diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2016-08-13 21:14:36 +0200 |
|---|---|---|
| committer | Alexandre Alapetite <alexandre@alapetite.fr>
| 2016-08-13 21:14:36 +0200 |
| commit | 967dff535defd2c95bf1be9b48e0b18e3fe6025d (patch) | |
| tree | 8d06dbedc7635e96ba722b9cadfa2ee5fb7cda69 /app/Models/Auth.php | |
| parent | bee833bf524e58ea9cf5309fb89f6f8b30005720 (diff) | |
| parent | cda414ff0f142d180c616eca1e08204e7c9c6ef9 (diff) | |
Merge branch 'FreshRSS/dev' into PostgreSQL
Diffstat (limited to 'app/Models/Auth.php')
| -rw-r--r-- | app/Models/Auth.php | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/app/Models/Auth.php b/app/Models/Auth.php index d689f7cdb..b93942e19 100644 --- a/app/Models/Auth.php +++ b/app/Models/Auth.php @@ -124,6 +124,7 @@ class FreshRSS_Auth { self::$login_ok = false; $conf = Minz_Configuration::get('system'); Minz_Session::_param('currentUser', $conf->default_user); + Minz_Session::_param('csrf'); switch ($conf->auth_type) { case 'form': @@ -156,6 +157,26 @@ class FreshRSS_Auth { $auth_type = $conf->auth_type; return $auth_type === 'form'; } + + public static function csrfToken() { + $csrf = Minz_Session::param('csrf'); + if ($csrf == '') { + $salt = FreshRSS_Context::$system_conf->salt; + $csrf = sha1($salt . uniqid(mt_rand(), true)); + Minz_Session::_param('csrf', $csrf); + } + return $csrf; + } + public static function isCsrfOk($token = null) { + $csrf = Minz_Session::param('csrf'); + if ($csrf == '') { + return true; //Not logged in yet + } + if ($token === null) { + $token = Minz_Request::fetchPOST('_csrf'); + } + return $token === $csrf; + } } |