php anti-url attack method through session, phpsession anti-url
The example in this article describes how to prevent url attacks in PHP through session. Share it with everyone for your reference. The specific implementation method is as follows:
Through session tracking, you can easily avoid URL attacks. PHP uses session to prevent URL attacks. The code is as follows:
Copy code The code is as follows:
session_start();
$clean = array();
$email_pattern = '/^[^@s<&>]+@([-a-z0-9]+.)+[a-z]{2,}$/i';
if (preg_match($email_pattern, $_POST['email']))
{
$clean['email'] = $_POST['email'];
$user = $_SESSION['user'];
$new_password = md5(uniqid(rand(), TRUE));
if ($_SESSION['verified'])
{
/* Update Password */
mail($clean['email'], 'Your New Password', $new_password);
}
}
?>
When using, the URL can be set as follows:
http://example.org/reset.php?user=php&email=chris%40example.org
If reset.php trusts the information provided by the user, this is a semantic URL attack vulnerability. In this case, the system will generate a new password for the php account and send it to chris@example.org, so chris succeeds Stealing php account.
I hope this article will be helpful to everyone’s PHP programming design.
http://www.bkjia.com/PHPjc/925131.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/925131.htmlTechArticlePHP uses session to prevent url attacks, phpsession prevents url. This article describes the example of php using session to prevent url attacks. Share it with everyone for your reference. The specific implementation method is as follows: Through s...
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
