synchronizer_token_pattern-php_example/valid.php at master · R0ronoaZoro/synchronizer_token_pattern-php_example · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
<?php

function checkToken($session,$token) {
	$myfile = fopen("authKeys.txt", "r") or die("Unable to open file!");
	$lineToChecked = $session.":".$token;
	$result = false;
	while(! feof($myfile)){
		$line = preg_replace('~[\r\n]+~', '', fgets($myfile));
		if( $lineToChecked === $line ){
			$result = true;
		}
  	}
	fclose($myfile);
	return $result;
}
session_start();

if (!$_SESSION['loggedIn']){
    header('Location:index.php');
}

if ( !empty( $_POST['csrf_token'] ) ) {
    if( checkToken(session_id(),$_POST['csrf_token']) ) {
        echo "Token is Valid";
    }else{
    	//header('Location: error.php');
    	echo "Token is not Valid";
    }
}

?>