コード例 #1
0
ファイル: init.php プロジェクト: icharge/csrf-land
function regenerate_session()
{
    session_unset();
    session_destroy();
    session_start();
    // session_regenerate_id(true);
    $_SESSION['name'] = 'CatLover';
    $_SESSION['money'] = 10000;
    $_SESSION['timeout'] = time();
    regenerate_CSRF();
}
コード例 #2
0
ファイル: payment.php プロジェクト: icharge/csrf-land
<?php

require_once '../init.php';
if (isset($_SESSION['name']) && isset($_POST['total_cost']) && isset($_POST['csrf_token']) && $_POST['csrf_token'] === $_SESSION['csrf_token']) {
    $username = $_SESSION['name'];
    $balance = (int) $_SESSION['money'];
    $total_cost = (int) $_POST['total_cost'];
    $new_balance = $balance -= $total_cost;
    if ($new_balance < 0) {
        $error = "<h1>{$username}, <br/>Please top up your wallet!</h1>";
    } else {
        // regenerate Anti-CSRF Token
        regenerate_CSRF();
        $_SESSION['money'] = $new_balance;
        $message = <<<HTML
<h1>Thank You!</h1>
<h3>Your wallet has been successfully charged for {$total_cost} Baht.</h3>
<p>Username: {$username}</p>
<p>Your money: {$new_balance} Baht</p>
HTML;
    }
} else {
    $error = '<h1>unauthorized access.</h1>';
}
?>
<!doctype html>
<html lang="en">
    <head>
        <meta charset="utf-8">
        <meta name="author" content="Pichaya Morimoto">
        <title> Pwnladin's Cat Shop </title>