Dominique.Fournier/DomFramework
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity

csrf : allow to extend the CSRF token expiration

Browse Source 
git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@4896 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
This commit is contained in:
Dominique Fournier
2019-01-29 10:21:33 +00:00
parent 4486f99b72
commit 5bba18b688
1 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
csrf.php
View File

@@ -21,6 +21,7 @@ class csrf
/** Manage the singleton */ /** Manage the singleton */
public function __construct () public function __construct ()
// {{{
{ {
if (isset ($GLOBALS["domframework"]["csrf"])) if (isset ($GLOBALS["domframework"]["csrf"]))
{ {
@@ -33,9 +34,11 @@ class csrf
$GLOBALS["domframework"]["csrf"] = $this; $GLOBALS["domframework"]["csrf"] = $this;
} }
} }
// }}}
/** This function return the token */ /** This function return the token */
public function createToken () public function createToken ()
// {{{
{ {
$l = 30; // Number of chars in token $l = 30; // Number of chars in token
$c = "abcdefghijklmnopqrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ"; $c = "abcdefghijklmnopqrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ";
@@ -47,11 +50,13 @@ class csrf
$_SESSION["domframework"]["csrf"]["csrfStart"] = microtime (TRUE); $_SESSION["domframework"]["csrf"]["csrfStart"] = microtime (TRUE);
return $this->csrfToken; return $this->csrfToken;
} }
// }}}
/** Check if the provided token is the right token, defined last displayed /** Check if the provided token is the right token, defined last displayed
* page * page
* @param string $tokenFromUser The value csrf the user's token */ * @param string $tokenFromUser The value csrf the user's token */
public function checkToken ($tokenFromUser) public function checkToken ($tokenFromUser)
// {{{
{ {
if ($this->csrf === FALSE ) if ($this->csrf === FALSE )
return TRUE; return TRUE;
@@ -73,9 +78,11 @@ class csrf
} }
return TRUE; return TRUE;
} }
// }}}
/** Return the CSRF token in a hidden field */ /** Return the CSRF token in a hidden field */
public function displayFormCSRF () public function displayFormCSRF ()
// {{{
{ {
if ($this->csrfToken == "") if ($this->csrfToken == "")
$this->createToken (); $this->createToken ();
@@ -83,12 +90,26 @@ class csrf
$res .= "value='$this->csrfToken'/>\n"; $res .= "value='$this->csrfToken'/>\n";
return $res; return $res;
} }
// }}}
/** Return the token if exists or create a new one if needed */ /** Return the token if exists or create a new one if needed */
public function getToken () public function getToken ()
// {{{
{ {
if ($this->csrfToken === "") if ($this->csrfToken === "")
$this->createToken (); $this->createToken ();
return $this->csrfToken; return $this->csrfToken;
} }
// }}}
/** Add more time to existing CSRF token
* @param string $tokenFromUser The existing token
*/
public function extendToken ($tokenFromUser)
// {{{
{
$this->checkToken ($tokenFromUser);
$_SESSION["domframework"]["csrf"]["csrfStart"] = microtime (TRUE);
}
// }}}
} }