<?php final class CsrfToken { private $value; public function __construct() { $this->value = bin2hex(random_bytes(32)); $this->createdTime = time(); } public function getCreatedTime(): int { return $this->createdTime; } public function equals($other) { return hash_equals($this->value, (string)$other); } public function __toString() { return $this->value; } } interface CsrfTokenStore { function getCsrfToken(bool $invalidate = false): CsrfToken; } class Session implements CsrfTokenStore { private $csrfTokenLifetime; public function __construct($csrfTokenLifetime = 300) // your basic session wrapper class { $this->csrfTokenLifetime = $csrfTokenLifetime; session_start(); } private function isTokenValid(?CsrfToken $token): bool { return $token instanceof CsrfToken && time() < $token->getCreatedTime() + $this->csrfTokenLifetime; } public function getCsrfToken(bool $invalidate = false): CsrfToken { if (!$this->isTokenValid($_SESSION['csrf_token'] ?? null)) { $_SESSION['csrf_token'] = new CsrfToken(); } $token = $_SESSION['csrf_token']; if ($invalidate) { unset($_SESSION['csrf_token']); } return $token; } } /* to output the token, pass a CsrfTokenStore to the template: <input name="csrftoken" type="hidden" id="csrf_token" value="<?= $tokenStore->getCsrfToken(); ?>"> to verify the token, pass a CsrfTokenStore to the controller - clear the token and generate a new one for this page load if (!$tokenStore->getCsrfToken(true)->equals($_GET['csrf_token'])) throw new Exception(); */
You have javascript disabled. You will not be able to edit any code.
Value for `_results` contains invalid data `array`