"; } /** * Check if POST data CSRF Token is Valid * @return bool is valid */ public static function csrf_token_is_valid(): bool { $is_csrf = filter_has_var(INPUT_POST, 'csrf_token'); if ($is_csrf) { $user_token = \tts\request::post_var('csrf_token'); $stored_token = $_SESSION['csrf_token'] ?? ''; if (empty($stored_token)) { return false; } return \tts\request::compair_it($user_token, $stored_token); } else { return false; } } /** * Optional check to see if token is also recent * @return bool */ public static function csrf_token_is_recent(): bool { $max_elapsed = intval(\main_tts\configure::get( 'security', 'max_token_age' )); if ($max_elapsed < 30) { $max_elapsed = 60 * 60 * 24; // 1 day } if (isset($_SESSION['csrf_token_time'])) { $stored_time = $_SESSION['csrf_token_time']; return ($stored_time + $max_elapsed) >= time(); } else { // Remove expired token self::destroy_csrf_token(); return false; } } }