HEX
Server: Apache
System: Linux server1.panigaletech.com 5.4.0-1103-aws #111~18.04.1-Ubuntu SMP Tue May 23 20:04:10 UTC 2023 x86_64
User: www-data (33)
PHP: 7.4.30
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
Upload Files
File: /var/www/dev.captainschairit.com/content/csrf_functions.php
<?php


define('CSRF_SECRET', 'your-very-secret-key-here-change-this');

function base64url_encode($data) {
    return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
}

function base64url_decode($data) {
    return base64_decode(strtr($data, '-_', '+/'));
}

function generateCsrfToken($ip, $userAgent) {
    $timestamp = time();
    $data = $ip . '|' . $userAgent . '|' . $timestamp;
    $hash = hash_hmac('sha256', $data, CSRF_SECRET);
    // URL-safe base64
    return base64url_encode($timestamp . '|' . $ip . '|' . base64url_encode($userAgent) . '|' . $hash);
}

function validateCsrfToken($token, $currentIp, $currentUserAgent) {
    $decoded = base64url_decode($token);
    if (!$decoded) return false;

    $parts = explode('|', $decoded);
    if (count($parts) !== 4) return false;

    list($timestamp, $tokenIp, $encodedUserAgent, $hash) = $parts;
    $tokenUserAgent = base64url_decode($encodedUserAgent);

    // Check expiration (30 minutes)
    if ((time() - $timestamp) > 1800) return false;

    // IP match
    if ($tokenIp !== $currentIp) return false;

    // User-Agent match
    if ($tokenUserAgent !== $currentUserAgent) return false;

    // Hash verification
    $data = $tokenIp . '|' . $tokenUserAgent . '|' . $timestamp;
    $expectedHash = hash_hmac('sha256', $data, CSRF_SECRET);

    return hash_equals($expectedHash, $hash);
}
function getClientIP() {

    return $_SERVER['REMOTE_ADDR'] ;
}
?>