true, 'secure' => $isHttps, 'samesite' => 'Lax', ]); session_start(); } function e($value) { return htmlspecialchars((string)$value, ENT_QUOTES, 'UTF-8'); } function getCsrfToken() { if (empty($_SESSION['csrf_token'])) { $_SESSION['csrf_token'] = bin2hex(random_bytes(32)); } return $_SESSION['csrf_token']; } function csrfInput() { return ''; } function isValidCsrfToken($token) { return is_string($token) && hash_equals(getCsrfToken(), $token); } function requireCsrfToken($token = null) { if (!isValidCsrfToken($token ?? ($_POST['csrf_token'] ?? null))) { http_response_code(403); exit('Blad bezpieczenstwa: nieprawidlowy token formularza.'); } } function checkAuth() { if (!isset($_SESSION['user_id'])) { header("Location: login.php"); exit(); } } function checkAdmin() { if (!isset($_SESSION['role']) || $_SESSION['role'] !== 'admin') { http_response_code(403); exit('Blad: Brak uprawnien administratora.'); } } ?>