Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- class TOKEN {
- public static function generate() {
- return $_SESSION['token'] = base64_encode(openssl_random_pseudo_bytes(15));
- }
- public static function check($token) {
- if (isset($_SESSION['token']) && $token === $_SESSION['token']) {
- unset($_SESSION['token']);
- return true;
- }
- return false;
- }
- }
- ?>
- <?php
- $display_form = FALSE;
- if (isset($_POST['submit'])) {
- $username = $_POST['username'];
- $userpass = $_POST['userpass'];
- if (strlen($username) < 4) {
- $error_name = 'required';
- $display_form = true;
- $validation_error = true;
- }
- if (strlen($userpass) < 8) {
- $error_pass = 'required';
- $display_form = true;
- $validation_error = true;
- }
- if (!$validation_error) {
- if (TOKEN::check($_POST['token'])) {
- echo 'process form';
- } else {
- echo 'invalid security token';
- }
- }
- } else {
- $display_form = TRUE;
- }
- ?>
- <!DOCTYPE html>
- <html lang="en">
- <head>
- <meta charset="UTF-8">
- <title>Title</title>
- </head>
- <body>
- <?php
- if ($display_form == true) {
- ?>
- <form method="post" action="<?php echo htmlspecialchars($_SERVER['REQUEST_URI']); ?>">
- <input type="hidden" name="token" value="<?php echo TOKEN::generate(); ?>">
- <input type="text" name="username" id="" placeholder="username">
- <?php echo $error_name; ?>
- <br>
- <input type="password" name="userpass" id="" placeholder="Password">
- <?php echo $error_pass; ?>
- <br>
- <input type="submit" name="submit" value="Sign in">
- </form>
- </body>
- </html>
- <?php
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
