<?php require_once '../include/json-header.php'; $data = ensure_privileged_api_data(); $expiritaion = time() + 3600; // Valid for one hour. $_COOKIE['CSRFSalt'] = rand(); $_COOKIE['CSRFExpiration'] = $expiritaion; setcookie('CSRFSalt', $_COOKIE['CSRFSalt']); setcookie('CSRFExpiration', $expiritaion); exit_with_success(array('user' => remote_user_name($data), 'token' => compute_token(), 'expiration' => $expiritaion * 1000));
function verify_token($token) { $expected_token = compute_token(); return $expected_token && $token == $expected_token && $_COOKIE['CSRFExpiration'] > time(); }