iNaD/csrf.php

## csrf.php
<?php

function create_csrf_field()
{
	$field_hash = hash('sha256', time().'some_salt');
	$hash = hash('sha256', 'some_salt'.time().rand(0,10));
	$_SESSION['csrf_field'] = $field_hash;
	$_SESSION['csrf_hash'] = $hash;
	return '<input type="hidden" name="'.$field_hash.'" value="'.$hash.'">';
}

function check_csrf()
{
	if(isset($_SESSION['csrf_field']) && isset($_SESSION['csrf_hash']) && isset($_POST[$_SESSION['csrf_field']]))
	{
		if($_POST[$_SESSION['csrf_field']] == $_SESSION['csrf_hash'])
			return true;
	}
	return false;
}

## csrf_example.php
<?php
require_once dirname(__FILE__).'/csrf.php';

if(isset($_POST['username']))
{
	if(check_csrf())
	{
		echo 'Put form logic here';
	}
	else
	{
		echo 'Direct Post is not allowed. Use the form to submit your data.';
	}
}
?>
<form method="POST">
	<?php echo create_csrf_field(); ?>
	<input type="text" name="username" value=""><br>
	<input type="submit" value="Login">
</form>
	<?php

	function create_csrf_field()
	{
	$field_hash = hash('sha256', time().'some_salt');
	$hash = hash('sha256', 'some_salt'.time().rand(0,10));
	$_SESSION['csrf_field'] = $field_hash;
	$_SESSION['csrf_hash'] = $hash;
	return '<input type="hidden" name="'.$field_hash.'" value="'.$hash.'">';
	}

	function check_csrf()
	{
	if(isset($_SESSION['csrf_field']) && isset($_SESSION['csrf_hash']) && isset($_POST[$_SESSION['csrf_field']]))
	{
	if($_POST[$_SESSION['csrf_field']] == $_SESSION['csrf_hash'])
	return true;
	}
	return false;
	}
	<?php
	require_once dirname(__FILE__).'/csrf.php';

	if(isset($_POST['username']))
	{
	if(check_csrf())
	{
	echo 'Put form logic here';
	}
	else
	{
	echo 'Direct Post is not allowed. Use the form to submit your data.';
	}
	}
	?>
	<form method="POST">
	<?php echo create_csrf_field(); ?>
	<input type="text" name="username" value=""><br>
	<input type="submit" value="Login">
	</form>