diff options
Diffstat (limited to 'lib/classes/CSRFProtection.php')
| -rw-r--r-- | lib/classes/CSRFProtection.php | 36 |
1 files changed, 35 insertions, 1 deletions
diff --git a/lib/classes/CSRFProtection.php b/lib/classes/CSRFProtection.php index 05532d4..036aa93 100644 --- a/lib/classes/CSRFProtection.php +++ b/lib/classes/CSRFProtection.php @@ -66,7 +66,7 @@ class CSRFProtection if (!isset(self::$storage)) { // w/o a session, throw an exception since we cannot use it if (session_id() === '') { - throw new SessionRequiredException(); + throw new SessionRequiredException(); } self::$storage =& $_SESSION; @@ -180,4 +180,38 @@ class CSRFProtection arrayToHtmlAttributes($attributes) ); } + + /** + * returns a random string token for XSRF prevention + * the string is stored in the session + * + * @static + * @return string + */ + public static function sessionticket() + { + $storage = &self::getStorage(); + + if (empty($storage['studipticket'])) { + $storage['studipticket'] = md5(uniqid('studipticket', 1)); + } + return $storage['studipticket']; + } + + /** + * checks the given string token against the one stored + * in the session + * + * @static + * @param string $studipticket + * @return bool + */ + public static function verifySessionticket($studipticket) + { + $storage = &self::getStorage(); + + $check = (isset($storage['studipticket']) && $storage['studipticket'] === $studipticket); + $storage['studipticket'] = null; + return $check; + } } |