sakura/app/CSRF.php

<?php
/**
 * Holds the CSRF token handler.
 *
 * @package Sakura
 */

namespace Sakura;

/**
 * Used to generate and validate CSRF tokens.
 *
 * @package Sakura
 * @author Julian van de Groep <me@flash.moe>
 */
class CSRF
{
    /**
     * The prefix to prevent collisions in the $_SESSION variable.
     */
    const ID_PREFIX = '_sakura_csrf_';

    /**
     * The size of the randomly generated string.
     */
    const RANDOM_SIZE = 16;

    /**
     * Create a new CSRF token.
     *
     * @param mixed $id The ID for this token.
     *
     * @return string The token.
     */
    public static function create($id)
    {
        // Generate a token
        $token = self::generate();

        // Make identifier
        $id = strtoupper(self::ID_PREFIX . $id);

        // Assign to session
        $_SESSION[$id] = $token;

        // Return the token
        return $token;
    }

    /**
     * Generate a CSRF token.
     *
     * @return string Cryptographically secure random string.
     */
    public static function generate()
    {
        return bin2hex(random_bytes(self::RANDOM_SIZE));
    }

    /**
     * Validate a CSRF token.
     *
     * @param mixed $token The token.
     * @param mixed $id The ID.
     *
     * @return bool Indicator if it was right or not.
     */
    public static function validate($token, $id)
    {
        // Set id
        $id = strtoupper(self::ID_PREFIX . $id);

        // Check if the token exists
        if (!array_key_exists($id, $_SESSION)) {
            return false;
        }

        return hash_equals($token, $_SESSION[$id]);
    }
}
r20160102 why was there a variable called dick in hashing.php 2016-01-02 17:55:31 +00:00			`<?php`
Added more PHPDoc stuff 2016-02-03 22:22:56 +00:00			`/**`
			`* Holds the CSRF token handler.`
Applied fixes from StyleCI 2016-03-08 23:07:58 +00:00			`*`
Added more PHPDoc stuff 2016-02-03 22:22:56 +00:00			`* @package Sakura`
			`*/`

r20160102 why was there a variable called dick in hashing.php 2016-01-02 17:55:31 +00:00			`namespace Sakura;`

			`/**`
r20160202 2016-02-02 21:04:15 +00:00			`* Used to generate and validate CSRF tokens.`
Applied fixes from StyleCI 2016-03-08 23:07:58 +00:00			`*`
r20160102 why was there a variable called dick in hashing.php 2016-01-02 17:55:31 +00:00			`* @package Sakura`
r20160202 2016-02-02 21:04:15 +00:00			`* @author Julian van de Groep <me@flash.moe>`
r20160102 why was there a variable called dick in hashing.php 2016-01-02 17:55:31 +00:00			`*/`
			`class CSRF`
			`{`
r20160202 2016-02-02 21:04:15 +00:00			`/**`
			`* The prefix to prevent collisions in the $_SESSION variable.`
			`*/`
r20160102 why was there a variable called dick in hashing.php 2016-01-02 17:55:31 +00:00			`const ID_PREFIX = '_sakura_csrf_';`
r20160202 2016-02-02 21:04:15 +00:00
			`/**`
			`* The size of the randomly generated string.`
			`*/`
r20160102 why was there a variable called dick in hashing.php 2016-01-02 17:55:31 +00:00			`const RANDOM_SIZE = 16;`

r20160202 2016-02-02 21:04:15 +00:00			`/**`
			`* Create a new CSRF token.`
Applied fixes from StyleCI 2016-03-08 23:07:58 +00:00			`*`
r20160202 2016-02-02 21:04:15 +00:00			`* @param mixed $id The ID for this token.`
Applied fixes from StyleCI 2016-03-08 23:07:58 +00:00			`*`
r20160202 2016-02-02 21:04:15 +00:00			`* @return string The token.`
			`*/`
r20160102 why was there a variable called dick in hashing.php 2016-01-02 17:55:31 +00:00			`public static function create($id)`
			`{`
			`// Generate a token`
			`$token = self::generate();`

			`// Make identifier`
			`$id = strtoupper(self::ID_PREFIX . $id);`

			`// Assign to session`
			`$_SESSION[$id] = $token;`

			`// Return the token`
			`return $token;`
			`}`

r20160202 2016-02-02 21:04:15 +00:00			`/**`
			`* Generate a CSRF token.`
Applied fixes from StyleCI 2016-03-08 23:07:58 +00:00			`*`
r20160202 2016-02-02 21:04:15 +00:00			`* @return string Cryptographically secure random string.`
			`*/`
r20160102 why was there a variable called dick in hashing.php 2016-01-02 17:55:31 +00:00			`public static function generate()`
			`{`
migration and the software itself works! 2016-07-29 19:31:36 +00:00			`return bin2hex(random_bytes(self::RANDOM_SIZE));`
r20160102 why was there a variable called dick in hashing.php 2016-01-02 17:55:31 +00:00			`}`

r20160202 2016-02-02 21:04:15 +00:00			`/**`
			`* Validate a CSRF token.`
Applied fixes from StyleCI 2016-03-08 23:07:58 +00:00			`*`
r20160202 2016-02-02 21:04:15 +00:00			`* @param mixed $token The token.`
			`* @param mixed $id The ID.`
Applied fixes from StyleCI 2016-03-08 23:07:58 +00:00			`*`
r20160202 2016-02-02 21:04:15 +00:00			`* @return bool Indicator if it was right or not.`
			`*/`
r20160102 why was there a variable called dick in hashing.php 2016-01-02 17:55:31 +00:00			`public static function validate($token, $id)`
			`{`
			`// Set id`
			`$id = strtoupper(self::ID_PREFIX . $id);`

			`// Check if the token exists`
			`if (!array_key_exists($id, $_SESSION)) {`
			`return false;`
			`}`

migration and the software itself works! 2016-07-29 19:31:36 +00:00			`return hash_equals($token, $_SESSION[$id]);`
r20160102 why was there a variable called dick in hashing.php 2016-01-02 17:55:31 +00:00			`}`
			`}`