corrade-http-templates
| /instantMessage/instantMessage.html |
|---|
| @@ -98,6 +98,7 @@ |
| <script> |
| $(function() { |
| $.get('session.php').then((token) => { |
| var firstName = $("#firstname"), |
| lastName = $("#lastname"), |
| tabTemplate = "<li id='#{id}'> \ |
| @@ -310,8 +311,8 @@ |
| getConversations, |
| 1000 |
| ); |
| }); |
| }); |
| </script> |
| </body> |
| /instantMessage/sendInstantMessage.php |
|---|
| @@ -18,6 +18,13 @@ |
| ## INTERNALS ## |
| ########################################################################### |
| # CRSF. |
| session_start(); |
| if (empty($_POST['token']) || !hash_equals($_SESSION['token'], $_POST['token'])) { |
| http_response_code(403); |
| die('Forbidden.'); |
| } |
| # Check that we have all the necessary variables. |
| if(!isset($_POST['message']) || |
| empty($_POST['message']) || |
| /instantMessage/session.php |
|---|
| @@ -0,0 +1,18 @@ |
| <?php |
| ########################################################################### |
| ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ## |
| ########################################################################### |
| session_start(); |
| if (empty($_SESSION['token'])) { |
| if (function_exists('mcrypt_create_iv')) { |
| $_SESSION['token'] = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM)); |
| } else { |
| $_SESSION['token'] = bin2hex(openssl_random_pseudo_bytes(32)); |
| } |
| } |
| echo $_SESSION['token']; |