fix authorize

musicman3 · May 26, 2023 · df950da · df950da
1 parent 428ff6c
commit df950da
Showing 1 changed file with 3 additions and 6 deletions.
diff --git a/src/eMarket/model/eMarket/Core/Authorize.php b/src/eMarket/model/eMarket/Core/Authorize.php
@@ -45,14 +45,13 @@ public function __construct() {
         }
 
         session_start();
+        $this->csrfVerification();
 
         if (Settings::path() == 'admin' && Valid::inGET('route') != 'login') {
-            $this->csrfVerification();
             $this->admin();
         }
 
         if (Settings::path() == 'catalog') {
-            $this->csrfVerification();
             $this->catalog();
             new Cart();
         }
@@ -96,16 +95,14 @@ public static function csrfToken(): string {
      */
     private function csrfVerification(): void {
 
-        $csrf_session_token = $_SESSION[Settings::$csrf[Settings::path()]];
-
         if (Valid::isPOST()) {
-            if (!Valid::inPOST('csrf_token') || Valid::inPOST('csrf_token') != $csrf_session_token) {
+            if (!Valid::inPOST('csrf_token') || Valid::inPOST('csrf_token') != $_SESSION[Settings::$csrf[Settings::path()]]) {
                 echo 'CSRF Token Error!';
                 exit;
             }
         }
         if (Valid::isPostJson()) {
-            if (!Valid::inPostJson('csrf_token') || Valid::inPostJson('csrf_token') != $csrf_session_token) {
+            if (!Valid::inPostJson('csrf_token') || Valid::inPostJson('csrf_token') != $_SESSION[Settings::$csrf[Settings::path()]]) {
                 echo 'CSRF Token Error!';
                 exit;
             }