2024-10-10
This commit is contained in:
17
web/include/csrf_check.php
Normal file
17
web/include/csrf_check.php
Normal file
@@ -0,0 +1,17 @@
|
||||
<?php
|
||||
@session_start();
|
||||
if( $_SERVER['REQUEST_METHOD'] == 'POST'){
|
||||
if( !isset($_SESSION[$OJ_NAME.'_'.'csrf_keys'])
|
||||
|| !is_array($_SESSION[$OJ_NAME.'_'.'csrf_keys'])
|
||||
|| !isset($_POST['csrf'])
|
||||
|| !in_array($_POST['csrf'], $_SESSION[$OJ_NAME.'_'.'csrf_keys'])
|
||||
){
|
||||
http_response_code(403);
|
||||
echo "Invalid csrf token";
|
||||
exit;
|
||||
} else {
|
||||
$index = array_search($_POST['csrf'],$_SESSION[$OJ_NAME.'_'.'csrf_keys']);
|
||||
array_splice($_SESSION[$OJ_NAME.'_'.'csrf_keys'], $index, 1);
|
||||
}
|
||||
}
|
||||
?>
|
||||
Reference in New Issue
Block a user