API tools faq
paste
Advertisement
Guest User

NOCSRF Implemetacia

a guest
Jul 11th, 2015
252
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.55 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. include ('includes/header.php');
  3. $msgBox = '';
  4. if ( isset( $_POST['email'] ) )
  5. {
  6. try
  7. {
  8. // Run CSRF check, on POST data, in exception mode, for 10 minutes, in one-time mode.
  9. NoCSRF::check( 'csrf_token', $_POST, true, 60*10, false );
  10. if ($_POST['email'] == '') {
  11. $msgBox = alertBox($EmailEmpty);
  12. } else
  13. if ($_POST['password'] == '') {
  14. $msgBox = alertBox($PasswordEmpty);
  15.  
  16. } else {
  17. // Get User Info
  18. $Email = $mysqli->real_escape_string($_POST['email']);
  19. $Password = encryptIt($_POST['password']);
  20.  
  21. if ($stmt = $mysqli->prepare("SELECT UserId, FirstName, LastName, Email, Password, Currency from user WHERE Email = ? AND Password = ? ")) {
  22. $stmt->bind_param("ss", $Email, $Password);
  23. $stmt->execute();
  24. $stmt->bind_result($UserId_, $FirstName_, $LastName_, $Email_, $Password_, $Currency_);
  25. $stmt->store_result();
  26. $stmt->fetch();
  27. if ($num_of_rows = $stmt->num_rows >= 1) {
  28. session_start();
  29. $_SESSION['UserId'] = $UserId_;
  30. $_SESSION['FirstName'] = $FirstName_;
  31. $_SESSION['LastName'] = $LastName_;
  32. $_SESSION['Currency'] = $Currency_;
  33. $UserIds = $_SESSION['UserId'];
  34.  
  35. .............
  36. }
  37. echo '<META HTTP-EQUIV="Refresh" Content="0; URL=index.php">';
  38. } else {
  39. $msgBox = alertBox($LoginError);
  40. }
  41. }
  42. }
  43.  
  44.  
  45. }
  46. catch ( Exception $e )
  47. {
  48. // CSRF attack detected
  49. echo 'CSRF ATTACK DETECTED';
  50. session_destroy();
  51. echo '<META HTTP-EQUIV="Refresh" Content="0; URL=index.php">';
  52. }
  53. }
  54. else
  55. {
  56. $result = 'No post data yet.';
  57. }
  58. $token = NoCSRF::generate( 'csrf_token' );
  59. ?>
  60. <body>
  61. <div class="container">
  62. <div class="row">
  63. <div class="col-md-4 col-md-offset-4">
  64. <div class="login-panel panel panel-primary">
  65. <div class="panel-heading">
  66. <h3 class="panel-title text-center"><span class="glyphicon glyphicon-lock"></span> <?php echo
  67. $UserSign; ?></h3>
  68. </div>
  69. <div class="panel-body">
  70. <?php if ($msgBox) {
  71. echo $msgBox;
  72. } ?>
  73. <form method="post" action="" role="form">
  74. <fieldset>
  75. <div class="form-group">
  76. <label for="email"><?php echo $Emails; ?></label>
  77. <input type="hidden" name="csrf_token" value="<?php echo $token; ?>">
  78. <input class="form-control" placeholder="<?php echo
  79. $Emails; ?>" name="email" type="email" autofocus>
  80. </div>
  81. <div class="form-group">
  82. <label for="password"><?php echo $Passwords; ?></label>
  83. <input class="form-control" placeholder="<?php echo
  84. $Passwords; ?>" name="password" type="password" value="">
  85. </div>
  86.  
  87. <hr>
  88. <button type="submit" name="login" class="btn btn-success btn-block"><span class="glyphicon glyphicon-log-in"></span> <?php echo
  89. $SignIn; ?></button>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!