Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /**
- * Verify Cross Site Request Forgery Protection
- *
- * @access public
- * @return null
- */
- public function csrf_verify()
- {
- // If no POST data exists we will set the CSRF cookie
- if (count($_POST) == 0)
- {
- return $this->csrf_set_cookie();
- }
- // Do the tokens exist in both the _POST and _COOKIE arrays?
- if ( ! isset($_POST[$this->csrf_token_name]) OR ! isset($_COOKIE[$this->csrf_cookie_name]))
- {
- $this->csrf_remove_cookie();
- $this->csrf_show_error();
- }
- // Do the tokens match?
- if ($_POST[$this->csrf_token_name] != $_COOKIE[$this->csrf_cookie_name])
- {
- $this->csrf_remove_cookie();
- $this->csrf_show_error();
- }
- else
- {
- // Set hash as empty so new one is generated if form validation fails, or when token is verified.
- $this->csrf_hash = '';
- }
- // We kill this since we're done and we don't want to polute the _POST array
- unset($_POST[$this->csrf_token_name]);
- // Nothing should last forever
- unset($_COOKIE[$this->csrf_cookie_name]);
- $this->_csrf_set_hash();
- $this->csrf_set_cookie();
- log_message('debug', "CSRF token verified ");
- }
- // --------------------------------------------------------------------
- /**
- * Remove Cross Site Request Forgery Protection Cookie
- *
- * @access public
- * @return null
- */
- public function csrf_remove_cookie()
- {
- $expire = time() - 60;
- setcookie($this->csrf_cookie_name, '', $expire, config_item('cookie_path'), config_item('cookie_domain'), 0);
- log_message('debug', "CRSF cookie Removed");
- }
- // --------------------------------------------------------------------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
