如何解决注销后如何正确设置CSRF跨站点请求伪造?
我做了一个博客,并试图在上面添加一些安全表单。默认标识是管理员。在顶部,有一个csrftoken
在顶部生成并存储在会话中。 (reference)我也将其放入删除表单。因此,单击“删除”时,应将其删除(在PHPmyadmin中将“ is_deleted设置为1”)。但是,当我注销并进入此页面时,我仍然可以删除项目。有人可以提供任何建议吗?如何延长上一个会话的过期时间,以便在下一个请求到来时,它知道新的csrftoken与上一个不同?
<?PHP
session_start();
require_once('./conn.PHP');
require_once('./utils.PHP');
// Generate csrf token
if (empty($_SESSION['csrftoken'])) {
$_SESSION['csrftoken'] = bin2hex(random_bytes(32));
}
$token = $_SESSION['csrftoken'];
?>
<!DOCTYPE html>
<html lang="en">
<head>
<Meta charset="UTF-8">
<Meta name="viewport" content="width=device-width,initial-scale=1.0">
<link rel="stylesheet" href="./style.css" />
<title>Easy Blog</title>
</head>
<body>
<div class="wrapper">
<section class="manage_section">
<div class="manage_table">
<table>
<caption class="table_title">Post Management</caption>
<thead>
<tr class="table_header">
<th>ID</th>
<th>Ttile</th>
<th>Category</th>
<th>Edit</th>
<th>Delete</th>
</tr>
</thead>
<tbody>
<?PHP while($row = $result->fetch_assoc()) {?>
<tr class="table_content">
<td><?PHP echo escape($row['article_id'])?></td>
<td><?PHP echo escape($row['title'])?></td>
<td><?PHP echo escape($row['category_title'])?></td>
<td><a href="./update_post.PHP?id=<?PHP echo escape($row['article_id'])?>">Edit</a></td>
<td><form action="./handle_delete_post.PHP" method="POST">
<input type="hidden" name="csrftoken" value="<?PHP echo escape($token)?>" />
<input type="hidden" name="id" value="<?PHP echo escape($row['article_id'])?>" />
<input type="submit" value="Delete" name="delete_btn">
</form></td>
</tr>
<?PHP }?>
</tbody>
</table>
</div>
</section>
</div>
</body>
</html>
<?PHP
session_start();
require_once('./conn.PHP');
require_once('./utils.PHP');
if(isset($_POST['delete_btn'])) {
if(empty($_POST['csrftoken']) || empty($_POST['id'])) {
header("Location: ./admin.PHP");
die();
}
$id = $_POST['id'];
if(!empty($_POST['csrftoken'])) {
if(hash_equals($_SESSION['csrftoken'],$_POST['csrftoken'])) {
$sql = "UPDATE oscar_articles SET is_deleted = 1 WHERE article_id = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param('i',$id);
$result = $stmt->execute();
if(!$result) {
die("Fail to delete the post");
}
header("Location: ./admin.PHP");
}
}
}
?>
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。