Csrf::makeToken() - Code Metrics - panique/huge - Measure and Improve Code Quality continuously with Scrutinizer

Csrf::makeToken() A
last analyzed 2020-05-13 16:02 UTC

↳ Parent: Csrf

Complexity

Conditions	3
Paths	2

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
dl	0
loc	14
rs	9.7998
c	0
b	0
f	0
cc	3
nc	2
nop	0

<?php

/**
 * Cross Site Request Forgery Class
 *
 */

/**
 * Instructions:
 *
 * At your form, before the submit button put:
 * <input type="hidden" name="csrf_token" value="<?= Csrf::makeToken(); ?>" />
 *
 * This validation needed in the controller action method to validate CSRF token submitted with the form:
 *
 * if (!Csrf::isTokenValid()) {
 *     LoginModel::logout();
 *     Redirect::home();
 *     exit();
 * }
 *
 * To get simpler code it might be better to put the logout, redirect, exit into an own (static) method.
 */
class Csrf
{
    /**
     * get CSRF token and generate a new one if expired
     *
     * @access public
     * @static static method
     * @return string
     */
    public static function makeToken()
    {
        // token is valid for 1 day
        $max_time    = 60 * 60 * 24;
        $stored_time = Session::get('csrf_token_time');
        $csrf_token  = Session::get('csrf_token');

        if ($max_time + $stored_time <= time() || empty($csrf_token)) {
            Session::set('csrf_token', md5(uniqid(rand(), true)));
            Session::set('csrf_token_time', time());
        }

        return Session::get('csrf_token');
    }

    /**
     * checks if CSRF token in session is same as in the form submitted
     *
     * @access public
     * @static static method
     * @return bool
     */
    public static function isTokenValid()
    {
        $token = Request::post('csrf_token');
        return $token === Session::get('csrf_token') && !empty($token);
    }
}


1			<?php
2
3			/**
4			* Cross Site Request Forgery Class
5			*
6			*/
7
8			/**
9			* Instructions:
10			*
11			* At your form, before the submit button put:
12			* <input type="hidden" name="csrf_token" value="<?= Csrf::makeToken(); ?>" />
13			*
14			* This validation needed in the controller action method to validate CSRF token submitted with the form:
15			*
16			* if (!Csrf::isTokenValid()) {
17			* LoginModel::logout();
18			* Redirect::home();
19			* exit();
20			* }
21			*
22			* To get simpler code it might be better to put the logout, redirect, exit into an own (static) method.
23			*/
24			class Csrf
25			{
26			/**
27			* get CSRF token and generate a new one if expired
28			*
29			* @access public
30			* @static static method
31			* @return string
32			*/
33			public static function makeToken()
34			{
35			// token is valid for 1 day
36			$max_time = 60 * 60 * 24;
37			$stored_time = Session::get('csrf_token_time');
38			$csrf_token = Session::get('csrf_token');
39
40			if ($max_time + $stored_time <= time() \|\| empty($csrf_token)) {
41			Session::set('csrf_token', md5(uniqid(rand(), true)));
42			Session::set('csrf_token_time', time());
43			}
44
45			return Session::get('csrf_token');
46			}
47
48			/**
49			* checks if CSRF token in session is same as in the form submitted
50			*
51			* @access public
52			* @static static method
53			* @return bool
54			*/
55			public static function isTokenValid()
56			{
57			$token = Request::post('csrf_token');
58			return $token === Session::get('csrf_token') && !empty($token);
59			}
60			}
61

panique / huge

GitHub Access Token became invalid

Csrf::makeToken() A last analyzed 2020-05-13 16:02 UTC

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like

Csrf::makeToken() A
last analyzed 2020-05-13 16:02 UTC