museum-digital/MD_STD
32
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
5130477e4b
MD_STD/MD_STD_SEC.php

49 lines
1.1 KiB
PHP
Raw Blame History

<?PHP
/**
* Gathers wrappers for handling basic security operations.
*/
declare(strict_types = 1);
/**
* Class providing static functions with basic security operations.
*/
final class MD_STD_SEC {
/**
* Function for retrieving the anti-csrf token or generating it if need be.
*
* @return string
*/
public static function getAntiCsrfToken():string {
if (empty($_SESSION['csrf-token'])) {
$_SESSION['csrf-token'] = bin2hex(random_bytes(32));
}
return $_SESSION['csrf-token'];
}
/**
* Function for validating anti-csrf tokens. Each anti-csrf token is removed
* after use.
*
* @return boolean
*/
public static function validateAntiCsrfToken():bool {
$validity = false;
if (!empty($_POST['csrf-token'])
&& !empty($_SESSION['csrf-token'])
&& hash_equals($_SESSION['csrf-token'], $_POST['csrf-token']) === true
) {
$validity = true;
}
$_SESSION['csrf-token'] = null; unset($_SESSION['csrf-token']);
return $validity;
}
}
Reference in New Issue View Git Blame Copy Permalink