Skip to content

Commit

Permalink
fix authorize
Browse files Browse the repository at this point in the history
  • Loading branch information
@musicman3
musicman3 committed May 27, 2023
1 parent df950da commit 7c128fc
Showing 1 changed file with 8 additions and 2 deletions.
10 changes: 8 additions & 2 deletions src/eMarket/model/eMarket/Core/Authorize.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,14 +95,20 @@ public static function csrfToken(): string {
*/
private function csrfVerification(): void {

if (!isset($_SESSION[Settings::$csrf[Settings::path()]])) {
$csrf_session_token = self::csrfToken();
} else {
$csrf_session_token = $_SESSION[Settings::$csrf[Settings::path()]];
}

if (Valid::isPOST()) {
if (!Valid::inPOST('csrf_token') || Valid::inPOST('csrf_token') != $_SESSION[Settings::$csrf[Settings::path()]]) {
if (!Valid::inPOST('csrf_token') || Valid::inPOST('csrf_token') != $csrf_session_token) {
echo 'CSRF Token Error!';
exit;
}
}
if (Valid::isPostJson()) {
if (!Valid::inPostJson('csrf_token') || Valid::inPostJson('csrf_token') != $_SESSION[Settings::$csrf[Settings::path()]]) {
if (!Valid::inPostJson('csrf_token') || Valid::inPostJson('csrf_token') != $csrf_session_token) {
echo 'CSRF Token Error!';
exit;
}
Expand Down

0 comments on commit 7c128fc

Please sign in to comment.