|
|
|
|
Like this code?
Show the author your appreciation.
|
|
| |
HTML forms on a PHP-enabled website can at times be tricky to secure.
Many people use a CAPTCHA type method to secure forms, however there may be times when having an Auth-Image is not acceptable.
i.e.: an article rating form.
The below will effectivly block form submission that are faked and not from your website.
Read after function for example usage.
(this will not protect against bots or anything that accesses your form directly from your website.)
this is not meant to be a stand-alone form security measure.
this is intended to be used alongside other form validations
| //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/**
/** WRITTEN BY:
/** JOE F. (OWNER/DEVELOPER OF BASHMYEX.COM)
/** Free to use for any purpose as long as the
/** proper credits are given to the original author.
*
*
* auth_token - create auth token session value on forms
* if session value does not match form value we know form
* was incorrectly accessed and we can deny the attempt
*
* @param string $pre - generates random secure_check string for hidden field on form
* once value created on form
* turn value into a session to be later compared
* @param string $after - compares session value to form value for above string
* if form string does not match session string then we can
* safely assume the submit page was accessed from an external
* website attempt at copying form and we then deny access
*
* we also check if there is no value set. which would happen
* if submit page was directly accessed or submit was made without
* proper access to begin with.
* empty access is controlled by below function
* empty_check($bash_form=TRUE)
*
* @global $token - used in form hidden field: <input name='securecheck' type='hidden' value='$token' />
* @global $messages - grabs message from our lang.php file
*
*/
function bme_auth_token($pre, $after){
global $bme_token;
$deny_message = "ERROR!";
if($pre == '1')
{
$bme_token = sha1(uniqid(rand(), true));
$_SESSION['bme_token'] = $bme_token;
$_SESSION['bme_token_timestamp'] = time();
return $bme_token;
}
if($after)
{
$correct_value = $_SESSION['bme_token'];
$user_value = $_POST['bme_securecheck'];
if ($correct_value == $user_value)
{
unset($correct_value);
unset($user_value);
} else {
echo $deny_message;
exit;
}
}
} | |
Usage example would be:
form.php --
| $bme_form_secure = bme_auth_token($pre=1, $after=0)
echo"
<form name='bme_article_form' method='post' action=''>
//NOTICE THE PROPER NAME FOR THE SECURE CHECK SECTION!
//FIELD NAME MUST BE: securecheck
<input name='securecheck' type='hidden' value='{$bme_form_secure}' />
<textarea cols='30' rows='5'
<input name='submit' type='submit' id='submit' value='submit' /> name='something' id='something'></textarea> | |
form submission page:
//check for proper form value:
//will auto-check if the form value for
//SECURECHECK matches the session generated value
//when form was first accessed
bme_auth_token($pre=0, $after=1)
//if correct, then rest of code below this works.
//if not correct then the error message will be displayed and script stops |
|
| A simple PHP login script that you can modify to suite your needs. It use a session to store data in a session file submited by the page.
Categories : PHP, Sessions, Security, Authentication | | | Authenticator for Exchange Server LDAP
Categories : PHP, Authentication, LDAP, Security, Sessions | | | MD5 secured login
Categories : PHP, Java Script, Authentication, Security | | | XDT Topsite (Gold v1.0)
Categories : Databases, CSS, PHP, HTML and PHP, Sessions | | | A damaged image generator (class) for validating text.
CAPTCHA - Completely Automated Public Turing test to tell Computers and Humans Apart
Categories : PHP, PHP Classes, Security, GD image library, Security | | | AITSH Statistics
Categories : Complete Programs, Databases, HTML and PHP, Sessions, PHP | | | Session Validation Methods (Security Checks)
Categories : PHP, Sessions, Security | | | Using Postgres and PHP3 Authentication from a Web application
Categories : PostgreSQL, HTML and PHP, Authentication, PHP | | | Password using php, Javascript, and html form
Categories : Security, PHP, Authentication, Java Script | | | CAPTCHA[Image verification]
Categories : PHP, Security, GD image library, Graphics, Sessions | | | CSS style switcher
Categories : PHP, CSS, HTML and PHP, Arrays, Sessions | | | phpSecurePages is a PHP module to secures pages with a loginname and
password. It handles multiple user groups (each has own viewing rights),
store data in a MySQL database or a configuration file, and can be used to
identify Web site viewers.
Categories : PHP, Security, Authentication | | | session out Timer
Categories : PHP, Sessions, Security, Beginner Guides | | | PHP3: Formmail. Just a cgi formmail, but than in PHP. It is easy to use!
Categories : HTML and PHP, Email, PHP, Perl, HTML and PHP | | | A login page that require username, password and userlevel.
Categories : PHP, Security, Sessions, MySQL, Databases | |
|
|
|
