summaryrefslogtreecommitdiff
path: root/engine/csrf.php
diff options
context:
space:
mode:
authorEvgeny Zinoviev <me@ch1p.io>2022-07-09 19:40:17 +0300
committerEvgeny Zinoviev <me@ch1p.io>2022-07-09 19:40:17 +0300
commitf7bfdf58def6aadc922e1632f407d1418269a0d7 (patch)
treed7a0b2819e6a26c11d40ee0b27267ea827fbb345 /engine/csrf.php
initial
Diffstat (limited to 'engine/csrf.php')
-rw-r--r--engine/csrf.php22
1 files changed, 22 insertions, 0 deletions
diff --git a/engine/csrf.php b/engine/csrf.php
new file mode 100644
index 0000000..20ea919
--- /dev/null
+++ b/engine/csrf.php
@@ -0,0 +1,22 @@
+<?php
+
+class csrf {
+
+ public static function check(string $key): void {
+ $user_csrf = self::get($key);
+ $sent_csrf = $_REQUEST['token'] ?? '';
+
+ if ($sent_csrf != $user_csrf)
+ throw new ForbiddenException("csrf error");
+ }
+
+ public static function get(string $key): string {
+ return self::getToken($_SERVER['REMOTE_ADDR'], $key);
+ }
+
+ protected static function getToken(string $user_token, string $key): string {
+ global $config;
+ return substr(sha1($config['csrf_token'].$user_token.$key), 0, 20);
+ }
+
+} \ No newline at end of file