From 7c128fcb75426181b35b1f93413077177b0987f7 Mon Sep 17 00:00:00 2001
From: musicman3 <micromail@mail.ru>
Date: Sat, 27 May 2023 14:25:38 +0300
Subject: [PATCH] fix authorize

---
 src/eMarket/model/eMarket/Core/Authorize.php | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/eMarket/model/eMarket/Core/Authorize.php b/src/eMarket/model/eMarket/Core/Authorize.php
index 772c54847..f1cda59c1 100644
--- a/src/eMarket/model/eMarket/Core/Authorize.php
+++ b/src/eMarket/model/eMarket/Core/Authorize.php
@@ -95,14 +95,20 @@ public static function csrfToken(): string {
      */
     private function csrfVerification(): void {
 
+        if (!isset($_SESSION[Settings::$csrf[Settings::path()]])) {
+            $csrf_session_token = self::csrfToken();
+        } else {
+            $csrf_session_token = $_SESSION[Settings::$csrf[Settings::path()]];
+        }
+
         if (Valid::isPOST()) {
-            if (!Valid::inPOST('csrf_token') || Valid::inPOST('csrf_token') != $_SESSION[Settings::$csrf[Settings::path()]]) {
+            if (!Valid::inPOST('csrf_token') || Valid::inPOST('csrf_token') != $csrf_session_token) {
                 echo 'CSRF Token Error!';
                 exit;
             }
         }
         if (Valid::isPostJson()) {
-            if (!Valid::inPostJson('csrf_token') || Valid::inPostJson('csrf_token') != $_SESSION[Settings::$csrf[Settings::path()]]) {
+            if (!Valid::inPostJson('csrf_token') || Valid::inPostJson('csrf_token') != $csrf_session_token) {
                 echo 'CSRF Token Error!';
                 exit;
             }