The following warnings occurred:
Warning [2] Undefined variable $unreadreports - Line: 26 - File: global.php(961) : eval()'d code PHP 8.2.25 (Linux)
File Line Function
/global.php(961) : eval()'d code 26 errorHandler->error
/global.php 961 eval
/showthread.php 28 require_once





× This forum is read only. As of July 23, 2019, the UserSpice forums have been closed. To receive support, please join our Discord by clicking here. Thank you!

  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
How do I protect my forms
#1
By default, strings are escaped from our form inputs. This will only get stronger as we transition over to PDO.

We use a special Token system to prevent Cross Site Request Attack Forgery on your forms. This is a two step process.


Step 1: Add this check to your $_POST submission:
Code:
$token = $_POST['csrf'];
Code:
if(!Token::check($token)){
Code:
die('Token doesn\'t match!');
Code:
}

Step 2: Add this "hidden field" to your form before the submit button

If the form is in html, add this:
Code:
<input type="hidden" name="csrf" value="<?=Token::generate();?>" >

If your form is a long echo of php, you need to break your php and enter the field this way:
Code:
";
Code:
?>
Code:
<input type="hidden" name="csrf" value="<?=Token::generate();?>" ></strong>
Code:
<?php echo "
  Reply


Messages In This Thread
How do I protect my forms - by mudmin - 12-11-2015, 08:24 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)