Forum » » Road map développement » » [Résolu] - Ghost formulaire dans user
Posté : 04-03-2021 10:24
dans mainfile.php tu ajoute c'est deux function :
function make_token($name = 'csrfToken')
{
global $nuke_url;
$max_time = 60 * 60 * 24;
$csrf_token = $_SESSION[$nuke_url.$name];
$stored_time = $_SESSION[$nuke_url.$name .'_time'];
if ((($max_time + $stored_time) <= time()) || empty($csrf_token))
{
$_SESSION[$nuke_url.$name, md5(uniqid(rand(), true))];
$_SESSION[$nuke_url.$name .'_time', time()];
}
return $_SESSION[$nuke_url.$name];
}
function is_token_valid($name = 'csrfToken')
{
global $nuke_url;
return ($_POST[$name] === $_SESSION[$nuke_url.$name]);
}
make_token('csrfToken');
global $nuke_url;
if (!is_token_valid()) {
redirect_!!!!url(!!!!'index.php');
}
Cet article provient de Labo JPB-PHR 2015-2024
https://labo.infocapagde.com/viewtopic.php?topic=1477&forum=21