41 private $token = null;
50 public function __construct($keyName =
'xh_csrf_token', $perRequest =
false)
52 $this->keyName = $keyName;
55 if (isset($_SESSION[$this->keyName])) {
56 $this->token = $_SESSION[$this->keyName];
71 if (!isset($this->token)) {
72 $this->token = md5(uniqid(rand()));
74 $o =
'<input type="hidden" name="' . $this->keyName .
'" value="' 75 . $this->token .
'">';
87 $submittedToken = isset($_POST[$this->keyName])
88 ? $_POST[$this->keyName]
89 : (isset($_GET[$this->keyName]) ? $_GET[$this->keyName] :
'');
91 if (!isset($_SESSION[$this->keyName])
92 || $submittedToken != $_SESSION[$this->keyName]
94 header(
'HTTP/1.0 403 Forbidden');
106 if (isset($this->token)) {
108 $_SESSION[$this->keyName] = $this->token;
__construct($keyName='xh_csrf_token', $perRequest=false)