11 $_SESSION[
'csrf_token'] = generateCsrf();
18function sessionExists() {
19 if (version_compare(phpversion(),
'5.4.0',
'>')) {
20 return session_id() !==
'';
22 return session_status() === PHP_SESSION_ACTIVE;
30function generateCsrf() {
31 if (version_compare(phpversion(),
'7.0.0',
'>=')) {
32 $random = generateRandom();
33 if($random !==
false)
return $random;
36 if (function_exists(
'mcrypt_create_iv')) {
37 return generateMcrypt();
40 return generateOpenssl();
48function generateRandom() {
50 return bin2hex(random_bytes(32));
51 }
catch (Exception $e) {
60function generateMcrypt() {
61 return bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
68function generateOpenssl() {
69 return bin2hex(openssl_random_pseudo_bytes(32));
79 if(!sessionExists()) {
83 if(!array_key_exists(
'csrf_token', $_SESSION)) {
87 return $_SESSION[
'csrf_token'];
94function getCsrfField() {
95 return sprintf(
"<input type=\"hidden\" name=\"csrf_token\" value=\"%s\">", getCsrf());
103function verifyCsrf($csrf_token) {
104 $current_csrf = getCsrf();
106 if(function_exists(
'hash_equals')) {
107 return hash_equals($current_csrf, $csrf_token);
110 return $current_csrf === $csrf_token;
117function verifyCsrfPost() {
118 return (isset($_POST[
'csrf_token']) && verifyCsrf($_POST[
'csrf_token']));