Skip to content

Instantly share code, notes, and snippets.

@xombra
Created June 17, 2014 22:23
Show Gist options
  • Save xombra/fd8cf15cba27083b4a10 to your computer and use it in GitHub Desktop.
Save xombra/fd8cf15cba27083b4a10 to your computer and use it in GitHub Desktop.
Crear y verificar Token para evitar csrf
function CREAR_TOKEN($TokenForm)
{ $token = md5(uniqid(microtime(), true));
$token_time = time();
$_SESSION['csrf'][$TokenForm.'_token'] = array('token'=>$token, 'time'=>$token_time);
return $token;
}
function VERIFICA_TOKEN($TokenForm, $token)
{ if(!isset($_SESSION['csrf'][$TokenForm.'_token'])) {
return false;
}
if ($_SESSION['csrf'][$TokenForm.'_token']['token'] !== $token) {
return false;
}
return true;
}
# En el formulario Colocar
<input type="hidden" name="auth_token" value="<?php echo CREAR_TOKEN('Tok_X'); ?>" />
# y verificar la llegada
$token = $_POST['auth_token'];
if(!VERIFICA_TOKEN('SeP', $token)){
echo '<div class="alert alert-danger"><p>'.$token.' El intento de acceso no es valido y/o expiro, <br /> Refresque e intente de nuevo</p></div>';
die();
}
@yacyeza
Copy link

yacyeza commented Feb 21, 2017

enviar codigo token

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment