Php uses session to defend against url attacks and phpsession to defend against URLs

Php uses session to defend against url attacks and phpsession to defend against URLs

This article describes how php uses session to defend against url attacks. Share it with you for your reference. The specific implementation method is as follows:

Through session tracking, you can easily avoid url attacks. php uses the session anti-url attack method Code as follows:
Copy codeThe Code is as follows: <? Php
Session_start ();
$ Clean = array ();
$ Email_pattern = '/^ [^ @ s <&>] + @ ([-a-z0-9] +.) + [a-z] {2,} $/I ';
If (preg_match ($ email_pattern, $ _ POST ['email '])
{
$ Clean ['email '] = $ _ POST ['email'];
$ User = $ _ SESSION ['user'];
$ New_password = md5 (uniqid (rand (), TRUE ));
If ($ _ SESSION ['verified '])
{
/* Update Password */
Mail ($ clean ['email '], 'your New password', $ new_password );
}
}
?>
The URL can be set as follows:
Http://example.org/reset.php? User = php & email = chris % 40example.org

If reset. php trusts the information provided by users, which is a semantic URL attack vulnerability in which the system will generate a new password for the php account and send it to the chris@example.org, in this way, chris successfully steals the php account.

I hope this article will help you with PHP programming.