bkcore / nocsrf Goto Github PK
View Code? Open in Web Editor NEWNoCSRF is a simple anti-CSRF token generation/checking class written in PHP5.
Home Page: http://bkcore.com/blog/code/nocsrf-php-class.html
nocsrf's People
Contributors
Stargazers
Watchers
Forkers
zackkitzmiller jridgewell seyi itthuyloi arlinnd gopalznet kafene zabumba69 alexblex yaojun jblond viniciusferreira teocci ashwilliams ericfavoni cvsolutions lft-arjun chinesedron sailn meichengwhale wr0ngname falexandre jahanzaibbahadur leobonilla jcarhuazv mrexodia tarunsinghal92 jrborbars chinowi sumantri kingze black-hawk-97 massive-dynamic bryant1410 amamatthew leychay velikara duytruong2996 sirgan86 brahmwindeler wxuns shaeberling markmarkinson aidenzich naren44 iruwl anibalmorales montreep g7sim gtbu kazuyamarino huluwz brizemedianocsrf's Issues
CSRF origin check fail
This line seems to be the problem with the csrf check not working not sure why though.
// Check if session token matches form token
if ( $origin[ $key ] != $hash )
if($throwException)
throw new Exception( 'Invalid CSRF token.' );
else
return false;
Add support for enctype='multipart/form-data'
Every form that uploads images or documents has enctype='multipart/form-data' and the data that forms the body of the request gets encoded. As a result the token can't be validated.
not work with ajax post
I check for send form with jquery ajax $.post method. but csrf not work for me and show always invalid CSRF token.
JS:
jQuery(document).ready(function($) {
$('#myform').validate({
rules: {
name: {
required: true,
rangelength: [4, 20],
},
email: {
required: true,
email: true,
},
message: {
required: true
}
},
submitHandler: function(form) {
if (grecaptcha.getResponse() == '') {
$('#reCaptchaError').html('<p>Recaptcha error</p>');
} else {
$('#reCaptchaError').hide();
$("#ajax-form-msg1").html("<img src='<?php echo RELATIVE_PATH. '/templates/'. TEMPLATENAME; ?>'/img/loading.gif'/>");
// var formData = $("#myform").serialize(); //or
var formData = $("#myform").serializeArray();
var URL = $("#myform").attr('action');
cache: false,
$.post(URL,
formData,
function(data, textStatus, jqXHR) {
if (data == "yes") {
$("#ajax-form-msg1").html('<div class="alert alert-success">' + data + '</div>');
$("#form-content").modal('show');
$(".contact-form").slideUp();
} else {
$("#ajax-form-msg1").html('' + data + '');
}
}).fail(function(jqXHR, textStatus, errorThrown) {
$("#ajax-form-msg1").html('<div class="alert alert-danger">AJAX Request Failed<br/> textStatus=' + textStatus + ', errorThrown=' + errorThrown + '</code></pre>');
});
}
}
});
});`
HTML:
`
SEND `remote comment.php
<?php
session_start();
$abspath = preg_replace('/\\\/', '/', dirname(dirname(__FILE__)));
if (!file_exists($abspath . '/config.php'))
{
header('Location:404.html');
}
require $abspath . '/config.php';
require ABSPATH . '/class/nocsrf.php';
try
{
NoCSRF::check('csrf_token', $_POST, true, 60 * 10, true);
}
catch(Exception $e)
{
echo $e->getMessage();
}
u check your class for ajax post form data ?! how do work your class for ajax post data?!
Thanks for gr8 class.
CSRF token check PHP 7.1
Having some problem when using the NoCSRF::check, goes into the catch block every time.
not work in multiple form
Hi, Thanks for great class.
i have two form in my page. when i generate nocsrf i see one token for two form and after submit always i see error and my form not submitted. how to work your class for multiple form in page.
thanks for time
best regards
multiple not workin
hi
I try use multiple, but token is generated each page reload. so how to do that?
I am doing ajax request, so I need generate a token for X minutes valid.
thanks
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.