Deleted pun_csrf_token() and check_csrf()
This commit is contained in:
Visman
parent
3414c6a0ce
commit
7f3d9ddeca
1 changed files with 0 additions and 28 deletions
|
|
@ -1288,34 +1288,6 @@ function pun_hash($str)
|
|||
}
|
||||
|
||||
|
||||
//
|
||||
// Compute a random hash used against CSRF attacks
|
||||
//
|
||||
function pun_csrf_token()
|
||||
{
|
||||
global $pun_user;
|
||||
static $token;
|
||||
|
||||
if (!isset($token))
|
||||
$token = pun_hash($pun_user['id'].$pun_user['password'].pun_hash(get_remote_address()));
|
||||
|
||||
return $token;
|
||||
}
|
||||
|
||||
//
|
||||
// Check if the CSRF hash is correct
|
||||
//
|
||||
function check_csrf($token)
|
||||
{
|
||||
global $lang_common;
|
||||
|
||||
$is_hash_authorized = hash_equals($token, pun_csrf_token());
|
||||
|
||||
if (!isset($token) || !$is_hash_authorized)
|
||||
message($lang_common['Bad csrf hash'], false, '404 Not Found');
|
||||
}
|
||||
|
||||
|
||||
//
|
||||
// Try to determine the correct remote IP-address
|
||||
//
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue