From a446cfd9c1f50a2ae196f00fdd8391602907a53c Mon Sep 17 00:00:00 2001
From: Anonymous Contributor <anonymous@invalid>
Date: Wed, 23 Aug 2023 18:16:34 +0200
Subject: [PATCH] Generate CSRF token on session start

---
 index.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/index.php b/index.php
index 9877be3..4284189 100644
--- a/index.php
+++ b/index.php
@@ -10,7 +10,11 @@ session_set_cookie_params([
 	'secure' => true,
 	'samesite' => 'Lax'
 ]);
+
 session_start();
+if(!isset($_SESSION['csrf']) || strlen($_SESSION['csrf'] != 64)) {
+	$_SESSION['csrf'] = bin2hex(random_bytes(32));
+}
 
 include_once 'classen/MAIL/PHPMailer.php';
 include_once 'classen/MAIL/SMTP.php';