<?php
//Starting the session
session_start();
//Defining the class CSRF
class CSRF {
//The generate token function
static function generate_token()
{
return $_SESSION['token'] = hash('SHA512', openssl_random_pseudo_bytes(32));
}
//making the check token function
static function check_token($input_token, $token_life)
{
$_SESSION['token_life'] = time()+$token_life; //This here will set the token life so after the timer is done the token will no longer work
//Now we will check the token is valid using a if else condition
if(isset($_SESSION['token']) && $_SESSION['token'] == $input_token && $_SESSION['token_life'] > time())
{
/*in here you do what ever if the token is valid
We are going to unset the 2 sessions and return true
*/
unset($_SESSION['token']);
unset($_SESSION['token_life']);
return TRUE;
}
else
{
/*In here is the code that will be executed if the token was invalid
in here we will just return false
*/
return FALSE;
}
}
}
?>
<?php
include "csrf.php"; //Here we are including the csrf file to index.php so we can use it functions
if(isset($_POST['btn1'])) // With this if check er are checking if the button login was clicked
{
//With is if check we are using the check_token function from the CSRF class to check if the token is valid
if(CSRF::check_token($_POST['token'], 180000)) {
echo "Token is valid"; //this is the output if the token is valid
} else {
echo "Not a valid Token"; //this is the output if the token is invalid
}
}
?>
<html>
<body>
<form method="post">
<input type="text" name="name" placeholder="Username" />
<input type="password" name="password" placeholder="************" />
<input type="submit" name="btn1" value="Login" />
<input type="hidden" name="token" value="<?php echo CSRF::generate_token(); // in here we are uding the function in the CSRF class the generate the token ?>" />
</form>
</body>
</html>
<?php
//Starting the session
session_start();
//Defining the class CSRF
class CSRF {
//The generate token function
static function generate_token()
{
return $_SESSION['token'] = hash('SHA512', openssl_random_pseudo_bytes(32));
}
//making the check token function
static function check_token($input_token, $token_life)
{
$_SESSION['token_life'] = time()+$token_life; //This here will set the token life so after the timer is done the token will no longer work
//Now we will check the token is valid using a if else condition
if(isset($_SESSION['token']) && $_SESSION['token'] == $input_token && $_SESSION['token_life'] > time())
{
/*in here you do what ever if the token is valid
We are going to unset the 2 sessions and return true
*/
unset($_SESSION['token']);
unset($_SESSION['token_life']);
return TRUE;
}
else
{
/*In here is the code that will be executed if the token was invalid
in here we will just return false
*/
return FALSE;
}
}
}
?>
<?php
include "csrf.php"; //Here we are including the csrf file to index.php so we can use it functions
if(isset($_POST['btn1'])) // With this if check er are checking if the button login was clicked
{
//With is if check we are using the check_token function from the CSRF class to check if the token is valid
if(CSRF::check_token($_POST['token'], 180000)) {
echo "Token is valid"; //this is the output if the token is valid
} else {
echo "Not a valid Token"; //this is the output if the token is invalid
}
}
?>
<html>
<body>
<form method="post">
<input type="text" name="name" placeholder="Username" />
<input type="password" name="password" placeholder="************" />
<input type="submit" name="btn1" value="Login" />
<input type="hidden" name="token" value="<?php echo CSRF::generate_token(); // in here we are uding the function in the CSRF class the generate the token ?>" />
</form>
</body>
</html>
<?php
//Starting the session
session_start();
//Defining the class CSRF
class CSRF {
//The generate token function
static function generate_token()
{
return $_SESSION['token'] = hash('SHA512', openssl_random_pseudo_bytes(32));
}
//making the check token function
static function check_token($input_token, $token_life)
{
$_SESSION['token_life'] = time()+$token_life; //This here will set the token life so after the timer is done the token will no longer work
//Now we will check the token is valid using a if else condition
if(isset($_SESSION['token']) && $_SESSION['token'] == $input_token && $_SESSION['token_life'] > time())
{
/*in here you do what ever if the token is valid
We are going to unset the 2 sessions and return true
*/
unset($_SESSION['token']);
unset($_SESSION['token_life']);
return TRUE;
}
else
{
/*In here is the code that will be executed if the token was invalid
in here we will just return false
*/
return FALSE;
}
}
}
?>
<?php
include "csrf.php"; //Here we are including the csrf file to index.php so we can use it functions
if(isset($_POST['btn1'])) // With this if check er are checking if the button login was clicked
{
//With is if check we are using the check_token function from the CSRF class to check if the token is valid
if(CSRF::check_token($_POST['token'], 180000)) {
echo "Token is valid"; //this is the output if the token is valid
} else {
echo "Not a valid Token"; //this is the output if the token is invalid
}
}
?>
<html>
<body>
<form method="post">
<input type="text" name="name" placeholder="Username" />
<input type="password" name="password" placeholder="************" />
<input type="submit" name="btn1" value="Login" />
<input type="hidden" name="token" value="<?php echo CSRF::generate_token(); // in here we are uding the function in the CSRF class the generate the token ?>" />
</form>
</body>
</html>
Copyright © 2024, NextGenUpdate.
All Rights Reserved.