public static function unique_id($extra = 'unique') { $val = self::$_rand_seed . microtime(); $val = md5($val); self::$_rand_seed = md5(self::$_rand_seed . $val . $extra); if (self::$_dss_seeded !== true and self::$_rand_seed_last_update < time() - rand(1, 10)) { self::$_rand_seed_last_update = time(); self::$_dss_seeded = true; } return substr($val, 4, 16); }
public static function anti_forgery_token($new = FALSE) { $session = Session::instance(); $config = Kohana::$config->load('security'); $token_name = $config->get('csrf_token_name', 'request-verification-token'); $csrf_token = $session->get($token_name); if ($new === TRUE or !$csrf_token) { $csrf_key = $config->get('csrf_key', Security::token(TRUE)); $csrf_token = Crypto_Hash_Simple::compute_hash($csrf_key); $session->set($token_name, $csrf_token); } return Form::hidden($token_name, $csrf_token, array('id' => $token_name)); }
protected function validate_anti_forgery_token() { $config = Kohana::$config->load('security'); $token_name = $config->get('csrf_token_name', 'request-verification-token'); $csrf_key = $config->get('csrf_key', Security::token()); if ($this->request->is_ajax()) { $csrf_token = $this->request->headers($token_name); } else { $csrf_token = $this->request->post($token_name); } return Crypto_Hash_Simple::verify_hash($csrf_key, $csrf_token); }