diff options
Diffstat (limited to 'engine/csrf.php')
| -rw-r--r-- | engine/csrf.php | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/engine/csrf.php b/engine/csrf.php new file mode 100644 index 0000000..20ea919 --- /dev/null +++ b/engine/csrf.php @@ -0,0 +1,22 @@ +<?php + +class csrf { + + public static function check(string $key): void { + $user_csrf = self::get($key); + $sent_csrf = $_REQUEST['token'] ?? ''; + + if ($sent_csrf != $user_csrf) + throw new ForbiddenException("csrf error"); + } + + public static function get(string $key): string { + return self::getToken($_SERVER['REMOTE_ADDR'], $key); + } + + protected static function getToken(string $user_token, string $key): string { + global $config; + return substr(sha1($config['csrf_token'].$user_token.$key), 0, 20); + } + +}
\ No newline at end of file |