Use MD_STD_SEC's anti CSRF functions

2020-12-10 00:49:46 +01:00
parent b8643e0d04
commit 08d28f037c
4 changed files with 3 additions and 38 deletions
--- a/functions/functions.php
+++ b/functions/functions.php
@ -333,39 +333,3 @@ function identical_values(array $arrayA, array $arrayB):bool {

 }

-/**
- * Function for retrieving the anti-csrf token or generating it if need be.
- *
- * @return string
- */
-function getAntiCsrfToken():string {
-
-    if (empty($_SESSION['csrf-token'])) {
-        $_SESSION['csrf-token'] = bin2hex(random_bytes(32));
-    }
-
-    return $_SESSION['csrf-token'];
-
-}
-
-/**
- * Function for validating anti-csrf tokens. Each anti-csrf token is removed
- * after use.
- *
- * @return boolean
- */
-function validateAntiCsrfToken():bool {
-
-    $validity = false;
-    if (!empty($_POST['csrf-token'])
-        && !empty($_SESSION['csrf-token'])
-        && hash_equals($_SESSION['csrf-token'], $_POST['csrf-token']) === true
-    ) {
-        $validity = true;
-    }
-    $_SESSION['csrf-token'] = null; unset($_SESSION['csrf-token']);
-
-    return $validity;
-
-}
-