PHP createCSRFToken Examples

Programming Language: PHP

Method/Function: createCSRFToken

Examples at hotexamples.com: 3

PHP createCSRFToken - 3 examples found. These are the top rated real world PHP examples of createCSRFToken extracted from open source projects. You can rate examples to help us improve the quality of examples.

Example #1

Show file

File: view_user.php Project: efdalustaoglu/secure-coding

<?php

define('BANK_APP', TRUE);
if ($_SERVER["HTTPS"] != "on") {
    header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
    exit;
}
require_once "../app/user.php";
startSession(true);
//CSRF
if (!isset($_POST['approve']) && !isset($_POST['reject'])) {
    clearCSRFToken();
    createCSRFToken('user');
}
// process form
if ((isset($_POST['approve']) || isset($_POST['reject'])) && isset($_SESSION['usertoken']) && $_POST['usertoken'] == $_SESSION['usertoken']) {
    $id = $_POST['userid'];
    $decision = isset($_POST['approve']) ? true : false;
    $approver = getAuthUser()->userid;
    $balance = $_POST['balance'];
    unset($_SESSION['usertoken']);
    $approval = approveRegistration($id, $approver, $decision, $balance);
    if (!empty($approval->msg)) {
        $showMsg = $approval->msg;
    }
}
// get single user - Sanitize input 4.8.1
$id = isset($_GET['id']) && getAuthUser()->usertype === 'E' ? (int) $_GET['id'] : getAuthUser()->userid;
//4.8.1
if (is_numeric($id)) {
    $user = getSingleUser($id);

Example #2

Show file

File: create_transaction.php Project: efdalustaoglu/secure-coding

<?php

define('BANK_APP', TRUE);
if ($_SERVER["HTTPS"] != "on") {
    header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
    exit;
}
require_once "../app/user.php";
require_once "../app/transaction.php";
startSession(true);
//CSRF
if (!isset($_POST['submit']) && !isset($_POST['upload'])) {
    clearCSRFToken();
    createCSRFToken('newtransaction');
}
// process form
if (isset($_POST['submit']) && isset($_SESSION['newtransactiontoken']) && $_POST['newtransactiontoken'] == $_SESSION['newtransactiontoken']) {
    $recipient = $_POST['recipient'];
    $amount = $_POST['amount'];
    $description = $_POST['description'];
    $tan = $_POST['tan'];
    getDBCredentials(getAuthUser()->usertype);
    $sender = selectAccountByUserId(getAuthUser()->userid)->ACCOUNT_NUMBER;
    $transaction = createTransaction($sender, $recipient, $amount, $description, $tan);
    if ($transaction->value) {
        unset($_SESSION['newtransactiontoken']);
        header("Location: " . "view_transactions.php");
    }
    if (!empty($transaction->msg)) {
        $showMsg = $transaction->msg;
    }

Example #3

Show file

File: view_transaction.php Project: efdalustaoglu/secure-coding

startSession(true);
//SQL: Get credentials for user group
getDBCredentials(getAuthUser()->usertype);
// process form
if (isset($_POST['approve']) || isset($_POST['deny']) && isset($_SESSION['transactiontoken']) && $_POST['transactiontoken'] == $_SESSION['transactiontoken']) {
    $id = $_POST['transactionid'];
    $decision = isset($_POST['approve']) ? "A" : "D";
    $approver = getAuthUser()->userid;
    unset($_SESSION['transactiontoken']);
    $approval = approveTransaction($id, $approver, $decision);
    if (!empty($approval->msg)) {
        $showMsg = $approval->msg;
    }
}
clearCSRFToken();
createCSRFToken('transaction');
// get single transaction
if (isset($_GET['id'])) {
    $id = (int) $_GET['id'];
    //4.8.1
    if (is_numeric($id)) {
        $transaction = getSingleTransaction($id);
    }
}
// include header
$pageTitle = "View Transaction";
include "header.php";
?>

<?php 
if (isset($transaction) && $transaction) {