private function _csrf_validate()
{
// if CSRF protection is enabled (is not boolean FALSE)
if ($this->form_properties['csrf_storage_method'] !== false) {
// reference to the form submission method
global ${'_' . $this->form_properties['method']};
$method =& ${'_' . $this->form_properties['method']};
// if
if (isset($method[$this->form_properties['csrf_token_name']]) && ($this->form_properties['csrf_storage_method'] == 'session' && isset($_SESSION[$this->form_properties['csrf_cookie_name']]) && is_array($_SESSION[$this->form_properties['csrf_cookie_name']]) && count($_SESSION[$this->form_properties['csrf_cookie_name']]) == 2 && $method[$this->form_properties['csrf_token_name']] == $_SESSION[$this->form_properties['csrf_cookie_name']][0] && ($_SESSION[$this->form_properties['csrf_cookie_name']][1] == 0 || $_SESSION[$this->form_properties['csrf_cookie_name']][1] > time()) || $this->form_properties['csrf_storage_method'] == 'cookie' && isset($_COOKIE[$this->form_properties['csrf_cookie_name']]) && $method[$this->form_properties['csrf_token_name']] == $_COOKIE[$this->form_properties['csrf_cookie_name']])) {
return true;
}
// if we get here something was fishy...
return false;
}
// if protection against CSRF attacks is not enabled, pretend nothing happened
return true;
}