corrade-http-templates
/instantMessage/instantMessage.html |
@@ -98,6 +98,7 @@ |
|
<script> |
$(function() { |
$.get('session.php').then((token) => { |
var firstName = $("#firstname"), |
lastName = $("#lastname"), |
tabTemplate = "<li id='#{id}'> \ |
@@ -310,8 +311,8 @@ |
getConversations, |
1000 |
); |
|
}); |
}); |
</script> |
</body> |
|
/instantMessage/sendInstantMessage.php |
@@ -18,6 +18,13 @@ |
## INTERNALS ## |
########################################################################### |
|
# CRSF. |
session_start(); |
if (empty($_POST['token']) || !hash_equals($_SESSION['token'], $_POST['token'])) { |
http_response_code(403); |
die('Forbidden.'); |
} |
|
# Check that we have all the necessary variables. |
if(!isset($_POST['message']) || |
empty($_POST['message']) || |
/instantMessage/session.php |
@@ -0,0 +1,18 @@ |
<?php |
|
########################################################################### |
## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ## |
########################################################################### |
|
session_start(); |
|
if (empty($_SESSION['token'])) { |
if (function_exists('mcrypt_create_iv')) { |
$_SESSION['token'] = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM)); |
} else { |
$_SESSION['token'] = bin2hex(openssl_random_pseudo_bytes(32)); |
} |
} |
|
echo $_SESSION['token']; |
|