kevinowino869/mitrobill
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
mitrobill/system/autoload/Csrf.php
Focuslinks Digital Solutions 0a3205915f Enhancement and Improvements 
Refactor CSRF class: improve token handling and update session variable names

Replace bulk message with ajax based message sending.
Added support for multiple recipients in bulk message, and also router based filtering.

Add support for multiple recipients in bulk message from customer list as requested by one of our Member. you can now send messages to multiple recipients at once from customer list.

Added Exception for CRON but not tested yet. i dont have multiple routers.
Added notify to know if cron has been executed or not.
2025-02-09 16:06:59 +01:00

88 lines
2.2 KiB
PHP
Raw Blame History

<?php
/**
* PHP Mikrotik Billing (https://github.com/hotspotbilling/phpnuxbill/)
* by https://t.me/ibnux
**/
class Csrf
{
private const int TOKEN_LENGTH = 16;
private const int TOKEN_EXPIRATION = 1800;
/**
* Generate a CSRF token.
*
* @param int $length
* @return string
*/
public static function generateToken(int $length = self::TOKEN_LENGTH): string
{
return bin2hex(random_bytes($length));
}
/**
* Validate the provided CSRF token against the stored token.
*
* @param string $token
* @param string $storedToken
* @return bool
*/
public static function validateToken(string $token, string $storedToken): bool
{
return hash_equals($token, $storedToken);
}
/**
* Check if the CSRF token is valid.
*
* @param string|null $token
* @return bool
*/
public static function check(?string $token): bool
{
global $config;
if ($config['csrf_enabled'] === 'yes') {
if (isset($_SESSION['nux_csrf_token'], $_SESSION['nux_csrf_token_time'], $token)) {
$storedToken = $_SESSION['nux_csrf_token'];
$tokenTime = $_SESSION['nux_csrf_token_time'];
if (time() - $tokenTime > self::TOKEN_EXPIRATION) {
self::clearToken();
return false;
}
return self::validateToken($token, $storedToken);
}
return false;
}
return true; // CSRF is disabled
}
/**
* Generate and store a new CSRF token in the session.
*
* @return string
*/
public static function generateAndStoreToken(): string
{
$token = self::generateToken();
$_SESSION['nux_csrf_token'] = $token;
$_SESSION['nux_csrf_token_time'] = time();
return $token;
}
/**
* Clear the stored CSRF token from the session.
*
* @return void
*/
public static function clearToken(): void
{
unset($_SESSION['nux_csrf_token'], $_SESSION['nux_csrf_token_time']);
}
}
Reference in New Issue View Git Blame Copy Permalink