Jump to content




Recent Status Updates

  • Photo
      15 Sep
    Error

    Programming is something that I enjoy and want to make a career out of. But, I usually tend to start things and not finish them. Any advice on how I can finish what I start?

    Show comments (2)
View All Updates

Developed by Kemal Taskin
Photo
- - - - -

Quick Tip 1 - Secure your forms against CSRF attacks


  • Please log in to reply
2 replies to this topic

#1 While1

While1

    CC Lurker

  • Just Joined
  • Pip
  • 3 posts

Posted 07 July 2010 - 09:50 AM

Read more about this type of attacks in wikipedia.

In short, we want to ensure that the form data is coming from our website.

We start by generating a token for the hidden field of the HTML form. Then we will validate the submitted form token against the token that we've set in the session.



<?php
session_start();
session_regenerate_id(true);

if (isset($_POST['submit'])) {

if (isset($_SESSION['token']) && ($_POST['token'] == $_SESSION['token'])) {
//token is ok, process data
}

}

$token = hash('sha256', uniqid(mt_rand(), true));
$_SESSION['token'] = $token;

?>



<form method="POST" action="page.php">
<input type="hidden" name="token" value="<?php echo $token; ?>">
username: <input type="text" name="username">
password: <input type="password" name="password" >
<input type="submit" name="submit">
</form>

  • 0

#2 sarkons

sarkons

    CC Resident

  • Advanced Member
  • PipPipPipPip
  • 52 posts
  • Location:British Columbia, Canada
  • Programming Language:PHP, JavaScript
  • Learning:PHP, JavaScript

Posted 22 February 2013 - 04:17 PM

Sweet, thank you for this post While1!


  • 0

#3 Kwaliyo

Kwaliyo

    CC Lurker

  • New Member
  • Pip
  • 8 posts
  • Programming Language:PHP, JavaScript
  • Learning:PHP, JavaScript, Others

Posted 30 March 2013 - 02:54 AM

nice 1


  • 0