Csrf - Code Metrics - panique/huge - Measure and Improve Code Quality continuously with Scrutinizer

Csrf A
last analyzed 2020-05-13 16:02 UTC

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	37
Duplicated Lines	0 %

Coupling/Cohesion

Components	0
Dependencies	2

Importance

Changes

Metric	Value
wmc	5
lcom	0
cbo	2
dl	0
loc	37
rs	10
c	0
b	0
f	0

2 Methods

Rating	Name	Duplication	Size	Complexity
A	makeToken()	0	14	3
A	isTokenValid()	0	5	2

<?php

/**
 * Cross Site Request Forgery Class
 *
 */

/**
 * Instructions:
 *
 * At your form, before the submit button put:
 * <input type="hidden" name="csrf_token" value="<?= Csrf::makeToken(); ?>" />
 *
 * This validation needed in the controller action method to validate CSRF token submitted with the form:
 *
 * if (!Csrf::isTokenValid()) {
 *     LoginModel::logout();
 *     Redirect::home();
 *     exit();
 * }
 *
 * To get simpler code it might be better to put the logout, redirect, exit into an own (static) method.
 */
class Csrf
{
    /**
     * get CSRF token and generate a new one if expired
     *
     * @access public
     * @static static method
     * @return string
     */
    public static function makeToken()
    {
        // token is valid for 1 day
        $max_time    = 60 * 60 * 24;
        $stored_time = Session::get('csrf_token_time');
        $csrf_token  = Session::get('csrf_token');

        if ($max_time + $stored_time <= time() || empty($csrf_token)) {
            Session::set('csrf_token', md5(uniqid(rand(), true)));
            Session::set('csrf_token_time', time());
        }

        return Session::get('csrf_token');
    }

    /**
     * checks if CSRF token in session is same as in the form submitted
     *
     * @access public
     * @static static method
     * @return bool
     */
    public static function isTokenValid()
    {
        $token = Request::post('csrf_token');
        return $token === Session::get('csrf_token') && !empty($token);
    }
}


1			<?php
2
3			/**
4			* Cross Site Request Forgery Class
5			*
6			*/
7
8			/**
9			* Instructions:
10			*
11			* At your form, before the submit button put:
12			* <input type="hidden" name="csrf_token" value="<?= Csrf::makeToken(); ?>" />
13			*
14			* This validation needed in the controller action method to validate CSRF token submitted with the form:
15			*
16			* if (!Csrf::isTokenValid()) {
17			* LoginModel::logout();
18			* Redirect::home();
19			* exit();
20			* }
21			*
22			* To get simpler code it might be better to put the logout, redirect, exit into an own (static) method.
23			*/
24			class Csrf
25			{
26			/**
27			* get CSRF token and generate a new one if expired
28			*
29			* @access public
30			* @static static method
31			* @return string
32			*/
33			public static function makeToken()
34			{
35			// token is valid for 1 day
36			$max_time = 60 * 60 * 24;
37			$stored_time = Session::get('csrf_token_time');
38			$csrf_token = Session::get('csrf_token');
39
40			if ($max_time + $stored_time <= time() \|\| empty($csrf_token)) {
41			Session::set('csrf_token', md5(uniqid(rand(), true)));
42			Session::set('csrf_token_time', time());
43			}
44
45			return Session::get('csrf_token');
46			}
47
48			/**
49			* checks if CSRF token in session is same as in the form submitted
50			*
51			* @access public
52			* @static static method
53			* @return bool
54			*/
55			public static function isTokenValid()
56			{
57			$token = Request::post('csrf_token');
58			return $token === Session::get('csrf_token') && !empty($token);
59			}
60			}
61

panique / huge

GitHub Access Token became invalid

Csrf A last analyzed 2020-05-13 16:02 UTC

Complexity

Size/Duplication

Coupling/Cohesion

Importance

2 Methods

Duplication Side-by-Side

Filter issues like

Csrf A
last analyzed 2020-05-13 16:02 UTC