diff options
author | Evgeny Zinoviev <me@ch1p.io> | 2022-07-09 19:40:17 +0300 |
---|---|---|
committer | Evgeny Zinoviev <me@ch1p.io> | 2022-07-09 19:40:17 +0300 |
commit | f7bfdf58def6aadc922e1632f407d1418269a0d7 (patch) | |
tree | d7a0b2819e6a26c11d40ee0b27267ea827fbb345 /engine/csrf.php |
initial
Diffstat (limited to 'engine/csrf.php')
-rw-r--r-- | engine/csrf.php | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/engine/csrf.php b/engine/csrf.php new file mode 100644 index 0000000..20ea919 --- /dev/null +++ b/engine/csrf.php @@ -0,0 +1,22 @@ +<?php + +class csrf { + + public static function check(string $key): void { + $user_csrf = self::get($key); + $sent_csrf = $_REQUEST['token'] ?? ''; + + if ($sent_csrf != $user_csrf) + throw new ForbiddenException("csrf error"); + } + + public static function get(string $key): string { + return self::getToken($_SERVER['REMOTE_ADDR'], $key); + } + + protected static function getToken(string $user_token, string $key): string { + global $config; + return substr(sha1($config['csrf_token'].$user_token.$key), 0, 20); + } + +}
\ No newline at end of file |