move csrf token initialization into function

2025-03-01 10:31:47 +00:00 · 2019-07-30 17:38:33 +02:00
parent d53517a34a
commit b9e9b7fe39
2 changed files with 15 additions and 7 deletions
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -54,6 +54,20 @@ function safefilerewrite($fileName, $dataToSave)
    }
 }

+/**
+* Saves a CSRF token in the session
+*/
+function ensureCSRFSessionToken()
+{
+    if (empty($_SESSION['csrf_token'])) {
+        if (function_exists('mcrypt_create_iv')) {
+            $_SESSION['csrf_token'] = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
+        } else {
+            $_SESSION['csrf_token'] = bin2hex(openssl_random_pseudo_bytes(32));
+        }
+    }
+}
+
 /**
 *
 * Add CSRF Token to form