-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathcsrf.php
More file actions
90 lines (49 loc) · 1.4 KB
/
csrf.php
File metadata and controls
90 lines (49 loc) · 1.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
<?php
class csrf{
private static function startSession(){
if(!isset($_SESSION)){
session_start();
}
}
public static function setToken(){
csrf::startSession();
$keyset = base64_encode(openssl_random_pseudo_bytes(32));
$key = md5(base64_encode(str_shuffle($keyset)));
if(empty($_SESSION["csrfTokenlist"]) || !isset($_SESSION["csrfTokenlist"])){
$_SESSION["csrfTokenlist"] = $key;
}else{
$_SESSION["csrfTokenlist"] = $_SESSION["csrfTokenlist"].",".$key;
}
unset($keyset);
return $key;
}
public static function checkToken($key){
csrf::startSession();
$sessionSet = explode(",",$_SESSION["csrfTokenlist"]);
$keys = null;
$isMatch = false;
foreach($sessionSet as $sessionkey){
if($key == $sessionkey){
$isMatch = true;
}else{
if($keys == null){
$keys = $sessionkey;
}else{
$keys .= ",".$sessionkey;
}
}
}
$_SESSION["csrfTokenlist"] = $keys;
unset($sessionSet);
unset($sessionkey);
unset($keys);
return $isMatch;
}
public static function flushKeys(){
csrf::startSession();
if(!empty($_SESSION["csrfTokenlist"]) || isset($_SESSION["csrfTokenlist"])){
$_SESSION["csrfTokenlist"] = null;
}
}
}
?>