public static function makeToken()
{
// token is valid for 1 day
$max_time = 60 * 60 * 24;
$stored_time = Session::get('csrf_token_time');
$csrf_token = Session::get('csrf_token');
if ($max_time + $stored_time <= time() || empty($csrf_token)) {
Session::set('csrf_token', md5(uniqid(rand(), true)));
Session::set('csrf_token_time', time());
}
return Session::get('csrf_token');
}
<h4>editUsername</h4> <!-- echo out the system feedback (error and success messages) --> <?php $this->renderFeedbackMessages(); ?> <h4>Change your username</h4> <form action="<?php echo Config::get('URL'); ?> user/editUserName_action" method="post"> <!-- btw http://stackoverflow.com/questions/774054/should-i-put-input-tag-inside-label-tag --> <label> New username: <input type="text" name="user_name" required /> </label> <!-- set CSRF token at the end of the form --> <input type="hidden" name="csrf_token" value="<?php echo Csrf::makeToken(); ?> " /> <input type="submit" value="Submit" /> </form>