public static function unique_id($extra = 'unique')
{
$val = self::$_rand_seed . microtime();
$val = md5($val);
self::$_rand_seed = md5(self::$_rand_seed . $val . $extra);
if (self::$_dss_seeded !== true and self::$_rand_seed_last_update < time() - rand(1, 10)) {
self::$_rand_seed_last_update = time();
self::$_dss_seeded = true;
}
return substr($val, 4, 16);
}
public static function anti_forgery_token($new = FALSE)
{
$session = Session::instance();
$config = Kohana::$config->load('security');
$token_name = $config->get('csrf_token_name', 'request-verification-token');
$csrf_token = $session->get($token_name);
if ($new === TRUE or !$csrf_token) {
$csrf_key = $config->get('csrf_key', Security::token(TRUE));
$csrf_token = Crypto_Hash_Simple::compute_hash($csrf_key);
$session->set($token_name, $csrf_token);
}
return Form::hidden($token_name, $csrf_token, array('id' => $token_name));
}
protected function validate_anti_forgery_token()
{
$config = Kohana::$config->load('security');
$token_name = $config->get('csrf_token_name', 'request-verification-token');
$csrf_key = $config->get('csrf_key', Security::token());
if ($this->request->is_ajax()) {
$csrf_token = $this->request->headers($token_name);
} else {
$csrf_token = $this->request->post($token_name);
}
return Crypto_Hash_Simple::verify_hash($csrf_key, $csrf_token);
}
