First version, for githup; UNSTABLE, DO NOT USE!

scripts/csrf_functions.php

@@ -0,0 +1,16 @@
+<?php
+function csrf_token() {
+    if (session_status() === PHP_SESSION_NONE) session_start();
+    if (empty($_SESSION['csrf_token'])) {
+        $_SESSION['csrf_token'] = bin2hex(random_bytes(64));
+    }
+    return $_SESSION['csrf_token'];
+}
+
+function verify_csrf() {
+    if (!isset($_POST['csrf_token']) ||
+        !hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
+        return false;
+    }
+    return true;
+}