From 58959c6d00812e2b7737abb480389a4118647092 Mon Sep 17 00:00:00 2001
From: sheychen <sheychen.public@gmail.com>
Date: Wed, 27 Jun 2018 19:20:18 +0200
Subject: [PATCH] Fix csrf on hand made error

---
 src/Form.php | 26 ++++++++++++++++----------
 1 file changed, 16 insertions(+), 10 deletions(-)

diff --git a/src/Form.php b/src/Form.php
index 6107f84..d3d3482 100644
--- a/src/Form.php
+++ b/src/Form.php
@@ -17,13 +17,7 @@ class Form {
 
     public function __construct(string $name, string $path, string $extention = null, bool $folder = true, array $sets = array()){
         $this->name = $name;
-        if(session_status() == PHP_SESSION_NONE) session_start(); //TODO: create Krutsh\Session
-        if(isset($_SESSION[static::$csrfSession][$name])){
-            $this->csrfToken = $_SESSION[static::$csrfSession][$name];
-        }else{
-            $this->csrfToken = base64_encode(random_bytes(6));
-            $_SESSION[static::$csrfSession][$name] = $this->csrfToken;
-        }
+        $this->resetCsrf();
         $tpl = new Html($path, $extention, $folder);
         $tpl->set($name, $this)
             ->sets($sets)
@@ -31,6 +25,16 @@ class Form {
         return $this;
     }
 
+    public function resetCsrf(){
+        if(session_status() == PHP_SESSION_NONE) session_start(); //TODO: create Krutsh\Session
+        if(isset($_SESSION[static::$csrfSession][$this->name])){
+            $this->csrfToken = $_SESSION[static::$csrfSession][$this->name];
+        }else{
+            $this->csrfToken = base64_encode(random_bytes(6));
+            $_SESSION[static::$csrfSession][$this->name] = $this->csrfToken;
+        }
+    }
+
     public static function sanitize(array $data) : array{
         $return = array();
         foreach($data as $key => $value){
@@ -52,7 +56,7 @@ class Form {
             $value = isset($data[$element->name()]) ? $data[$element->name()] : null;
             $return = $element->valid($value);
             if($return !== true){
-                $this->error('Le champ '.$element->name().' est '.$return.'.');
+                $this->error('Le champ '.$element->name().' est '.$return.'.', false);
                 $valid = false;
             }else{
                 $element->value($value);
@@ -60,12 +64,14 @@ class Form {
         }
         if($valid)
             unset($_SESSION[static::$csrfSession][$this->name]);
-            
+
         return $valid;
     }
 
-    public function error(string $error){
+    public function error(string $error, bool $reset = true){
         $this->errors[] = $error;
+        if($reset)
+            $this->resetCsrf();
     }
 
     public function name() : string{