How can generating and storing random values be used to verify form submission origins in PHP applications?

To verify form submission origins in PHP applications, you can generate a random value when rendering the form and store it in a session variable. When the form is submitted, compare the stored random value with the one submitted in the form data. If they match, it indicates that the form was submitted from the same session where it was rendered, helping to prevent CSRF attacks.

&lt;?php

session_start();

// Generate a random token
$token = bin2hex(random_bytes(16));

// Store the token in a session variable
$_SESSION[&#039;csrf_token&#039;] = $token;

// Render the form with the token as a hidden input field
echo &#039;&lt;form method=&quot;post&quot;&gt;&#039;;
echo &#039;&lt;input type=&quot;hidden&quot; name=&quot;csrf_token&quot; value=&quot;&#039; . $token . &#039;&quot;&gt;&#039;;
echo &#039;&lt;input type=&quot;text&quot; name=&quot;username&quot;&gt;&#039;;
echo &#039;&lt;input type=&quot;password&quot; name=&quot;password&quot;&gt;&#039;;
echo &#039;&lt;input type=&quot;submit&quot; value=&quot;Submit&quot;&gt;&#039;;
echo &#039;&lt;/form&gt;&#039;;

// Verify the token when the form is submitted
if ($_SERVER[&#039;REQUEST_METHOD&#039;] === &#039;POST&#039;) {
    if ($_POST[&#039;csrf_token&#039;] === $_SESSION[&#039;csrf_token&#039;]) {
        // Token is valid, process the form data
        // Add your form processing logic here
    } else {
        // Token is invalid, handle the error
        echo &#039;CSRF token validation failed&#039;;
    }
}

?&gt;

Keywords

random values form submission origins PHP applications verification

How can generating and storing random values be used to verify form submission origins in PHP applications?

Keywords

Related Questions