define('DATABASE_PASS', $database_config['password']); define('DATABASE_SERVER', $database_config['host']); // register apps $GLOBALS['APPS'] = $config['apps']; // define production secret key define('SECRET', $config['secret']); session_start(); if (isset($_SESSION['CSRF']) !== true) { $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; $charactersLength = strlen($characters); $randomString = ''; for ($i = 0; $i < 32; $i++) { $randomString .= $characters[rand(0, $charactersLength - 1)]; } $_SESSION['CSRF'] = hash('sha512', time() . '' . $randomString); } define('CSRF', $_SESSION['CSRF']); if ($_SERVER['REQUEST_METHOD'] !== 'GET') { if (!isset($_REQUEST['csrf_token']) || $_REQUEST['csrf_token'] !== $_SESSION['CSRF']) { header('HTTP/1.1 403 Forbidden'); exit; } } // include template require_once 'includes/TemplateFunctions.php'; $tmpl = new TemplateFunctions(); define('TEMPLATE_PATH', $tmpl->get_current_template_path()); define('STATIC_PATH', $tmpl->get_static_path()); define('THEME', $tmpl->get_current_theme()); $tmpl->run();