Jump to content




Recent Status Updates

  • Photo
      18 Aug
    KodeKool

    When faced with a wall of errors and no hope to fix them, remember the following "Programs always do what you tell them to, and seldom what you want them to, but eventually you'll run out of things that can go wrong and it'll just work. and that's the secret to good programming."

    Show comments (2)
  • Photo
      11 Aug
    Error

    Should I be practicing programming every day? I feel if I don't, I'll get instantly rusty or something.

    Show comments (4)
View All Updates

Developed by Kemal Taskin
Photo
- - - - -

Quick Tip 1 - Secure your forms against CSRF attacks


  • Please log in to reply
2 replies to this topic

#1 While1

While1

    CC Lurker

  • Just Joined
  • Pip
  • 3 posts

Posted 07 July 2010 - 09:50 AM

Read more about this type of attacks in wikipedia.

In short, we want to ensure that the form data is coming from our website.

We start by generating a token for the hidden field of the HTML form. Then we will validate the submitted form token against the token that we've set in the session.



<?php
session_start();
session_regenerate_id(true);

if (isset($_POST['submit'])) {

if (isset($_SESSION['token']) && ($_POST['token'] == $_SESSION['token'])) {
//token is ok, process data
}

}

$token = hash('sha256', uniqid(mt_rand(), true));
$_SESSION['token'] = $token;

?>



<form method="POST" action="page.php">
<input type="hidden" name="token" value="<?php echo $token; ?>">
username: <input type="text" name="username">
password: <input type="password" name="password" >
<input type="submit" name="submit">
</form>

  • 0

#2 sarkons

sarkons

    CC Resident

  • Advanced Member
  • PipPipPipPip
  • 52 posts
  • Location:British Columbia, Canada
  • Programming Language:PHP, JavaScript
  • Learning:PHP, JavaScript

Posted 22 February 2013 - 04:17 PM

Sweet, thank you for this post While1!


  • 0

#3 Kwaliyo

Kwaliyo

    CC Lurker

  • New Member
  • Pip
  • 8 posts
  • Programming Language:PHP, JavaScript
  • Learning:PHP, JavaScript, Others

Posted 30 March 2013 - 02:54 AM

nice 1


  • 0