bkcore / nocsrf Goto Github PK
View Code? Open in Web Editor NEWNoCSRF is a simple anti-CSRF token generation/checking class written in PHP5.
Home Page: http://bkcore.com/blog/code/nocsrf-php-class.html
NoCSRF is a simple anti-CSRF token generation/checking class written in PHP5.
Home Page: http://bkcore.com/blog/code/nocsrf-php-class.html
This line seems to be the problem with the csrf check not working not sure why though.
// Check if session token matches form token
if ( $origin[ $key ] != $hash )
if($throwException)
throw new Exception( 'Invalid CSRF token.' );
else
return false;
Every form that uploads images or documents has enctype='multipart/form-data'
and the data that forms the body of the request gets encoded. As a result the token can't be validated.
I check for send form with jquery ajax $.post
method. but csrf not work for me and show always invalid CSRF token
.
JS:
jQuery(document).ready(function($) {
$('#myform').validate({
rules: {
name: {
required: true,
rangelength: [4, 20],
},
email: {
required: true,
email: true,
},
message: {
required: true
}
},
submitHandler: function(form) {
if (grecaptcha.getResponse() == '') {
$('#reCaptchaError').html('<p>Recaptcha error</p>');
} else {
$('#reCaptchaError').hide();
$("#ajax-form-msg1").html("<img src='<?php echo RELATIVE_PATH. '/templates/'. TEMPLATENAME; ?>'/img/loading.gif'/>");
// var formData = $("#myform").serialize(); //or
var formData = $("#myform").serializeArray();
var URL = $("#myform").attr('action');
cache: false,
$.post(URL,
formData,
function(data, textStatus, jqXHR) {
if (data == "yes") {
$("#ajax-form-msg1").html('<div class="alert alert-success">' + data + '</div>');
$("#form-content").modal('show');
$(".contact-form").slideUp();
} else {
$("#ajax-form-msg1").html('' + data + '');
}
}).fail(function(jqXHR, textStatus, errorThrown) {
$("#ajax-form-msg1").html('<div class="alert alert-danger">AJAX Request Failed<br/> textStatus=' + textStatus + ', errorThrown=' + errorThrown + '</code></pre>');
});
}
}
});
});`
HTML:
`
SEND `remote comment.php
<?php
session_start();
$abspath = preg_replace('/\\\/', '/', dirname(dirname(__FILE__)));
if (!file_exists($abspath . '/config.php'))
{
header('Location:404.html');
}
require $abspath . '/config.php';
require ABSPATH . '/class/nocsrf.php';
try
{
NoCSRF::check('csrf_token', $_POST, true, 60 * 10, true);
}
catch(Exception $e)
{
echo $e->getMessage();
}
u check your class for ajax post form data ?! how do work your class for ajax post data?!
Thanks for gr8 class.
Having some problem when using the NoCSRF::check, goes into the catch block every time.
Hi, Thanks for great class.
i have two form in my page. when i generate nocsrf i see one token for two form and after submit always i see error and my form not submitted. how to work your class for multiple form in page.
thanks for time
best regards
hi
I try use multiple, but token is generated each page reload. so how to do that?
I am doing ajax request, so I need generate a token for X minutes valid.
thanks
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.