How do I protect my forms - Printable Version

The following warnings occurred:

Warning [2] Undefined variable $unreadreports - Line: 26 - File: global.php(961) : eval()'d code PHP 8.1.2-1ubuntu2.14 (Linux)

File	Line	Function
/global.php(961) : eval()'d code	26	errorHandler->error
/global.php	961	eval
/printthread.php	16	require_once

How do I protect my forms - Printable Version

+- UserSpice (https://userspice.com/forums)
+-- Forum: Miscellaneous (https://userspice.com/forums/forumdisplay.php?fid=28)
+--- Forum: Documentation (https://userspice.com/forums/forumdisplay.php?fid=30)
+--- Thread: How do I protect my forms (/showthread.php?tid=8)

How do I protect my forms - mudmin - 12-11-2015

By default, strings are escaped from our form inputs. This will only get stronger as we transition over to PDO.

We use a special Token system to prevent Cross Site Request Attack Forgery on your forms. This is a two step process.

Step 1: Add this check to your $_POST submission:

Code:
$token = $_POST['csrf'];

Code:
if(!Token::check($token)){

Code:
die('Token doesn\'t match!');

Code:
}

Step 2: Add this "hidden field" to your form before the submit button

If the form is in html, add this:

Code:
<input type="hidden" name="csrf" value="<?=Token::generate();?>" >

If your form is a long echo of php, you need to break your php and enter the field this way:

Code:
";

Code:
?>

Code:
<input type="hidden" name="csrf" value="<?=Token::generate();?>" ></strong>

Code:
<?php echo "