CRSF...
Posted: Sun Dec 13, 2009 4:58 am
Hi, I'm a bit of a noob, but I need some help...
I have this in my script, to add a "token" to my forms...
I have this in my form...
And now this to check the session...
THe problem I'm having is, the $_POST['formID'] and $_session['token'] are never the same, I'm sure its just me being a noob, but i could really use some help here.
Regards
I have this in my script, to add a "token" to my forms...
Code: Select all
$token = md5(uniqid(rand(), TRUE));
$_SESSION['token'] = $token;Code: Select all
<input type = "hidden" name = "formID" value = "'.$token.'">Code: Select all
if($_POST['formID'] != $_SESSION['token'])
{
unset($_SESSION['token']);
exit('You are attempting to exploit the site, your IP address has been logged.'');
}Regards