Session Token

[lanmind]

Hello everybody,

 

My page: http://www.dockhawk.com/

 

I'm trying to implement some "session security" PHP script

mentioned in the "Cross-site request forgery" section of this

tutorials (pdf): http://daniel0.net/phpfreaks_tutorials/php_security/php_security.pdf

 

I was trying to figure out if it was functioning by putting a value in

the hidden input that won't be equal to the session token. The hidden

input is in my default.html page inside the <div id="search_form">.

 

So as the value is wrong the PHP should return "Invalid Token" but

it's not. In earlier testing I had taken away the not "!" in the PHP

and left the hidden input's value as "<?php echo $_SESSION['token'] ?

 

>" and the PHP did return "Invalid Token" as it should have.

 

It seems the "!" isn't working, I'm not sure. Thank you for your time,

here is the PHP:

 

<?php

 

if ($_GET['token'] !== $_SESSION['token']) {

die('Invalid token');

 

}

 

$keyword=$_GET["name"];

 

require("dockhawk_dbinfo.php");

 

function parseToXML($htmlStr)

{

$xmlStr=str_replace('<','<',$htmlStr);

$xmlStr=str_replace('>','>',$xmlStr);

$xmlStr=str_replace('"','"',$xmlStr);

$xmlStr=str_replace("'",'&#39;',$xmlStr);

$xmlStr=str_replace("&",'&',$xmlStr);

return $xmlStr;

 

}

 

// Opens a connection to a MySQL server

$connection=mysql_connect ($hostname, $username, $password);

if (!$connection) {

  die('Not connected : ' . mysql_error());

 

}

 

// Set the active MySQL database

$db_selected = mysql_select_db($database, $connection);

if (!$db_selected) {

  die ('Can\'t use db : ' . mysql_error());

 

}

 

// Select all the rows in the markers table

$query = "SELECT * FROM markers WHERE MATCH(operator, name, waterway)

AGAINST ('$keyword') LIMIT 0, 25";

$result = mysql_query($query);

if (!$result) {

  die('Invalid query: ' . mysql_error());

 

}

 

header("Content-type: text/xml");

 

// Start XML file, echo parent node

echo '<markers>';

 

// Iterate through the rows, printing XML nodes for each

while ($row = @mysql_fetch_assoc($result)){

  // ADD TO XML DOCUMENT NODE

  echo '<marker ';

  echo 'operator="' . parseToXML($row['operator']) . '" ';

  echo 'name="' . parseToXML($row['name']) . '" ';

  echo 'waterway="' . parseToXML($row['waterway']) . '" ';

  echo 'mile="' . parseToXML($row['mile']) . '" ';

  echo 'address="' . parseToXML($row['address']) . '" ';

  echo 'town="' . parseToXML($row['town']) . '" ';

  echo 'state="' . parseToXML($row['state']) . '" ';

  echo 'lat="' . $row['lat'] . '" ';

  echo 'lng="' . $row['lng'] . '" ';

  echo 'county="' . parseToXML($row['county']) . '" ';

  echo '/>';

 

}

 

// End XML file

echo '</markers>';

 

?>

[Flames]

im not gonna even try helping or reading your code unless you put it in code tags.

 

When you want to put code use code tags otherwise im sure other people will just put the post aside altogether.

[DarkWater]

You left session_start() off of the file, so the session wasn't started.  EVERY page using sessions must have session_start().

[lanmind]

Thanks for the fast replies! I'm sorry for not inserting code tags. Dark Water I removed the session_start(); from the PHP file because I assumed it shouldn't have been there. I thought it should have only been on the HTML page.

 

I put it back into the PHP but I'm still having the same issue. The script is continuing even though the value of "token" should not be equal to the session_token. Here is the relevant PHP:

 

<?php

session_start();
if ($_GET['token'] !== $_SESSION['token']) {
die('Invalid token');
}

$keyword=$_GET["name"];

require("dockhawk_...

[lanmind]

*bump*

[Bendude14]

change this

 

if ($_GET['token'] !== $_SESSION['token']) {

 

to this

 

if ($_GET['token'] != $_SESSION['token']) {

 

see i removed one of the =