Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
C
Clubphp
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Administrator
Clubphp
Commits
56a76739
Commit
56a76739
authored
Apr 07, 2026
by
Administrator
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update 1 files via Son of Anton
parent
bce237d3
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
29 additions
and
18 deletions
+29
-18
CSRF.php
app/Core/CSRF.php
+29
-18
No files found.
app/Core/CSRF.php
View file @
56a76739
...
...
@@ -5,45 +5,56 @@ namespace App\Core;
final
class
CSRF
{
private
static
string
$tokenKey
=
'_csrf_token'
;
/**
* Generate a new CSRF token and store in session.
* Only generates if one doesn't already exist.
*/
public
static
function
generate
()
:
string
{
$session
=
App
::
getInstance
()
->
session
();
$existing
=
$session
->
get
(
'_csrf_token'
);
if
(
$existing
&&
is_string
(
$existing
)
&&
strlen
(
$existing
)
>
10
)
{
return
$existing
;
}
$token
=
bin2hex
(
random_bytes
(
32
));
$
_SESSION
[
self
::
$tokenKey
]
=
$token
;
$
session
->
set
(
'_csrf_token'
,
$token
)
;
return
$token
;
}
/**
* Get current token, or generate one.
*/
public
static
function
token
()
:
string
{
if
(
empty
(
$_SESSION
[
self
::
$tokenKey
]))
{
return
self
::
generate
();
}
return
$_SESSION
[
self
::
$tokenKey
];
}
public
static
function
validate
(
?
string
$token
)
:
bool
/**
* Validate a submitted token.
*/
public
static
function
validate
(
string
$token
)
:
bool
{
if
(
$token
===
null
||
$token
===
''
)
{
if
(
$token
===
''
)
{
return
false
;
}
$sessionToken
=
$_SESSION
[
self
::
$tokenKey
]
??
''
;
if
(
$sessionToken
===
''
)
{
$session
=
App
::
getInstance
()
->
session
();
$stored
=
$session
->
get
(
'_csrf_token'
);
if
(
!
$stored
||
!
is_string
(
$stored
))
{
return
false
;
}
return
hash_equals
(
$s
essionToken
,
$token
);
return
hash_equals
(
$s
tored
,
$token
);
}
/**
* Return hidden input field.
*/
public
static
function
field
()
:
string
{
return
'<input type="hidden" name="_csrf_token" value="'
.
htmlspecialchars
(
self
::
token
(),
ENT_QUOTES
,
'UTF-8'
)
.
'">'
;
}
// Regenerate token after successful validation (prevents reuse)
public
static
function
regenerate
()
:
void
{
self
::
generate
();
}
}
\ No newline at end of file
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment