/**
* Shortcut for CSRF functions
*
* @param string $type - either "set" or "check" CSRF key
* @param string $script - optional name of page using the key
* @param int $life - minutes before the token expires
* @return string $key (if using $type "fetch")
*/
public function csrf($type = 'check', $script = '', $life = 60)
{
// check whether we are specifically being told not to create a newToken first
// this is required for many js scripts ajaxing back Hotaru and accidentaly setting a new token in session state, preventing form from posting correctly on csrf check
// if(isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest') {
// return true;
// }
// above ajax test didnt work so use this hard set test
$newToken = $this->cage->post->testAlnum('newToken');
if ($newToken == 'false') {
return true;
}
$csrf = \csrf::instance();
return $csrf->csrfInit($this, $type, $script, $life);
}
