PHP prevents forged cross-site request implementation program_PHP tutorial

CSRF off-site type vulnerabilities are actually problems with externally submitted data in the traditional sense. Generally, programmers will consider adding watermarks to some forms such as leaving messages and comments to prevent SPAM problems. However, for the sake of user experience, some operations may There are no restrictions, so the attacker can predict the request parameters first, write javascript scripts in the web page outside the site to forge file requests or automatically submit forms to implement GET and POST requests, and the user clicks the link to access in the session state. For web pages outside the site, the client is forced to initiate a request.

Browser security flaws

Almost all current web applications use cookies to identify users and save session status. However, all browsers did not consider security factors when they initially added the cookie function. File requests generated from WEB pages will carry COOKIE. As shown in the figure below, a request generated by a normal picture in the web page will also bring COOKIE:

GET http://website.com/log.jpg

Cookie: session_id

Client ——————————————————-Server

We follow this idea and copy the implementation of crumb. The code is as follows:

The code is as follows

Copy code

class Crumb {                                                                                                                                                       CONST SALT = "your-secret-salt";                                                                                                    static $ttl = 7200;                                                                                           static public function challenge($data) {                                        Return hash_hmac('md5', $data, self::SALT);    }                                                                                                                                                                                                                                   static public function issueCrumb($uid, $action = -1) {                                                               $i = ceil(time() / self::$ttl);                                                                                   return substr(self::challenge($i . $action . $uid), -12, 10);                                                 }                                                                                                                                                                                                                                   static public function verifyCrumb($uid, $crumb, $action = -1) {                                                      $i = ceil(time() / self::$ttl);                                                                                                                                                                                                     if(substr(self::challenge($i . $action . $uid), -12, 10) == $crumb ||                                                 substr(self::challenge(($i - 1) . $action . $uid), -12, 10) == $crumb)                                            return true;                                                                                                                                                                                                                    return false;                                                                                                 }                                                                                                                                                                                                                               }

$uid in the code represents the user’s unique identifier, and $ttl represents the validity time of this random string.

Application examples

Insert a hidden random string crumb into the form

The code is as follows

代码如下	复制代码

Copy code

代码如下	复制代码
if(Crumb::verifyCrumb($uid, $_POST['crumb'])) { //按照正常流程处理表单 } else { //crumb校验失败，错误提示流程 }

Process form demo.php

Check crumb

The code is as follows

Copy code

if(Crumb::verifyCrumb($uid, $_POST['crumb'])) { //Process the form according to the normal process } else { //crumb verification failed, error prompt process } Note: The outbreak of CSRF attacks and related web worms, and developing effective emergency measures for such web attacks. It is also recommended that programmers should not abuse $_REQUEST class variables, add watermarks to certain sensitive operations if necessary, consider using formhash technology similar to the DISCUZ forum to improve the difficulty of hackers predicting request parameters, and pay attention to the security issues of JSON data interfaces, etc. http://www.bkjia.com/PHPjc/629636.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/629636.htmlTechArticleCSRF off-site type vulnerabilities are actually externally submitted data problems in the traditional sense. Generally, programmers will consider giving some The form for leaving comments, etc. is watermarked to prevent SPAM issues, but in order to...