CSRFトークンの追加

util.php

@@ -160,6 +160,24 @@ if (AUTH_ENABLED) {
 
     return $color.$suffix;
   }
+
+  function make_csrf_token(?bool $force = false): string {
+    if (null !== getcookie('csrf_token') && !$force) return getcookie('csrf_token');
+    $token = bin2hex(random_bytes(32));
+    setcookie('csrf_token', $token, [
+      'expires' => time() + 300, // 5分
+      'path' => '/',
+      'domain' => $_SERVER['SERVER_NAME'],
+      'secure' => (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off'),
+      'httponly' => true,
+      'samesite' => 'Strict'
+    ]);
+    return $token;
+  }
+
+  function verify_csrf_token(string $token): bool {
+    return hash_equals(getcookie('csrf_token'), $token);
+  }
 }
 
 function count_special_chars(string $str): int {