Does PHP have its own version of the Rails authenticity token? <pre class="prettyprint"><code><meta name="csrf-token" content="<%= form_authenticity_token %>" /> <meta name="csrf-param" content="authenticity_token" /> </code></pre> If not, what is the best way to achieve the same functionality?

When outputting to form: <pre class="prettyprint"><code>$token = md5(time() . rand(1,100)); $_SESSION['token'] = $token; <input type='hidden' name='token' value='<?=$token;?>'/> </code></pre> After POST: <pre class="prettyprint"><code>if(empty($_POST['token']) || $_POST['token'] !== $_SESSION['token']){ exit("Bad token!"); } unset($_SESSION['token']); </code></pre>

Does PHP have an authenticity token like Rails?

Tags:

authentication

php

ruby-on-rails-3

token

Does PHP have its own version of the Rails authenticity token?

<meta name="csrf-token" content="<%= form_authenticity_token %>" />
<meta name="csrf-param" content="authenticity_token" />

If not, what is the best way to achieve the same functionality?

852

asked Feb 24 '11 21:02

EliTheDawg

1 Answers

When outputting to form:

$token = md5(time() . rand(1,100));
$_SESSION['token'] = $token;

<input type='hidden' name='token' value='<?=$token;?>'/>

After POST:

if(empty($_POST['token']) || $_POST['token'] !== $_SESSION['token']){
  exit("Bad token!");
}
unset($_SESSION['token']);

171

answered Oct 07 '22 16:10

Mārtiņš Briedis

Recent Activity
Apple Pay - authorize.net returns error 153 only when live, sandbox works
How to continue cursor loop even error occured in the loop
python find all neighbours of a given node in a list of lists
Fatal error: Call to a member function setColumn() on a non-object in Magento
Count how many of each value from a field with MySQL and PHP
Python 32-bit development on 64-bit Windows [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!

Donate Us With