diff options
| author | Evgeny Zinoviev <me@ch1p.io> | 2024-01-31 06:11:00 +0300 |
|---|---|---|
| committer | Evgeny Zinoviev <me@ch1p.io> | 2024-01-31 20:45:40 +0300 |
| commit | c0dc531ebefd8912819f3b6c8bda1fed3c7e750c (patch) | |
| tree | 2c75aa9df182260aef09faf4befd81a4c2b9c5e2 /engine/csrf.php | |
| parent | 48d688cdf7f9eae1bf11b8a6f0e5b98687c604cb (diff) | |
make it simple, but not simpler
Diffstat (limited to 'engine/csrf.php')
| -rw-r--r-- | engine/csrf.php | 22 |
1 files changed, 0 insertions, 22 deletions
diff --git a/engine/csrf.php b/engine/csrf.php deleted file mode 100644 index 20ea919..0000000 --- a/engine/csrf.php +++ /dev/null @@ -1,22 +0,0 @@ -<?php - -class csrf { - - public static function check(string $key): void { - $user_csrf = self::get($key); - $sent_csrf = $_REQUEST['token'] ?? ''; - - if ($sent_csrf != $user_csrf) - throw new ForbiddenException("csrf error"); - } - - public static function get(string $key): string { - return self::getToken($_SERVER['REMOTE_ADDR'], $key); - } - - protected static function getToken(string $user_token, string $key): string { - global $config; - return substr(sha1($config['csrf_token'].$user_token.$key), 0, 20); - } - -}
\ No newline at end of file |