Add CSRF token to password change page

2025-03-01 10:31:47 +00:00 · 2016-06-24 22:39:39 +01:00
parent f98af5c60b
commit 5c2492e785
3 changed files with 52 additions and 17 deletions
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -1,5 +1,25 @@
 <?php

+/**
+*
+* Add CSRF Token to form
+*
+*/
+function CSRFToken() {
+?>
+<input type="hidden" name="csrf_token" value="<?php echo $csrf_token; ?>" />
+<?php
+}
+
+/**
+*
+* Validate CSRF Token
+*
+*/
+function CSRFValidate() {
+  return hash_equals($_POST['csrf_token'], $_SESSION['csrf_token']);
+}
+
 /**
 *
 * @param string $input