Add minimum form displaying time before login

author: Max Kostikov <max@kostikov.co> 2020-07-21 23:59:26 +0200
committer: Max Kostikov <max@kostikov.co> 2020-07-21 23:59:26 +0200
commit: 4db38ec64a44de425d6966cb2b50d487d70b5366 (patch)
tree: bd70754e46c64b330f176519fd9e4eca4f908d29 /include/security.php
parent: 5ea7196e78d08550b3ec93d3b708f915b3b0057f (diff)
download: volse-hubzilla-4db38ec64a44de425d6966cb2b50d487d70b5366.tar.gz
volse-hubzilla-4db38ec64a44de425d6966cb2b50d487d70b5366.tar.bz2
volse-hubzilla-4db38ec64a44de425d6966cb2b50d487d70b5366.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/include/security.php b/include/security.php
index 38cb72263..c9df00f1e 100644
--- a/include/security.php
+++ b/include/security.php
@@ -594,9 +594,11 @@ function check_form_security_token($typename = '', $formname = 'form_security_to
 	$hash = $_REQUEST[$formname];
 
 	$max_livetime = 10800; // 3 hours
+	$min_livetime = 3; // 3 sec
 
 	$x = explode('.', $hash);
-	if (time() > (IntVal($x[0]) + $max_livetime)) return false;
+	if (time() > (IntVal($x[0]) + $max_livetime) || time() < (IntVal($x[0]) + $min_livetime))
+	    return false;
 
 	$sec_hash = hash('whirlpool', App::$observer['xchan_guid'] . ((local_channel()) ? App::$channel['channel_prvkey'] : '') . session_id() . $x[0] . $typename);
author	Max Kostikov <max@kostikov.co>	2020-07-21 23:59:26 +0200
committer	Max Kostikov <max@kostikov.co>	2020-07-21 23:59:26 +0200
commit	4db38ec64a44de425d6966cb2b50d487d70b5366 (patch)
tree	bd70754e46c64b330f176519fd9e4eca4f908d29 /include/security.php
parent	5ea7196e78d08550b3ec93d3b708f915b3b0057f (diff)
download	volse-hubzilla-4db38ec64a44de425d6966cb2b50d487d70b5366.tar.gz volse-hubzilla-4db38ec64a44de425d6966cb2b50d487d70b5366.tar.bz2 volse-hubzilla-4db38ec64a44de425d6966cb2b50d487d70b5366.zip