PHP prevents forged cross-site request implementation program_PHP tutorial

WBOY
Release: 2016-07-13 17:10:48
Original
1162 people have browsed it

CSRF off-site type vulnerabilities are actually problems with externally submitted data in the traditional sense. Generally, programmers will consider adding watermarks to some forms such as leaving messages and comments to prevent SPAM problems. However, for the sake of user experience, some operations may There are no restrictions, so the attacker can predict the request parameters first, write javascript scripts in the web page outside the site to forge file requests or automatically submit forms to implement GET and POST requests, and the user clicks the link to access in the session state. For web pages outside the site, the client is forced to initiate a request.

Browser security flaws

Almost all current web applications use cookies to identify users and save session status. However, all browsers did not consider security factors when they initially added the cookie function. File requests generated from WEB pages will carry COOKIE. As shown in the figure below, a request generated by a normal picture in the web page will also bring COOKIE:


GET http://website.com/log.jpg

Cookie: session_id

Client ——————————————————-Server

We follow this idea and copy the implementation of crumb. The code is as follows:

The code is as follows Copy code
class Crumb {                                                                                                                                                       CONST SALT = "your-secret-salt";                                                                                                    static $ttl = 7200;                                                                                           static public function challenge($data) {                                        Return hash_hmac('md5', $data, self::SALT);    }                                                                                                            
                                                                                                                 
    static public function issueCrumb($uid, $action = -1) {                                                      
        $i = ceil(time() / self::$ttl);                                                                          
        return substr(self::challenge($i . $action . $uid), -12, 10);                                            
    }                                                                                                            
                                                                                                                 
    static public function verifyCrumb($uid, $crumb, $action = -1) {                                             
        $i = ceil(time() / self::$ttl);                                                                          
                                                                                                                 
        if(substr(self::challenge($i . $action . $uid), -12, 10) == $crumb ||                                    
            substr(self::challenge(($i - 1) . $action . $uid), -12, 10) == $crumb)                               
            return true;                                                                                         
                                                                                                                 
        return false;                                                                                            
    }                                                                                                            
                                                                                                                 
}

$uid in the code represents the user’s unique identifier, and $ttl represents the validity time of this random string.

Application examples

Insert a hidden random string crumb into the form

The code is as follows
代码如下 复制代码





Copy code


 代码如下 复制代码

if(Crumb::verifyCrumb($uid, $_POST['crumb'])) {
//按照正常流程处理表单
} else {
//crumb校验失败,错误提示流程
}

Process form demo.php

Check crumb

The code is as follows Copy code
if(Crumb::verifyCrumb($uid, $_POST['crumb'])) { //Process the form according to the normal process } else { //crumb verification failed, error prompt process } Note:
The outbreak of CSRF attacks and related web worms, and developing effective emergency measures for such web attacks. It is also recommended that programmers should not abuse $_REQUEST class variables, add watermarks to certain sensitive operations if necessary, consider using formhash technology similar to the DISCUZ forum to improve the difficulty of hackers predicting request parameters, and pay attention to the security issues of JSON data interfaces, etc.
http://www.bkjia.com/PHPjc/629636.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/629636.htmlTechArticleCSRF off-site type vulnerabilities are actually externally submitted data problems in the traditional sense. Generally, programmers will consider giving some The form for leaving comments, etc. is watermarked to prevent SPAM issues, but in order to...
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template