exists('SESSION.' . self::TOKEN_NAME)) { $token = bin2hex(random_bytes(32)); $f3->set('SESSION.' . self::TOKEN_NAME, $token); } return $f3->get('SESSION.' . self::TOKEN_NAME); } public static function verify(?string $submitted_token): bool { $f3 = \Base::instance(); $session_token = $f3->get('SESSION.' . self::TOKEN_NAME); if(empty($submitted_token) || empty($session_token)){ return false; } if(hash_equals($session_token, $submitted_token)){ $f3->clear('SESSION.' . self::TOKEN_NAME); return true; } return false; } public static function field(): string { return ''; } }