Does PHP have its own version of the Rails authenticity token?
<meta name="csrf-token" content="<%= form_authenticity_token %>" />
<meta name="csrf-param" content="authenticity_token" />
If not, what is the best way to achieve the same functionality?
When outputting to form:
$token = md5(time() . rand(1,100));
$_SESSION['token'] = $token;
<input type='hidden' name='token' value='<?=$token;?>'/>
After POST:
if(empty($_POST['token']) || $_POST['token'] !== $_SESSION['token']){
exit("Bad token!");
}
unset($_SESSION['token']);
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With