My Blog: forms - php prevent csrf attacks in mutiple submit -

Thursday, 15 August 2013

forms - php prevent csrf attacks in mutiple submit -

i work php class prevent csrf attack.

code:

$token = nocsrf::generate( 'csrf_token' );  <form name="csrf_form" action="#" method="post">     <input type="hidden" name="csrf_token" value="<?php echo $token; ?>">     ...other form inputs...     <input type="submit" value="send form"> </form>

for check csrf:

try {     // run csrf check, on post data, in exception mode, validity of 10 minutes, in one-time mode.     nocsrf::check( 'csrf_token', $_post, true, 60*10, false );     // form parsing, db inserts, etc. }  grab ( exception $e ) {     // csrf attack detected }

this worked me when have 1 in page when have 2 form in page work 1 form , in other form submit show csrf attack detected.

php check form 1:

if($_post['submit'] == "from") && !empty($_post['username'])){      seek       {         // run csrf check, on post data, in exception mode, validity of 10 minutes, in one-time mode.         nocsrf::check( 'csrf_token', $_post, true, 60*10, false );         // form parsing, db inserts, etc.     }      grab ( exception $e )     {         // csrf attack detected     } }

php check form 2:

if($_post['submit'] == "from2") && !empty($_post['username'])){      seek       {         // run csrf check, on post data, in exception mode, validity of 10 minutes, in one-time mode.         nocsrf::check( 'csrf_token', $_post, true, 60*10, false );         // form parsing, db inserts, etc.     }      grab ( exception $e )     {         // csrf attack detected     } }

html form:

 <form name="csrf_form" action="#" method="post">              <?php $token = nocsrf::generate( 'csrf_token' );?>             <input type="hidden" name="csrf_token" value="<?php echo $token; ?>">             <input type="text" name="username">             <input type="submit" value="form">         </form>     <form name="csrf_form" action="#" method="post">              <?php $token = nocsrf::generate( 'csrf_token' );?>             <input type="hidden" name="csrf_token" value="<?php echo $token; ?>">             <input type="text" name="badname">             <input type="submit" value="form2">     </form>

how prepare or how work class multiple form?!

class source here

make sure calling nocsrf::generate() once. if it's called more once, info old token overwritten, making invalid.

alternatively, utilize different key 2 tokens (instead of using "csrf_token" both).

php forms

My Blog

Thursday, 15 August 2013

forms - php prevent csrf attacks in mutiple submit -

No comments:

Post a Comment