A lot of things

This commit is contained in:
2026-06-16 16:21:43 +02:00
parent 4f9f6c63b3
commit 7e1e26f20b
126 changed files with 7917 additions and 204 deletions

View File

@@ -195,9 +195,9 @@ class XenforoService {
}
private function hashCSRFToken( string $token ): string
private function hashCSRFToken( string $token, int $timestamp ): string
{
return hash_hmac('md5', $token . time(), config('app.xf_salt') );
return hash_hmac('md5', $token . $timestamp, config('app.xf_salt') );
}
public function getCSRFToken(): string
{
@@ -207,6 +207,28 @@ class XenforoService {
Cookie::queue('xf_csrf', $token, 0, '/', config('session.domain'), 0, false, false );
}
return time() . ',' . $this->hashCSRFToken($token);
$timestamp = time();
return $timestamp . ',' . $this->hashCSRFToken($token, $timestamp);
}
public function verifyCSRFToken( string $requestToken ): bool
{
$token = Cookie::get('xf_csrf');
if( !$token ){
return false;
}
try {
[$timestamp, $hash] = explode(',', $requestToken);
} catch (\Throwable $th) {
return false;
}
$timestamp = intval($timestamp);
$currentTimestamp = time();
if( abs( $currentTimestamp - $timestamp ) > 3600 )
return false;
return $hash === $this->hashCSRFToken($token, $timestamp);
}
}