yanjchan Posted December 25, 2009 Share Posted December 25, 2009 First of all, thanks for the generous help you guys have given me in the past on this forum. Second, I apologize in advance if my code is hard to read, most of it was done in a rush. Here goes: login.php <?php // create anti-csrf cookie value $hash = sha1(time().rand().strlen(rand())); $hash = substr($hash, 0, ; if (isset($_COOKIE['xsrf[0]'])) { $i = 0; while (isset($_COOKIE['xsrf['.$i.']'])) { $i++; } setcookie('xsrf['.$i.']', $hash, 0, '/citizen/', '.ch4n.net'); } else { setcookie('xsrf[0]', $hash, 0, '/citizen/', '.ch4n.net'); } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>Citizen - Login</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <link rel="stylesheet" href="default.css"> </head> <body> <div class="header"><?php include("menu.html"); ?></div> <div class="body"> <?php if (!empty($_GET['errors'])): ?> <ul> <li><?php print implode("</li>\n\t<li>", explode(';', $_GET['errors'])); ?></li> </ul> <?php endif; ?> <form name="login" action="login_process.php" method="POST"> <input type="hidden" name="xsrfi" value="<?php echo $i; ?>" /> <input type="hidden" name="xsrf" value="<?php echo $hash; ?>" /> <table cellpadding="1" cellspacing="1" id="login"> <tbody> <tr class="username"> <th>Username</th> <td><input type="text" id="username" name="username" maxlength="20" /><br /></td> </tr> <tr class="password"> <th>Password</th> <td><input type="password" id="password" name="password" maxlength="20" /></td> </tr> </tbody> </table> <input type="submit" name="submit" value="Login!" /> </form> </div> </body> </html> login_process.php <?php if ($_COOKIE['xsrf['.$_POST['xsrfi'].']'] !== $_POST['xsrf'] || !isset($_COOKIE['xsrf['.$_POST['xsrfi'].']'])): $errors = "It appears you have been a victim of a browser attack! Please run a virus scan before continuing online activities.;".$_COOKIE['xsrf['.$_POST['xsrfi'].']'].";".$_POST['xsrfi'].";".$_POST['xsrf']; setcookie('xsrf['.$_POST['xsrfi'].']', sha1($hash), time()-1, '/citizen/', '.ch4n.net'); header("Location: login.php?errors=$errors"); endif; setcookie('xsrf', sha1($hash), time()-1, '/citizen/', '.ch4n.net'); require('authent.php'); $user = mysql_escape_string(htmlentities($_POST['username'])); $pass = mysql_escape_string(htmlentities($_POST['password'])); $passwordhash = hashPassword($pass); if(table_exists("user_".$user, 's2zsl9rx_citizen')): // Make a MySQL Connection require('c2db.php'); mysql_select_db("s2zsl9rx_citizen") or die(mysql_error()); $result = mysql_query("SELECT * FROM user_$user WHERE type='001'") or die(mysql_error()); $row = mysql_fetch_assoc($result); if ($row['val'] == $passwordhash): $value = $user.','.$row['val'].','.hashPassword(getip()); setcookie('citizeninfo', $value, time()+3600, '/citizen/', 'ch4n.net'); mysql_close(); header("Location: game.php"); else: $errors = 'Username and/or password are incorrect'.$row['val']; mysql_close(); header("Location: login.php?errors=$errors"); endif; else: $errors = 'Username and/or password are incorrect'; header("Location: login.php?errors=$errors"); endif; ?> Any help at all would be very much appreciated. Quote Link to comment Share on other sites More sharing options...
ignace Posted December 25, 2009 Share Posted December 25, 2009 Read this article by Chris Shiflett: http://shiflett.org/articles/cross-site-request-forgeries Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.