csrf::check PHP Method

csrf Class Documentation Usage Examples Of csrf::check Show file Open project: anchorcms/anchor-cms

check() public static method

public static check ( $userToken )

    public static function check($userToken)
    {
        if ($sessionToken = Session::get('csrf_token')) {
            return hash_equals($sessionToken, $userToken);
        }
        return false;
    }

Usage Example

Example #1

Show file

File: account.php Project: Groscheri/csrf-seminar

         // email change successful
         echo '<p style="color:green;">Mail has been successfuly changed!</p>';
     } elseif (!empty($_POST['email'])) {
         // email change request
         $result = user::change_email($_SESSION['user']['id'], $_POST['email']);
         if ($result) {
             redirect('?p=account&action=email&ok');
             die;
         } else {
             echo '<p>Impossible to change email!</p>';
         }
     }
 } elseif ($action == 'delete') {
     if (!empty($_POST['csrf_token'])) {
         $token = $_POST['csrf_token'];
         $valid = csrf::check($token, $_SESSION['token']);
         if ($valid) {
             $result = user::delete($_SESSION['user']['id']);
             if ($result) {
                 redirect('?p=disconnect&delete');
                 die;
             } else {
                 echo '<p>Impossible to delete this account!</p>';
             }
         } else {
             echo '<p style="color:red;">Wrong CSRF token!</p>';
         }
     }
 } else {
     // unknown action
 }

csrf

check

token