This article mainly introduces the principles and defense techniques of php cross-site attacks. It is a very practical technique to analyze php cross-site attacks in detail with specific examples, for more information, see
This article mainly introduces the principles and defense techniques of php cross-site attacks. It is a very practical technique to analyze php cross-site attacks in detail with specific examples, for more information, see
This article describes the principles and defense techniques of php cross-site attacks. Share it with you for your reference. The specific method is analyzed as follows:
Cross-Site attacks take advantage of some program details or bugs. How can we prevent cross-site attacks? The following is an example of how to prevent cross-site attacks.
The Code is as follows:
<? Php
# Demo for prevent csrf
/**
* Enc
*/
Function encrypt ($ token_time ){
Return md5 ('! ###$ @ $ # % 43 '. $ token_time );
}
$ Token_time = time ();
$ Token = encrypt ($ token_time );
$ Expire_time = 10;
If ($ _ POST ){
$ _ Token_time = $ _ POST ['token _ time'];
$ _ Token = $ _ POST ['Token'];
If (time ()-$ _ token_time)> $ expire_time ){
Echo "expired token ";
Echo"
";
}
Echo $ _ token;
Echo"
";
$ _ Token_real = encrypt ($ _ token_time );
Echo $ _ token_real;
// Compare $ _ token and $ _ token_real
}
?>
Test for csrf
By including the verification code in your form, you have actually eliminated the risk of cross-site request forgery. You can use this process in any form that requires an operation.
Of course, it is better to store the token to the session. Here is a simple example.
Simple analysis:
Token attack prevention is also called a token. When a user accesses the page, a random token is generated to save the session and form, if the token we get is different from the session token, you can submit the submitted data again.
I hope this article will help you with php programming.