Malawi-Stock-Exchange-API/app/Core/Csrf.php

<?php
namespace App\Core;

class Csrf {
    public static function generate() {
        Session::start();
        if (empty($_SESSION['csrf_token'])) {
            $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
        }
        return $_SESSION['csrf_token'];
    }

    public static function verify($token) {
        Session::start();
        return hash_equals($_SESSION['csrf_token'] ?? '', $token);
    }
}