ReallyNotARussianSpy · June 5, 2018 19:14
diff --git a/isTokenValid.php b/isTokenValid.php
 <?php

    /**
     * Returns whether the given CSRF token is valid
     *
     * @param string  $token  The CSRF token given by the client
     * 
     * @author Scott Reed <[email protected]>
     * @return boolean
     */ 
    function isTokenValid($token)
    {
        $client_csrf_token = Mage::getModel('core/cookie')->get('csrf_token');
        $cfduid = Mage::getModel('core/cookie')->get('__cfduid');

        $shared_secret = '$F#$f34#I$&Y#$&#YF8#&4tf86#$KJSHFJKSHDFKLSDHFKHSFW$F$^GSKDFSJFDFJHWWFSDFPjay';
        $valid_token = hash('sha256', $cfduid . $shared_secret);

        if ($client_csrf_token == $valid_token) {
            return true;
        }
        return false;
    }
	<?php

	/**
	* Returns whether the given CSRF token is valid
	*
	* @param string $token The CSRF token given by the client
	*
	* @author Scott Reed <[email protected]>
	* @return boolean
	*/
	function isTokenValid($token)
	{
	$client_csrf_token = Mage::getModel('core/cookie')->get('csrf_token');
	$cfduid = Mage::getModel('core/cookie')->get('__cfduid');

	$shared_secret = '$F#$f34#I$&Y#$&#YF8#&4tf86#$KJSHFJKSHDFKLSDHFKHSFW$F$^GSKDFSJFDFJHWWFSDFPjay';
	$valid_token = hash('sha256', $cfduid . $shared_secret);

	if ($client_csrf_token == $valid_token) {
	return true;
	}
	return false;
	}