easystream-main/f_core/config.security.php

<?php
// Security configuration
if (!defined("_VALID_ACCESS")) { exit("Direct access not allowed"); }

// Security settings
$cfg["security_salt"] = "change_this_salt_" . md5(__FILE__);
$cfg["session_timeout"] = 3600; // 1 hour
$cfg["max_login_attempts"] = 5;
$cfg["password_min_length"] = 8;
$cfg["csrf_protection"] = true;
$cfg["secure_cookies"] = true;
$cfg["session_regenerate"] = true;

// CSRF token generation
if (!function_exists("generate_csrf_token")) {
    function generate_csrf_token() {
        if (!isset($_SESSION["csrf_token"])) {
            $_SESSION["csrf_token"] = bin2hex(random_bytes(32));
        }
        return $_SESSION["csrf_token"];
    }
}

// CSRF token validation
if (!function_exists("validate_csrf_token")) {
    function validate_csrf_token($token) {
        return isset($_SESSION["csrf_token"]) && hash_equals($_SESSION["csrf_token"], $token);
    }
}