Created
May 7, 2017 10:18
-
-
Save radenvodka/03ace6a8bf5076dc9f1cad3bf84c1266 to your computer and use it in GitHub Desktop.
Simple Anti CSRF
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * @Author: Eka Syahwan | |
| * @Date: 2017-05-07 17:02:09 | |
| * @Last Modified by: Eka Syahwan | |
| * @Last Modified time: 2017-05-07 17:16:45 | |
| */ | |
| session_start(); | |
| class Security | |
| { | |
| public function csrfToken(){ | |
| $token = md5(date("dmY h:i:s").rand(10000,90000)); | |
| $_SESSION['token'] = $token; | |
| return $_SESSION['token']; | |
| } | |
| public function csrfValidate($token){ | |
| if($token != $_SESSION['token']){ | |
| return false; | |
| }else{ | |
| return true; | |
| } | |
| } | |
| public function csrfHtml(){ | |
| echo '<input type="hidden" name="token" value="'.$this->csrfToken().'"></input>'; | |
| } | |
| } | |
| $security = new Security; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
how to use ?
call function csrfHtml()
for validate call function csrfValidate($_POST['token']);