public static function makeToken()
{
// token is valid for 1 day
$max_time = 60 * 60 * 24;
$stored_time = Session::get('csrf_token_time');
$csrf_token = Session::get('csrf_token');
if ($max_time + $stored_time <= time() || empty($csrf_token)) {
Session::set('csrf_token', md5(uniqid(rand(), true)));
Session::set('csrf_token_time', time());
}
return Session::get('csrf_token');
}<h4>editUsername</h4>
<!-- echo out the system feedback (error and success messages) -->
<?php
$this->renderFeedbackMessages();
?>
<h4>Change your username</h4>
<form action="<?php
echo Config::get('URL');
?>
user/editUserName_action" method="post">
<!-- btw http://stackoverflow.com/questions/774054/should-i-put-input-tag-inside-label-tag -->
<label>
New username: <input type="text" name="user_name" required />
</label>
<!-- set CSRF token at the end of the form -->
<input type="hidden" name="csrf_token" value="<?php
echo Csrf::makeToken();
?>
" />
<input type="submit" value="Submit" />
</form>
