Add CSRF protections to state-changing endpoints

2025-03-18 11:46:23 -04:00
parent f709c23bcc
commit d23cefa8a9
23 changed files with 239 additions and 79 deletions
--- a/config.php
+++ b/config.php
@@ -2,6 +2,9 @@
 session_set_cookie_params(7200); // 2 hours in seconds
 ini_set('session.gc_maxlifetime', 7200);
 session_start();
+if (empty($_SESSION['csrf_token'])) {
+    $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
+}
 // config.php
 define('UPLOAD_DIR', '/var/www/uploads/');
 define('BASE_URL', 'http://yourwebsite/uploads/');