This article mainly introduces the principles and defense techniques of php cross-site attacks. it is a very practical technique to analyze php cross-site attacks in detail with specific examples, for more information about the principles and defense skills of php cross-site attacks, see the examples in this article. Share it with you for your reference. The specific method is analyzed as follows:
Cross-site attacks take advantage of some program details or bugs. how can we prevent cross-site attacks? The following is an example of how to prevent cross-site attacks.
The code is as follows:
<? Php
# Demo for prevent csrf
/**
* Enc
*/
Function encrypt ($ token_time ){
Return md5 ('! ###$ @ $ # % 43 '. $ token_time );
}
$ Token_time = time ();
$ Token = encrypt ($ token_time );
$ Expire_time = 10;
If ($ _ POST ){
$ _ Token_time = $ _ POST ['token _ time'];
$ _ Token = $ _ POST ['token'];
If (time ()-$ _ token_time)> $ expire_time ){
Echo "expired token ";
Echo"
";
}
Echo $ _ token;
Echo"
";
$ _ Token_real = encrypt ($ _ token_time );
Echo $ _ token_real;
// Compare $ _ token and $ _ token_real
}
?>
Test for csrf
By including the verification code in your form, you have actually eliminated the risk of cross-site request forgery. You can use this process in any form that requires an operation.
Of course, it is better to store the token to the session. here is a simple example.
Simple analysis:
Token attack prevention is also called a token. when a user accesses the page, a random token is generated to save the session and form, if the token we get is different from the session token, you can submit the submitted data again.
I hope this article will help you with php programming.