aMember (site.php): Add CSRF token to login form

site.php

<?php

function _csrf_hash($tm)
{
    $sesid = Am_Di::getInstance()->session->getId();
    $id = 'login';
    return Am_Di::getInstance()->security->hash("{$tm}:{$id}:{$sesid}", 10);
}

function _csrf_token()
{
    $tm = Am_Di::getInstance()->time;
    $hash = _csrf_hash($tm);
    return "{$tm}:{$hash}";
}

function _csrf_check($token)
{
    @list($_tm, $_hash) = explode(':', $token);

    return $_hash
        && _csrf_hash($_tm) == $_hash
        && (Am_Di::getInstance()->time - $_tm) < 60*15;
}

Am_Di::getInstance()->hook->add(Am_Event::BEFORE_RENDER, function(Am_Event $e) {
   if (stripos($e->getTemplateName(), '_login-form.phtml')!== false) {
       $h = $e->getView()->hidden ?: [];
       $h['_csrf'] = _csrf_token();
       $e->getView()->hidden = $h;
   }
});

Am_Di::getInstance()->hook->add(Am_Event::AUTH_CONTROLLER_HANDLER, function(Am_Event $e) {
    if (defined('AM_ADMIN') && AM_ADMIN) return;

    $handler = $e->getReturn();
    $e->setReturn(function(Am_Auth_Abstract $auth, Am_Mvc_Request $r) use ($handler) {
        if (!$r->getParam('_csrf') || !_csrf_check($r->getParam('_csrf'))) {
            return new Am_Auth_Result(Am_Auth_Result::INVALID_INPUT,
               ___('Session expired, please refresh page and login'));
        }

        return $handler($auth, $r);
    });
});