Permalink
Browse files

minor revisions / increased token strength

  • Loading branch information...
mepsinas committed Oct 11, 2016
1 parent b0ce5d1 commit 5a48fbe61fb5d6d3ede03a7bcb752ff8a3fbe72e
Showing with 18 additions and 4 deletions.
  1. +1 −1 README.md
  2. +16 −2 lib/framework/FormHandler.php
  3. +1 −1 public/ss/styles.css
View
@@ -4,7 +4,7 @@ Nano is an MVP-based framework, ideal for organizing projects with virtually no
## Installation
Nano requires PHP >= 5.4. After downloading, you'll find the following file structure.
Nano has a minimum requirement of PHP >= 5.4, but PHP 7 is strongly recommended. After downloading, you'll find the following file structure.
* **lib**
* **framework**
@@ -44,9 +44,23 @@ private function origin($depth)
}
// generate a unique CSRF token
private function getToken()
private function getToken($length = 40)
{
return hash('sha1', uniqid(mt_rand(), true));
$result = false;
if (function_exists('random_bytes')) {
$result = bin2hex(random_bytes($length)); // php 7
} elseif (function_exists('mcrypt_create_iv')) {
$result = bin2hex(mcrypt_create_iv($length, MCRYPT_DEV_URANDOM));
} elseif (function_exists('openssl_random_pseudo_bytes')) {
$result = bin2hex(openssl_random_pseudo_bytes($length));
} else {
// fallback, more predictable
for ($i = 0; $i < $length; $i++) {
$result .= chr(mt_rand(0, 255));
}
}
return $result;
}
// check for valid form submission: POST request & matching CSRF token
View
@@ -1,6 +1,6 @@
/* template */
body {
background-color: #f0f0e5;
background-color: #f0f0ff;
color: #323434;
font-family: 'Noto Sans', sans-serif;
font-size: 15px;

0 comments on commit 5a48fbe

Please sign in to comment.