Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Does PHP have an authenticity token like Rails?

Does PHP have its own version of the Rails authenticity token?

<meta name="csrf-token" content="<%= form_authenticity_token %>" />
<meta name="csrf-param" content="authenticity_token" />

If not, what is the best way to achieve the same functionality?

like image 852
EliTheDawg Avatar asked Feb 24 '11 21:02

EliTheDawg


1 Answers

When outputting to form:

$token = md5(time() . rand(1,100));
$_SESSION['token'] = $token;

<input type='hidden' name='token' value='<?=$token;?>'/>

After POST:

if(empty($_POST['token']) || $_POST['token'] !== $_SESSION['token']){
  exit("Bad token!");
}
unset($_SESSION['token']);
like image 171
Mārtiņš Briedis Avatar answered Oct 07 '22 16:10

Mārtiņš Briedis