(adsbygoogle = window.adsbygoogle || []).push({});


Hello today i will show you how to make a basic Anti-CSRF in PHP.

if you are wanting to learn basic PHP go here You must login or register to view this content.

Ok to Start off make 2 php file called
1. index.php
2. csrf.php


We will be using OOP Programming to make this

What is CSRF(Not gonna lie i took this definition from google)
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request.


Making the csrf.php functions

    

<?php

   //Starting the session

    session_start();

   //Defining the class CSRF

     class CSRF {

       

       //The generate token function

          static function generate_token() 

          {

             return $_SESSION['token'] = hash('SHA512', openssl_random_pseudo_bytes(32)); 

          }

        

        //making the check token function

          static function check_token($input_token, $token_life)

          {

              $_SESSION['token_life'] = time()+$token_life; //This here will set the token life so after the timer is done the token will no longer work

              

              //Now we will check the token is valid using a if else condition

              if(isset($_SESSION['token']) && $_SESSION['token'] == $input_token && $_SESSION['token_life'] > time())

              {

              	   /*in here you do what ever if the token is valid 

                      We are going to unset the 2 sessions and return true

              	   */

                   unset($_SESSION['token']);

                   unset($_SESSION['token_life']);

                   return TRUE;

              } 

              else 

              { 

                     /*In here is the code that will be executed if the token was invalid 

                       in here we will just return false

                     */

                    return FALSE;   

              }

          }

     }



?>

Ok so now we are done in the csrf file we will move to the index


Using the csrf clas

    

<?php 

   include "csrf.php"; //Here we are including the csrf file to index.php so we can use it functions

    if(isset($_POST['btn1'])) // With this if check er are checking if the button login was clicked

    {

        //With is if check we are using the check_token function from the CSRF class to check if the token is valid	

       if(CSRF::check_token($_POST['token'], 180000))  {

       	  echo "Token is valid"; //this is the output if the token is valid

       } else { 

       	echo "Not a valid Token"; //this is the output if the token is invalid

       }	   

    }

   

?>



<html>

  <body>

     <form method="post">

         <input type="text" name="name" placeholder="Username" />

         <input type="password" name="password" placeholder="************" />

         <input type="submit" name="btn1" value="Login" />

         <input type="hidden" name="token" value="<?php echo CSRF::generate_token(); // in here we are uding the function in the CSRF class the generate the token  ?>" />

     </form>

  </body>

</html>

Now you have a CSRF Protection Thanks for reading and using my tutorial hope it helps

Tutorial was made by Lachie444

Credits:
Jelly: Me and him made this along time ago.

Keep up the tutorials man. Good stuff.