我有这段代码
---------- index.php ----------
<script>
function validLogin() {
var email=$('#memail').val();
var testEmail = /^[A-Z0-9._%+-]+@([A-Z0-9-]+\.)+[A-Z]{2,4}$/i;
var password=$('#mpass').val();
var dataString = email='+ email + '&password='+ password;
$.ajax({
type: "POST",
url: "processed.php",
data: dataString,
cache: false,
success: function(result){
var result=trim(result);
if(result=='correct'){
window.location='/';
} else {
}
}
});
return true;
}
function trim(str){
var str=str.replace(/^\s+|\s+$/,'');
return str;
}
</script>
<div class="login">
<div class="input-group">
<input type="text" id="memail" value="" placeholder="Email" class="memail">
</div>
<div class="input-group">
<input type="password" id="mpass" value="" placeholder="Password" class="mpassword">
</div>
<div class="checkout-submit-section">
<div class="payment-submit">
<div class="order-submit">
<button id="msubmit" type="submit" name="submit_button" class="greenx" style="margin-top:-20px;" onclick="validLogin()">
Login
</button>
</div>
</div>
</div>
</div>
and
------ processed.php ---------
<?php
session_start();
include_once('../db/ds.php');
$message=array();
if(isset($_POST['email']) && !empty($_POST['email'])){
$email = $mysqli->real_escape_string($_POST['email']);
$email= htmlentities($email);
}else{
$message[]='email';
}
if(isset($_POST['password']) && !empty($_POST['password'])){
$password = $mysqli->real_escape_string($_POST['password']);
$password= htmlentities($password);
}else{
$message[]='password';
}
$countError=count($message);
if($countError > 0){
for($i=0;$i<$countError;$i++){
}
}else{
$password=md5($password);
$query = "select * from user where email='$email' and password='$password'";
$res = $mysqli->query($query);
$checkUser = $res->num_rows;
if($checkUser > 0){
$lol = $res->fetch_array(MYSQLI_BOTH);
$iduser = $lol['id'];
$_SESSION['status']=true;
$_SESSION['id']=$iduser;
echo 'correct';
}else{
}
}
}
?>
这可能是CSRF的代码,但我不知道如何使用它们
function createToken()
{
$token= base64_encode( openssl_random_pseudo_bytes(32));
$_SESSION['csrfvalue']=$token;
return $token;
}
function unsetToken()
{
unset($_SESSION['csrfvalue']);
}
function validation()
{
$csrfvalue = isset($_SESSION['csrfvalue']) ? mysql_real_escape_string($_SESSION['csrfvalue']) : '';
if(isset($_POST['csrf_name']))
{
$value_input=$_POST['csrf_name'];
if($value_input==$csrfvalue)
{
unsetToken();
return true;
}else{
unsetToken();
return false;
}
}else{
unsetToken();
return false;
}
}
<input type="hidden" name="csrf_name" value="<?php echo createToken();?>"/>
如何在没有输入<form action="" method="post">的情况下使用CSRF?因为当我测试此代码的安全性时,如果不使用CSRF,此代码会很危险。
我一直在寻找几个网站,但他们都使用输入form。
1.如何在上面的代码中使用CSRF?
我的代码是否过于简单?可能会被欺骗?我该如何保护它?
如果我使用ajax,我是否必须使用CSRF?
修改
--------------- processedd.php ----------------
<?php
require '../../db/sessions.php';
require '../../db/ds.php';
require '../../db/error.php';
$user=$row['id'];
$message=array();
if(isset($_POST['emailx']) && !empty($_POST['emailx'])){
$emailx = $mysqli->real_escape_string($_POST['emailx']);
$emailx= htmlentities($emailx);
}else{
$message[]='email';
}
if(isset($_POST['hpx']) && !empty($_POST['hpx'])){
$hpx = $mysqli->real_escape_string($_POST['hpx']);
$hpx= htmlentities($hpx);
}else{
$message[]='hp';
}
if(isset($_POST['namax']) && !empty($_POST['namax'])){
$namax = $mysqli->real_escape_string($_POST['namax']);
$namax= htmlentities($namax);
}else{
$message[]='nama';
}
if(isset($_POST['token']) && !empty($_POST['token'])){
$tokens = $mysqli->real_escape_string($_POST['token']);
}else{
$message[]='email';
}
$countError=count($message);
if($countError > 0){
for($i=0;$i<$countError;$i++){
}
}else{
if(validation($tokens, $crsfa)==true) {
$query = "UPDATE user SET email='$emailx', nama='$namax', hp='$hpx' WHERE id='$user'";
$res = $mysqli->query($query);
echo 'OKS';
}else{
echo "Null";
return false;
}
}
?>
--------------- index.php ----------------
<meta name="csrf_token" content="<?php echo createToken();?>">
.
.
.
.
.
<script>
function validUbah() {
var hpx=$('#hp').val();
var emailx=$('#email').val();
var namax=$('#nama').val();
var token=$('[name="csrf_token"]').attr('content');
var dataString = 'hpx='+ hpx + '&emailx='+ emailx + '&namax='+ namax + '&token='+ token;
$.ajax({
type: "POST",
url: "processed.php",
data: dataString,
success: function(result){
var result=trim(result);
if(result=='OKS'){
$(".spinner").hide();
$(".spanlogin").show();
$(".spanlogin").html('Berhasil');
$(".nm7").html(namax);
} else {
$(".spinner").hide();
$(".spanlogin").show();
$(".spanlogin").html(result);
return false;
}
}
});
return true;
}
function trim(str){
var str=str.replace(/^\s+|\s+$/,'');
return str;
}
</script>
--------------- sessions.php ---------------------
function unsetToken()
{
unset($crsfa);
createToken();
}
function validation($varians, $crsfa)
{
$csrfvalue = isset($crsfa);
if(isset($varians))
{
$value_input=$varians;
if($value_input==$csrfvalue)
{
unsetToken();
return true;
}else{
unsetToken();
return false;
}
}else{
unsetToken();
return false;
}
}
$crsfa=$_SESSION['csrfvalue'];
答案 0 :(得分:0)
如果您正在实施反CSRF技术,则应在每个post / ajax请求上使用该标记。
也许您可以将您的令牌实现为元标记:
<meta name="csrf-token" content="MERvRHE0MmVHcSU9OEUfPHs3JSALZQpcAC1ccBVcZA14KVlxN35xHQ==">
无论您做什么,都不要将MD5用于散列密码。 使用PHP的crypt()或其他方法进行密码存储。
干杯