File BaseCSRF.php

 1: <?php
 2: /**
 3:  * Created by PhpStorm.
 4:  * @Author: Shakti Phartiyal
 5:  * Date: 1/24/17
 6:  * Time: 1:55 PM
 7:  */
 8: namespace Core\BaseClasses;
 9: 
10: class BaseCSRF
11: {
12:     /**
13:      * Initialize CSRF
14:      * BaseCSRF constructor.
15:      */
16:     public function __construct()
17:     {
18:         session_name("sea-surf");
19:         session_start();
20:     }
21: 
22:     /**
23:      * Generate and set the CSRF Token
24:      * @return string
25:      */
26:     public function generateToken()
27:     {
28:         if(function_exists('mcrypt_create_iv'))
29:         {
30:             $_SESSION['csrf_token'] = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
31:         }
32:         else
33:         {
34:             $_SESSION['csrf_token'] = bin2hex(openssl_random_pseudo_bytes(32));
35:         }
36:         return $_SESSION['csrf_token'];
37:     }
38: 
39:     /**
40:      * Verify the submitted Token
41:      * @return bool
42:      */
43:     public function verifyToken()
44:     {
45:         if(isset($_POST['csrf_token']) && !empty($_POST['csrf_token']) && isset($_SESSION['csrf_token']))
46:         {
47:             if(hash_equals($_SESSION['csrf_token'], $_POST['csrf_token']))
48:             {
49:                 return true;
50:             }
51:         }
52:         else
53:         {
54:             return false;
55:         }
56:     }
57: }
Namespaces

Classes

Functions
