SIMPLE CSRF TOKEN PROTECTION IN PHP

[{"selector":"#anim-4eddf58b-f8cc-44ca-86f1-a1b5feb895c4","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-96df9e9b-8cb6-4fe2-a925-33b78603cb53","keyframes":{"transform":["translate3d(0px, -678.3954%, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-b3bc6da6-e37d-495c-a80a-b47a9d11e3cd","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-382e39df-ac23-4190-9892-063ce9e97b67","keyframes":{"transform":["translate3d(0px, 195.52791%, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-2fa472c5-b9a7-42d1-9305-1e9738bf240c","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-402edf45-7fc2-468a-a261-d10208de19cc","keyframes":{"transform":["translate3d(0px, 787.40722%, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] PHP (quick guide & example)

WHAT IS CSRF?

[{"selector":"#anim-6fedc42d-fd55-40bf-8ae3-97200edf01c9","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-ed265d21-b672-4583-8881-f1301ada1d62","keyframes":{"transform":["translate3d(-115.14196%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-5930ec9d-dd24-44ae-9778-deee75e81567","keyframes":{"opacity":[0,1]},"delay":100,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-1888ff99-1ff0-45e5-8bea-7ba5f250823e","keyframes":{"transform":["translate3d(-115.50632%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":100,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-42b66e16-3766-44a5-8d18-eaaadf02b7b6","keyframes":{"opacity":[0,1]},"delay":200,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-f87e3718-9a81-4d5b-bbbe-e812d300e8e1","keyframes":{"transform":["translate3d(-115.14196%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":200,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] CSRF = Cross-Site Request Forgery. When there are 2 sites - Legit and bad. Bad website masquerades as the good one, to bait users into doing a forged request on the legit site.

CSRF ATTACK EXAMPLE A

[{"selector":"#anim-6b614ce9-e69f-401a-ad7c-3a1a4aa25201","keyframes":{"opacity":[0,1]},"delay":0,"duration":1000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"both"}] [{"selector":"#anim-5191ed48-2f1e-48af-b183-9df66495fa07","keyframes":{"transform":["scale(0.3333333333333333)","scale(1)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"forwards"}] [{"selector":"#anim-099a1d00-60a7-43ab-a037-558f8137ed06","keyframes":{"opacity":[1,1]},"delay":0,"duration":1000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"both"}] [{"selector":"#anim-1941797a-89c1-4d61-b6de-73a19ee77d74","keyframes":{"transform":["scale(3)","scale(1)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"forwards"}] DELETE ACCOUNT FORM ON LEGIT SITE <form action="http://site.com/delete/" > <p>Type "CONFIRM" to proceed.</p> <input type="text" name="confirm"> <input type="submit" value="Go"> </form>

CSRF ATTACK EXAMPLE B

[{"selector":"#anim-fa21f9b5-8ac7-442c-a8a2-b33bb1be2a21","keyframes":{"opacity":[1,1]},"delay":0,"duration":1000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"both"}] [{"selector":"#anim-40e04e59-22ec-4766-9a59-1ac14bff0710","keyframes":{"transform":["scale(3)","scale(1)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"forwards"}] [{"selector":"#anim-8aeb1747-c155-4488-beb9-2a8142aae881","keyframes":{"opacity":[0,1]},"delay":0,"duration":1000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"both"}] [{"selector":"#anim-259ca3ce-d05b-4e47-ba63-43038befa107","keyframes":{"transform":["scale(0.3333333333333333)","scale(1)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"forwards"}] FAKE FORM ON BAD WEBSITE THAT DELETES ACCOUNT ON LEGIT SITE <form action="http://site.com/delete/" > <p>CLICK TO REDEEM PRIZE!</p> <input type="hidden" name="confirm" value="CONFIRM"> <input type="submit" value="WIN!"> </form>

CSRF ATTACK PREVENTION

[{"selector":"#anim-6a760e0e-325d-4383-a291-b31a8a3adcfe","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-d1bc1b9e-d286-499c-a6c0-9a379c7d07fc","keyframes":{"transform":["translate3d(-115.2381%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-c7545204-72e9-4c90-8fba-fb370b9ddc6b","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-cd1ec6ed-ed64-49d5-884e-896e0398540d","keyframes":{"transform":["translate3d(119.34425%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] GENERATE RANDOM TOKEN session_start(); $_SESSION["token"] = bin2hex(random_bytes(32)); $_SESSION["expire"] = time() + 3600; EMBED TOKEN INTO FORM <form method="post"> <input type="hidden" name="token" value="<?=$_SESSION["token"]?>"> <input type="email" name="email"> <input type="submit" value="Go!"> </form>

CSRF ATTACK PREVENTION

[{"selector":"#anim-cffd2dc3-2a5c-46e6-a3f6-a17159fff72c","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-af717cc2-a68c-45c7-9388-03228d8496c5","keyframes":{"transform":["translate3d(-115.18988%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-ab948875-d4b2-49be-adb6-cb6353b7bfef","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-105e4aab-6db0-491c-afb7-f400248fe6c6","keyframes":{"transform":["translate3d(114.87342%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-ae6a168e-e098-49d3-8dcf-87b3cbe9548e","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-1efefea5-8a8c-49c9-a1c6-2035cb17906b","keyframes":{"transform":["translate3d(0px, 196.29626%, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] CHECK TOKEN if (isset($_POST["token"]) && isset($_SESSION["token"]) && isset($_SESSION["expire"]) && $_SESSION["token"]==$_POST["token"]) { EXPIRED? if (time()>=$_SESSION["expire"]) { exit(); } PROCEED unset($_SESSION["token"]); unset($_SESSION["expire"]); echo "OK"; }

FULL TUTORIAL

[{"selector":"#anim-84074064-3fba-4004-92df-c481ff953ad0 [data-leaf-element=\"true\"]","keyframes":{"transform":["translate(0%, 0%) scale(1.5)","translate(0%, 0%) scale(1)"]},"delay":0,"duration":2000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"forwards"}] [{"selector":"#anim-aded9961-7f72-4944-b2ba-2d1551e1b962","keyframes":{"opacity":[0,1]},"delay":2000,"duration":1000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-d0681dac-e378-4f08-9d51-f62e4239037a","keyframes":{"opacity":[0,1]},"delay":2100,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-db6e8a07-58de-4082-99f1-00112d4816b7","keyframes":{"transform":["translate3d(-170.88234%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":2100,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-112163e1-18b0-4110-b639-d86aa7debcf4","keyframes":{"opacity":[0,1]},"delay":2000,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-30507a86-2d09-4560-a225-ab14ac000af5","keyframes":{"transform":["translate3d(0px, -287.30155%, 0)","translate3d(0px, 0px, 0)"]},"delay":2000,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-98c708dd-15f6-4e55-9963-aef2e5ea91ad","keyframes":{"opacity":[0,1]},"delay":2200,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-461349a4-9224-4440-884c-40a2b76cea1a","keyframes":{"transform":["translate3d(-151.73267%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":2200,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-eb4f9d14-faae-4393-b3d2-08e1425f8491","keyframes":{"opacity":[0,1]},"delay":2300,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-adfc0bcb-e8aa-43fe-a918-92fef0b4cb62","keyframes":{"transform":["translate3d(-151.23154%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":2300,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}]

SIMPLE CSRF TOKEN PROTECTION IN PHP

WHAT IS CSRF?

1A

CSRF ATTACK EXAMPLE A

1B

CSRF ATTACK EXAMPLE B

1C

CSRF ATTACK PREVENTION

2A

CSRF ATTACK PREVENTION

2B

FULL TUTORIAL

VISIT & FOLLOW

CODE BOXX YOUTUBE

CODE BOXX PINTEREST