function osc_csrfguard_generate_token() { $token_name = Session::newInstance()->_get('token_name'); if ($token_name != '' && Session::newInstance()->_get($token_name) != '') { return array($token_name, Session::newInstance()->_get($token_name)); } $unique_token_name = osc_csrf_name() . "_" . mt_rand(0, mt_getrandmax()); if (function_exists("hash_algos") and in_array("sha512", hash_algos())) { $token = hash("sha512", mt_rand(0, mt_getrandmax())); } else { $token = ''; for ($i = 0; $i < 128; ++$i) { $r = mt_rand(0, 35); if ($r < 26) { $c = chr(ord('a') + $r); } else { $c = chr(ord('0') + $r - 26); } $token .= $c; } } Session::newInstance()->_set('token_name', $unique_token_name); Session::newInstance()->_set($unique_token_name, $token); return array($unique_token_name, $token); }
/** * Create a CSRF token to be placed in a url * * @since 3.1 * @return string */ function osc_csrf_token_url() { $name = osc_csrf_name() . "_" . mt_rand(0, mt_getrandmax()); $token = osc_csrfguard_generate_token($name); return "CSRFName=" . $name . "&CSRFToken=" . $token; }