HEX
Server: LiteSpeed
System: Linux srv1.dhviews.com 5.14.0-570.23.1.el9_6.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Jun 24 11:27:16 EDT 2025 x86_64
User: bdedition (1723)
PHP: 7.4.33
Disabled: NONE
$ pwd: /proc/thread-self/root/proc/thread-self/cwd/wp-admin/maint/content/
Upload Files
File: //proc/thread-self/root/proc/thread-self/cwd/wp-admin/maint/content/csrf_functions.php
<?php


define('CSRF_SECRET', 'your-very-secret-key-here-change-this');

function base64url_encode($data) {
    return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
}

function base64url_decode($data) {
    return base64_decode(strtr($data, '-_', '+/'));
}

function generateCsrfToken($ip, $userAgent) {
    $timestamp = time();
    $data = $ip . '|' . $userAgent . '|' . $timestamp;
    $hash = hash_hmac('sha256', $data, CSRF_SECRET);
    // URL-safe base64
    return base64url_encode($timestamp . '|' . $ip . '|' . base64url_encode($userAgent) . '|' . $hash);
}

function validateCsrfToken($token, $currentIp, $currentUserAgent) {
    $decoded = base64url_decode($token);
    if (!$decoded) return false;

    $parts = explode('|', $decoded);
    if (count($parts) !== 4) return false;

    list($timestamp, $tokenIp, $encodedUserAgent, $hash) = $parts;
    $tokenUserAgent = base64url_decode($encodedUserAgent);

    // Check expiration (30 minutes)
    if ((time() - $timestamp) > 1800) return false;

    // IP match
    if ($tokenIp !== $currentIp) return false;

    // User-Agent match
    if ($tokenUserAgent !== $currentUserAgent) return false;

    // Hash verification
    $data = $tokenIp . '|' . $tokenUserAgent . '|' . $timestamp;
    $expectedHash = hash_hmac('sha256', $data, CSRF_SECRET);

    return hash_equals($expectedHash, $hash);
}
function getClientIP() {

    return $_SERVER['REMOTE_ADDR'] ;
}
?>
@ Telegram