10 lines
508 B
PHP
10 lines
508 B
PHP
|
<!---->
|
||
|
<!--Start the session and generate a random token.-->
|
||
|
<!--session_start();-->
|
||
|
<!--$_SESSION["token"] = bin2hex(random_bytes(32));-->
|
||
|
<!--Embed the CSRF token into the HTML form.-->
|
||
|
<!--<input type="hidden" name="token" value="--><?//=$_SESSION["token"]?><!--"/>-->
|
||
|
<!--When the form is submitted, cross-check the submitted token against the session.-->
|
||
|
<!--if (!isset($_POST["token"]) || !isset($_SESSION["token"])) { exit(); }-->
|
||
|
<!--if ($_POST["token"] == $_SESSION["token"]) { DO PROCESSING } -->
|