CSRF Token Protection In PHP

[{"selector":"#anim-08ff0d9b-ca00-4f9f-9ff7-6535540b5d3c","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-ef43157c-6985-4c1f-9e50-7b707d84d4ea","keyframes":{"transform":["translate3d(0px, -739.50653%, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-d0f4125e-84a3-4a76-b74d-4abbccd0396b","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-309c3342-4998-484a-b1a0-bf240dddc1c9","keyframes":{"transform":["translate3d(0px, 186.39928%, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] PHP SIMPLE CSRF TOKEN PROTECTION IN PHP

[{"selector":"#anim-353eba47-af34-4572-9956-3ce3c500a94b","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-5f3d130e-c060-4ba8-beb4-87227a66f51b","keyframes":{"transform":["translate3d(-117.49175%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-948618ce-2a6f-4a51-8952-5c76a25c7f67","keyframes":{"opacity":[0,1]},"delay":100,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-31a669ec-b7ef-48e9-8849-36d6f6cd1319","keyframes":{"transform":["translate3d(-117.82179%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":100,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-006447a7-2e09-4267-8b18-f1624dea792c","keyframes":{"opacity":[0,1]},"delay":200,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-f3ae88e7-3e9a-4c38-a7f6-e19bb5890bd3","keyframes":{"transform":["translate3d(-117.82179%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":200,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] * CSRF = Cross-Site Request Forgery. * When there are 2 websites - A legit and bad one. * Bad website masquerades as the good one, to bait users into doing a forged request on the legit site. WHAT IS CSRF? 1A

[{"selector":"#anim-61afe4df-d8a1-4e85-8463-41153d11a0d3","keyframes":{"transform":["translate3d(116.07717%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-ff2763ea-a842-4fa3-8087-89502cf5a6ef","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-5eff7af1-cecc-461e-a1f7-15118bb240bc","keyframes":{"transform":["scale(0.15)","scale(1)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"forwards"}] DELETE ACCOUNT HTML FORM ON LEGIT SITE <form method="post" action="http://site.com/delete/" > <p>Type "CONFIRM" to proceed.</p> <input type="text" name="confirm"/> <input type="submit" value="Go"/> </form> CSRF ATTACK EXAMPLE A 1B

[{"selector":"#anim-fa8d15e7-e453-4655-a28a-8300eba36237","keyframes":{"transform":["translate3d(-117.32027%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-54572ef1-ea5d-4341-a6df-b1264c44a14d","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-3f493ca5-af46-48fa-b472-20b1d92809a6","keyframes":{"transform":["scale(0.15)","scale(1)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"forwards"}] FAKE FORM ON BAD WEBSITE THAT DELETES ACCOUNT ON LEGIT SITE <form method="post" action="http://site.com/delete/" > <p>CLICK TO REDEEM PRIZE!</p> <input type="hidden" name="confirm" value="DELETE"/> <input type="submit" value="WIN!"/> </form> CSRF ATTACK EXAMPLE B 1C

[{"selector":"#anim-3cd22d30-46d0-446d-905f-ab57efd271ef","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-1cd707cb-28f5-4856-8691-5b440795430c","keyframes":{"transform":["translate3d(0px, 267.86220%, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] GENERATE RANDOM TOKEN, VALID FOR 1 HR (3600 SECS) session_start(); $_SESSION["tkn"] = bin2hex(random_bytes(32)); $_SESSION["tknexp"] = time() + 3600; CSRF ATTACK PREVENTION 2A

[{"selector":"#anim-707cb0ed-0494-4dde-964c-52101cbd56c4","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-33a7bc94-538d-4954-b0d6-a4ee09575138","keyframes":{"transform":["translate3d(117.70491%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] EMBED TOKEN INTO FORM <form method="post"> <input type="hidden" name="tkn" value=" <?=$_SESSION["tkn"]?> "/> <input type="email" name="email" value="jon@doe.com"/> <input type="submit" value="Go!"/> </form> CSRF ATTACK PREVENTION 2B

[{"selector":"#anim-9f83312d-42de-4e05-b62b-208c7fd5bf48","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-72504ecd-1626-497a-9470-f1e8b2973e84","keyframes":{"transform":["translate3d(-115.18988%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-2c4cd156-a968-40da-83a6-f021effe0202","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-309aa655-697a-4ff7-96e8-3fc496bc4253","keyframes":{"transform":["translate3d(115.50632%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] CHECK TOKEN ON FORM SUBMIT session_start(); if (!isset($_POST["tkn"]) || !isset($_SESSION["tkn"]) || !isset($_SESSION["tknexp"])) { exit("Token is not set!"); } CSRF ATTACK PREVENTION 2C CHECK AGAINST SESSION if ($_SESSION["tkn"]==$_POST["tkn"]) { EXPIRED if (time() >= $_SESSION["tknexp"]) { exit("Token expired."); } PROCEED - DO PROCESSING else { unset($_SESSION['token']); unset($_SESSION['token-expire']); } } else { exit("INVALID TOKEN"); }

[{"selector":"#anim-0cf8245f-b05d-4fa3-ad96-44450918b7a8","keyframes":[{"transform":"scale(1)","offset":0},{"transform":"scale(1.5)","offset":0.33},{"transform":"scale(0.95)","offset":0.66},{"transform":"scale(1)","offset":1}],"delay":0,"duration":1450,"easing":"ease-in-out","fill":"both","iterations":1}] [{"selector":"#anim-75e9df70-7751-4d6c-91fb-d7a11f49d15f","keyframes":[{"transform":"scale(1)","offset":0},{"transform":"scale(1.5)","offset":0.33},{"transform":"scale(0.95)","offset":0.66},{"transform":"scale(1)","offset":1}],"delay":0,"duration":1450,"easing":"ease-in-out","fill":"both","iterations":1}] [{"selector":"#anim-da6f6716-c45b-4aa1-bcd5-32af94a99476","keyframes":[{"transform":"scale(1)","offset":0},{"transform":"scale(1.5)","offset":0.33},{"transform":"scale(0.95)","offset":0.66},{"transform":"scale(1)","offset":1}],"delay":0,"duration":1450,"easing":"ease-in-out","fill":"both","iterations":1}] FULL TUTORIAL CODE BOXX YOUTUBE VISIT & FOLLOW CODE BOXX PINTEREST