public static function isCSRFTokenValid($requestData)
{
return isset($requestData[self::FIELD_CSRF_TOKEN]) && $requestData[self::FIELD_CSRF_TOKEN] == Authentication::getCSRFToken();
}
protected static function getHeader($isSignedIn)
{
$headerHTML = file_get_contents($isSignedIn ? 'templates/header_signed_in.html' : 'templates/header_signed_out.html');
// prepare hidden field for CSRF attack prevention
$csrfToken = new UI_Form_Hidden(UI_Form::FIELD_CSRF_TOKEN, Authentication::getCSRFToken());
return sprintf($headerHTML, CONFIG_ASSETS_CDN === '' ? URL::toResource('css/') : CONFIG_ASSETS_CDN . 'css/', CONFIG_ASSETS_CDN === '' ? URL::toResource('js/') : CONFIG_ASSETS_CDN . 'js/', URL::toResource('img/'), URL::toDashboard(), URL::toPage('settings'), URL::toPage('sign_out'), $csrfToken->getHTML(), self::getTitle());
}
