdeeab6e34738c8738bfaaaf71224 Mon Sep 17 00:00:00 2001
From: Focuslinkstech <45756999+Focuslinkstech@users.noreply.github.com>
Date: Wed, 9 Oct 2024 17:05:23 +0100
Subject: [PATCH] move the CSRF Function to global function for easy access

---
 init.php                 | 32 --------------------------------
 system/autoload/Csrf.php | 30 ++++++++++++++++++++++++++++++
 2 files changed, 30 insertions(+), 32 deletions(-)
 create mode 100644 system/autoload/Csrf.php

diff --git a/init.php b/init.php
index dbfbad70..f842e747 100644
--- a/init.php
+++ b/init.php
@@ -367,35 +367,3 @@ function isTableExist($table)
         return false;
     }
 }
-
-function generateCsrfToken($expiryTime = 3600)
-{
-    $token = bin2hex(random_bytes(32));
-    $_SESSION['csrf_token'] = $token;
-    $_SESSION['csrf_token_time'] = time();
-    $_SESSION['csrf_token_expiry'] = $expiryTime;
-
-    return $token;
-}
-
-function validateCsrfToken($token)
-{
-    if (!isset($_SESSION['csrf_token'])) {
-        _log(Lang::T("CSRF token not set in session."));
-        return false;
-    }
-
-    if (is_null($token)) {
-        _log(Lang::T("Token passed is null."));
-        return false;
-    }
-
-    $tokenAge = time() - $_SESSION['csrf_token_time'];
-    if ($tokenAge > $_SESSION['csrf_token_expiry']) {
-        _log(Lang::T("CSRF token has expired."));
-        return false;
-    }
-
-
-    return hash_equals($_SESSION['csrf_token'], $token);
-}
diff --git a/system/autoload/Csrf.php b/system/autoload/Csrf.php
new file mode 100644
index 00000000..b6d7efd2
--- /dev/null
+++ b/system/autoload/Csrf.php
@@ -0,0 +1,30 @@
+<?php
+
+/**
+ *  PHP Mikrotik Billing (https://github.com/hotspotbilling/phpnuxbill/)
+ *  by https://t.me/ibnux
+ **/
+
+
+class Csrf {
+    public static function generateToken($length = 16) {
+        return bin2hex(random_bytes($length));
+    }
+
+    public static function validateToken($token, $storedToken) {
+        return hash_equals($token, $storedToken);
+    }
+
+    public static function check($token) {
+        if (isset($_SESSION['csrf_token']) && isset($token)) {
+            return self::validateToken($token, $_SESSION['csrf_token']);
+        }
+        return false;
+    }
+
+    public static function generateAndStoreToken() {
+        $token = self::generateToken();
+        $_SESSION['csrf_token'] = $token;
+        return $token;
+    }
+}