API tools faq
paste
Guest User

Untitled

a guest
Oct 25th, 2018
142
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.33 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. session_start();
  3.  
  4. if(isset($_POST['sessionid'])){
  5. generateToken($_POST['sessionid']);
  6. }
  7.  
  8. if(isset($_POST['submit'])){
  9. ob_end_clean(); // buffer clean
  10.  
  11. validate($_POST['username'],$_POST['password'],$_POST['token_csrf'],$_COOKIE['sessionCookie']);
  12. }
  13.  
  14. if(isset($_POST['addcommentsubmit'])){
  15. ob_end_clean(); // buffer clean
  16.  
  17. validateComment($_POST['token_csrf'],$_COOKIE['sessionCookie']);
  18. }
  19.  
  20. //generate csrf token
  21. function generateToken($sessionCookie){
  22. if(empty($_SESSION['random_key'])){
  23. $_SESSION['random_key'] = bin2hex(random_bytes(32));
  24. }
  25.  
  26. $token = hash_hmac('sha256',$sessionCookie,$_SESSION['random_key']);
  27.  
  28. $sessionID = session_id();
  29. $_SESSION[$sessionID] = $token;
  30.  
  31. ob_start(); // store in buffer
  32. echo $token;
  33. }
  34.  
  35. //validate cookie
  36. function validate($username,$password,$token,$cookie){
  37. /**
  38. * For demo ,
  39. * Username : user
  40. * Password : user
  41. */
  42.  
  43. if($username == "user" && $password == "user"){
  44. if($token == $_SESSION[$cookie] && $cookie==session_id()){
  45.  
  46. echo "<script> alert('Successfully Logged In') </script>";
  47. echo "<script type=\"text/javascript\"> window.location.href = 'client.php';</script>";
  48. }else{
  49. echo "<script> alert('Login failed! CSRF token not matched !!!') </script>";
  50. echo "<script type=\"text/javascript\"> window.location.href = 'index.php';</script>";
  51. }
  52. }else{
  53. echo "<script> alert('Login failed! Check username and password again !!!') </script>";
  54. echo "<script type=\"text/javascript\"> window.location.href = 'index.php';</script>";
  55. }
  56. }
  57.  
  58. //validate comment
  59. function validateComment($token,$cookie){
  60. if($token == $_SESSION[$cookie] && $cookie==session_id()){
  61. echo "<script> alert('Status successfully added') </script>";
  62. echo "<script type=\"text/javascript\"> window.location.href = 'client.php';</script>";
  63. }else{
  64. echo "<script> alert('Status posting failed! CSRF token not matched !!!') </script>";
  65. echo "<script type=\"text/javascript\"> window.location.href = 'client.php';</script>";
  66. }
  67. }
  68.  
  69. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!