1: <?php
 2: /**
 3:  * Created by PhpStorm.
 4:  * User: shakti
 5:  * Date: 1/27/17
 6:  * Time: 10:45 AM
 7:  */
 8: namespace Core\Middleware\CSRF;
 9: use Core\BaseClasses\BaseCSRF;
10: use Exception;
11: 
12: class CSRF
13: {
14:     /**
15:      * URI's are defined in the array on which we do not want the CSRF security to work
16:      * @return array
17:      */
18:     private static function skipURI()
19:     {
20:         return [
21:         ];
22:     }
23: 
24:     /**
25:      * CSRF Verifier
26:      * @param $uri
27:      * @return bool
28:      * @throws Exception
29:      */
30:     public static function verifyCSRFToken($uri)
31:     {
32:         if(in_array($uri,self::skipURI()))
33:         {
34:             return true;
35:         }
36:         $csrf = new BaseCSRF();
37:         if(!$csrf->verifyToken())
38:         {
39:             throw new Exception("CSRF Token Mismatch");
40:         }
41:         return true;
42:     }
43: }