Add CSRF protection mechanism

12 years ago · 2e5590ddeb
parent 1a07c64d17
commit 2e5590ddeb
3 changed files with 74 additions and 1 deletions
--- a/base.php
+++ b/base.php
@ -23,6 +23,7 @@ require("include.misc.php");
 require("include.memcache.php");
 require("include.mysql.php");
 require("include.session.php");
+require("include.csrf.php");

 require("class.templater.php");
 require("class.localizer.php");
--- a/class.templater.php
+++ b/class.templater.php
@ -310,7 +310,10 @@ class Templater
 		$template->templatename = $template->basedir . $templatename . $template->extension;;
 		$template->Load($templatename);
 		$template->Localize($localize);
-		return $template->Parse($compile);
+		$result = $template->Parse($compile);
+		$result = CSRF::InsertTokens($result);
+		
+		return $result;
 	}
 	
 	public function Parse($data)
--- a/include.csrf.php
+++ b/include.csrf.php
@ -0,0 +1,69 @@
+<?php
+/*
+ * CPHP is more free software. It is licensed under the WTFPL, which
+ * allows you to do pretty much anything with it, without having to
+ * ask permission. Commercial use is allowed, and no attribution is
+ * required. We do politely request that you share your modifications
+ * to benefit other developers, but you are under no enforced
+ * obligation to do so :)
+ * 
+ * Please read the accompanying LICENSE document for the full WTFPL
+ * licensing text.
+ */
+
+if($_CPHP !== true) { die(); }
+
+class CSRF
+{
+	public static function GenerateToken()
+	{
+		$key = random_string(12);
+		$token = random_string(25);
+		
+		if(!isset($_SESSION['_CPHP_CSRF_KEYS']))
+		{
+			$_SESSION['_CPHP_CSRF_KEYS'] = array();
+		}
+		
+		$_SESSION['_CPHP_CSRF_KEYS'][$key] = $token;
+		
+		return array(
+			'key'	=> $key,
+			'token'	=> $token
+		);
+	}
+	
+	public static function GenerateReplacement($matches)
+	{
+		$pair = CSRF::GenerateToken();
+		
+		return $matches[0] . "
+		<input name=\"_CPHP_CSRF_KEY\" type=\"hidden\" value=\"{$pair['key']}\">
+		<input name=\"_CPHP_CSRF_TOKEN\" type=\"hidden\" value=\"{$pair['token']}\">";
+	}
+	
+	public static function InsertTokens($input)
+	{
+		return preg_replace_callback("/<form[^>]*>(?!\s*<input name=\"_CPHP_CSRF)/i", "CSRF::GenerateReplacement", $input, 1);
+	}
+	
+	public static function VerifyToken()
+	{
+		if(!empty($_POST['_CPHP_CSRF_KEY']) && !empty($_POST['_CPHP_CSRF_TOKEN']))
+		{
+			$key = $_POST['_CPHP_CSRF_KEY'];
+			$token = $_POST['_CPHP_CSRF_TOKEN'];
+			
+			if(empty($_SESSION['_CPHP_CSRF_KEYS'][$key]) || $_SESSION['_CPHP_CSRF_KEYS'][$key] != $token)
+			{
+				throw new CsrfException("The given CSRF token does not match the given CSRF key.");
+			}
+		}
+		else
+		{
+			throw new CsrfException("No CSRF token present in submitted data.");
+		}
+	}
+}
+
+class CsrfException extends Exception {}