diff options
author | Nicolas Lécureuil <neoclust@mageia.org> | 2020-05-17 14:46:00 +0200 |
---|---|---|
committer | Nicolas Lécureuil <neoclust@mageia.org> | 2020-05-17 14:46:00 +0200 |
commit | e3de9d7dd1331f9718e04cc98e9ca7cfa27cf4aa (patch) | |
tree | 336981502f93ceb9fa5ed33ea3b47dcefc5a8402 /common/app/classes/CSRF.php | |
parent | ff32e499745367b816d10f25e63ff3328214c32f (diff) | |
download | planet-user/wally/upstream-10-dev.tar planet-user/wally/upstream-10-dev.tar.gz planet-user/wally/upstream-10-dev.tar.bz2 planet-user/wally/upstream-10-dev.tar.xz planet-user/wally/upstream-10-dev.zip |
Sync with master of moonmoon ( version 9.0.0-rc)HEADuser/wally/upstream-10-devmaster
Source from https://github.com/Emmafrs/moonmoon/
Diffstat (limited to 'common/app/classes/CSRF.php')
-rw-r--r-- | common/app/classes/CSRF.php | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/common/app/classes/CSRF.php b/common/app/classes/CSRF.php new file mode 100644 index 0000000..9a700cf --- /dev/null +++ b/common/app/classes/CSRF.php @@ -0,0 +1,55 @@ +<?php + +class CSRF +{ + /** @var string */ + const HMAC_ALGORITHM = 'sha1'; + + /** @var string */ + const SESSION_KEY_NAME = '_csrf_key'; + + /** + * Ensure that a CSRF token is valid for a given action. + * + * @param string $token + * @param string $action + * @return bool + */ + public static function verify($token = '', $action = null) + { + if (!is_string($token) || !is_string($action)) { + return false; + } + + $known = self::generate($action); + return hash_equals($known, $token); + } + + /** + * Generate a CSRF token for a given action. + * + * @param string $action + * @throws InvalidArgumentException + * @return string + */ + public static function generate($action = null) + { + if (!is_string($action)) { + throw new InvalidArgumentException('A valid action must be defined.'); + } + return hash_hmac(self::HMAC_ALGORITHM, $action, self::getKey()); + } + + /** + * Get HMAC key. + * + * @return string + */ + public static function getKey() + { + if (empty($_SESSION[self::SESSION_KEY_NAME])) { + $_SESSION[self::SESSION_KEY_NAME] = random_bytes(16); + } + return $_SESSION[self::SESSION_KEY_NAME]; + } +} |