From 8569c2b4d5be4ba92ffb59a908b2b4268b4d9572 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 25 Mar 2025 05:17:58 -0700
Subject: [PATCH] Remove CSRF related functions (made obsolete by Token class)

---
 includes/functions.php | 76 ------------------------------------------
 1 file changed, 76 deletions(-)

diff --git a/includes/functions.php b/includes/functions.php
index 54b4939c..6ef53ea4 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -306,82 +306,6 @@ function filter_comments($var)
     return $var[0] != '#';
 }
 
-/**
- * Saves a CSRF token in the session
- */
-function ensureCSRFSessionToken()
-{
-    if (empty($_SESSION['csrf_token'])) {
-        $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
-    }
-}
-
-/**
- * Add CSRF Token to form
- */
-function CSRFTokenFieldTag()
-{
-    $token = htmlspecialchars($_SESSION['csrf_token']);
-    return '<input type="hidden" name="csrf_token" value="' . $token . '">';
-}
-
-/**
- * Retuns a CSRF meta tag (for use with xhr, for example)
- */
-function CSRFMetaTag()
-{
-    $token = htmlspecialchars($_SESSION['csrf_token']);
-    return '<meta name="csrf_token" content="' . $token . '">';
-}
-
-/**
- * Validate CSRF Token
- */
-function CSRFValidate()
-{
-    if (empty($_SESSION['csrf_token']) || !is_string($_SESSION['csrf_token'])) {
-        error_log('Session expired or CSRF token is missing.');
-        header('Location: /login');
-        exit;
-    }
-
-    $post_token = $_POST['csrf_token'] ?? null;
-    $header_token = $_SERVER['HTTP_X_CSRF_TOKEN'] ?? null;
-
-    if (empty($post_token) && is_null($header_token)) {
-        error_log('CSRF token missing in the request');
-        return false;
-    }
-    $request_token = $post_token ?: $header_token;
-
-    if (hash_equals($_SESSION['csrf_token'], $request_token)) {
-        return true;
-    } else {
-        error_log('CSRF token mismatch');
-        return false;
-    }
-}
-
-/**
- * Should the request be CSRF-validated?
- */
-function csrfValidateRequest()
-{
-    $request_method = strtolower($_SERVER['REQUEST_METHOD']);
-    return in_array($request_method, [ "post", "put", "patch", "delete" ]);
-}
-
-/**
- * Handle invalid CSRF
- */
-function handleInvalidCSRFToken()
-{
-    header('HTTP/1.1 500 Internal Server Error');
-    header('Content-Type: text/plain');
-    echo 'Invalid CSRF token';
-    exit;
-}
-
 /**
  * Test whether array is associative
  */