FRED™  3.0
FRED™: Framework for Rapid and Easy Development
Csrf.php
Go to the documentation of this file.
1 <?php
2 
4 
5 class Csrf extends \Rsi\Fred\Security\Check{
6 
7  public $tokenLengthMin = 32;
8  public $tokenLengthMax = 64;
9 
10  public function check($expected = false){
11  $request = $this->component('request');
12  if(!$request->action || (($token = $request->csrfToken) === $this->token)) return true;
13  if(in_array($token,$invalid_tokens = $this->session->invalidTokens ?: [])) return null;
14  $invalid_tokens[] = $token;
15  $this->session->invalidTokens = $invalid_tokens;
16  return false;
17  }
18 
19  public function clientConfig(){
20  return array_merge(parent::clientConfig(),['token' => $this->token]);
21  }
22 
23  protected function getToken(){
24  $tokens = $this->session->tokens ?: [];
25  if(!array_key_exists($name = $this->component('request')->viewControllerName ?: $this->component('router')->controllerName,$tokens))
26  $this->session->tokens = ($tokens += [$name => \Rsi\Str::random(rand($this->tokenLengthMin,$this->tokenLengthMax))]);
27  return $tokens[$name];
28  }
29 
30 }
check($expected=false)
Definition: Csrf.php:10
component($name)
Get a component (local or default).
Definition: Component.php:80