flash/sakura
flash/sakura
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
This repository has been archived on 2024-06-26. You can view files and clone it, but cannot push or open issues or pull requests.
sakura/app/CSRF.php

74 lines
1.4 KiB
PHP
Raw Normal View History

r20160102 why was there a variable called dick in hashing.php
2016-01-02 18:55:31 +01:00
<?php
Added more PHPDoc stuff
2016-02-03 23:22:56 +01:00
/**
* Holds the CSRF token handler.
* @package Sakura
*/
r20160102 why was there a variable called dick in hashing.php
2016-01-02 18:55:31 +01:00
namespace Sakura;
/**
r20160202
2016-02-02 22:04:15 +01:00
* Used to generate and validate CSRF tokens.
r20160102 why was there a variable called dick in hashing.php
2016-01-02 18:55:31 +01:00
* @package Sakura
r20160202
2016-02-02 22:04:15 +01:00
* @author Julian van de Groep <me@flash.moe>
r20160102 why was there a variable called dick in hashing.php
2016-01-02 18:55:31 +01:00
*/
class CSRF
{
r20160202
2016-02-02 22:04:15 +01:00
/**
* The prefix to prevent collisions in the $_SESSION variable.
*/
r20160102 why was there a variable called dick in hashing.php
2016-01-02 18:55:31 +01:00
const ID_PREFIX = '_sakura_csrf_';
r20160202
2016-02-02 22:04:15 +01:00
/**
* The size of the randomly generated string.
*/
r20160102 why was there a variable called dick in hashing.php
2016-01-02 18:55:31 +01:00
const RANDOM_SIZE = 16;
r20160202
2016-02-02 22:04:15 +01:00
/**
* Create a new CSRF token.
update phpdocs
2016-08-05 04:35:37 +02:00
* @param mixed $id
* @return string
r20160202
2016-02-02 22:04:15 +01:00
*/
r20160102 why was there a variable called dick in hashing.php
2016-01-02 18:55:31 +01:00
public static function create($id)
{
// Generate a token
$token = self::generate();
// Make identifier
$id = strtoupper(self::ID_PREFIX . $id);
// Assign to session
$_SESSION[$id] = $token;
// Return the token
return $token;
}
r20160202
2016-02-02 22:04:15 +01:00
/**
* Generate a CSRF token.
update phpdocs
2016-08-05 04:35:37 +02:00
* @return string
r20160202
2016-02-02 22:04:15 +01:00
*/
r20160102 why was there a variable called dick in hashing.php
2016-01-02 18:55:31 +01:00
public static function generate()
{
migration and the software itself works!
2016-07-29 21:31:36 +02:00
return bin2hex(random_bytes(self::RANDOM_SIZE));
r20160102 why was there a variable called dick in hashing.php
2016-01-02 18:55:31 +01:00
}
r20160202
2016-02-02 22:04:15 +01:00
/**
* Validate a CSRF token.
update phpdocs
2016-08-05 04:35:37 +02:00
* @param string $token
* @param string $id
* @return bool
r20160202
2016-02-02 22:04:15 +01:00
*/
r20160102 why was there a variable called dick in hashing.php
2016-01-02 18:55:31 +01:00
public static function validate($token, $id)
{
// Set id
$id = strtoupper(self::ID_PREFIX . $id);
// Check if the token exists
if (!array_key_exists($id, $_SESSION)) {
return false;
}
migration and the software itself works!
2016-07-29 21:31:36 +02:00
return hash_equals($token, $_SESSION[$id]);
r20160102 why was there a variable called dick in hashing.php
2016-01-02 18:55:31 +01:00
}
}
Reference in a new issue Copy permalink