Diff: projectbased/updates/baseline/app/Lib/Csrf.php
Keine Baseline-Datei – Diff nur gegen leer.
1
-
1
+
<?php
2
+
namespace App\Lib;
3
+
4
+
final class Csrf {
5
+
public static function token(): string {
6
+
if (empty($_SESSION['csrf'])) {
7
+
$_SESSION['csrf'] = bin2hex(random_bytes(32));
8
+
}
9
+
return $_SESSION['csrf'];
10
+
}
11
+
12
+
public static function check(): void {
13
+
$token = $_POST['csrf'] ?? '';
14
+
if (!$token || !hash_equals($_SESSION['csrf'] ?? '', $token)) {
15
+
http_response_code(400);
16
+
echo "Invalid CSRF token";
17
+
exit;
18
+
}
19
+
}
20
+
}
21
+