- Php
- Features
- Autoload
- Class Reflection
- Magic Methods
- Exceptions
- Late Static Binding
- Type Hinting
- SPL
- PHPUNIT
- PHAR
- Composer
- Guzzle
- Carbon
- Faker
- Math
- Requests
- Design Patterns
- Singleton Pattern
- Observer Pattern
- Strategy Pattern
- Registry
- Symfony
- Routes
- Annotations
- Flex
- Controllers
- Doctrine
- Templating
- Versions
- Php7.4
- Php8.0
- Security
- Filter Input
- Remote Code Injection
- Sql Injection
- Session Fixation
- File Uploads
- Cross Site Scripting
- Spoofed Forms
- CSRF ♣
- Session Hijacking
- Modern Php
- Composer
- Slim Framework
- Autoloader
- Package
- Releases
- Generators
- Dependency Injection
- Middleware
- Create Framework
- App
- Http Foundation
- Front Controller
- Routing
- Render Controller
- Resolver
- SoC
- Frameworks
- Symfony V5
- Laravel V8
- Laminas V3
- Codeigniter V4
CSRF
Embeded image in some hacker website.
# Cross Site Request Forgery
#
# If it happend that you are logged on shop.com ...
# and you browse hacker-site.com ...
# you'll make a purchase, even if you don't want to!
<img src="https://www.shop.com/checkout.php?isbn=0312863551">
Token method
The token method involves the use of a randomly generated token.
<?php
# The token is stored in the user's session ...
# when the user accesses the form page
session_start();
if (isset($_POST['btn_submit'])) {
if (isset($_SESSION['token']) &&
isset($_POST['token']) &&
$_POST['token'] == $_SESSION['token']) { # Look Here
echo 'Accepted';
} else {
echo 'Denied';
}
}
$token = md5(uniqid(rand(), TRUE));
$_SESSION['token'] = $token;
?>
<form method="POST">
<input type="hidden" name="token" value="<?= $token; ?>"/>
<input type="submit" name="btn_submit"/>
</form>
Last update: 34 days ago