0) $r.=$a{mt_rand(0,$l)}; return $r; } function are_you_sure($query_string, $question) { $token = random_string(20); $_SESSION['are_you_sure_token'] = $token; output("
\n"); output("

{$question}
\n"); output("\n"); output("\n

\n"); output("
\n"); } function user_is_sure() { if (isset($_POST['really'])) { if ($_POST['random_token'] == $_SESSION['are_you_sure_token']) return true; else system_failure("Possible Cross-site-request-forgery detected!"); } elseif (isset($_POST['not_really'])) return false; else return NULL; } function generate_form_token($form_id) { require_once("inc/debug.php"); $sessid = session_id(); if ($sessid == "") { DEBUG("Uh? Session not running? Wtf?"); return ''; } if (! isset($_SESSION['session_token'])) $_SESSION['session_token'] = random_string(10); $session_token = $_SESSION['session_token']; $formtoken = hash('sha256', $sessid.$form_id.$session_token); return ''."\n"; } function check_form_token($form_id) { $formtoken = $_POST['formtoken']; $sessid = session_id(); if ($sessid == "") { DEBUG("Uh? Session not running? Wtf?"); return ''; } $session_token = $_SESSION['session_token']; $correct_formtoken = hash('sha256', $sessid.$form_id.$session_token); if (! ($formtoken == $correct_formtoken)) system_failure("Possible cross-site-request-forgery!"); } ?>