csrf 预防

Author: YComputer

application/controllers/Admin.php

@@ -10,8 +10,12 @@ public function __construct(){
         $this->objOfJwt = new ImplementJwt();
     }
 
-	public function index()
-	{
+	public function index(){
+        // CREATE A RANDOM SESSION TOKEN
+        session_start();
+        $length = 32;
+		$_SESSION['nonces'] = substr(base_convert(sha1(uniqid(mt_rand())), 16, 36), 0, $length);
+		
 		if(isset($_COOKIE['auth'])){
 			$decodeToken = $this->objOfJwt->DecodeToken($_COOKIE['auth']);
 			$user = $decodeToken;

application/controllers/Category.php

@@ -3,22 +3,20 @@
 
 class Category extends CI_Controller {
 
-	public function index()
-	{
+	public function index(){
     }
 
     public function AddCategory() {
-			session_start();
-			$post = $this->input->post(NULL, TRUE);
-			$data = array(
-				'name' => $post['cat_name'],
-			);
-			$nonces = $_SESSION['nonces'];
+		session_start();
+		$post = $this->input->post(NULL, TRUE);
+		$data = array(
+			'name' => $post['cat_name'],
+		);
+		if ($_SESSION['nonces']==$post['nonces']) {
 			$this->load->model('Category_model');
-			$category_list = $this->Category_model->add_category($data, $nonces);
+			$category_list = $this->Category_model->add_category($data);
 			echo json_encode($category_list);
-			// var_dump($post);
-			// echo $post->;
+		}
     }
 
     public function DeleteCategory() {

application/controllers/Login.php

@@ -11,6 +11,11 @@ public function __construct(){
     }
 
 	public function index(){
+        // CREATE A RANDOM SESSION TOKEN
+        session_start();
+        $length = 32;
+        $_SESSION['nonces'] = substr(base_convert(sha1(uniqid(mt_rand())), 16, 36), 0, $length);
+
         $this->load->helper('url');
         $this->load->helper('cookie');
         $this->load->library('layout');
@@ -50,13 +55,14 @@ public function Login() {
                 );
                 // set cookie + set session
                 $this->input->set_cookie($cookie);
-                $_SESSION['nonces'] = md5(rand(1,10000)); 
-                // $decodeToken = $this->objOfJwt->DecodeToken($jwtToken);
-                // echo $decodeToken;
-                // var_dump($_COOKIE);
-    
-                $response = array('status'=>'2','msg'=>'success','data'=>$user['data']);
-                echo json_encode($response);
+                if ($_SESSION['nonces']==$post['nonces']) {
+                    // VALID TOKEN PROVIDED - PROCEED WITH PROCESS
+                    $response = array('status'=>'2','msg'=>'success','data'=>$user['data']);
+                    echo json_encode($response);
+                  } else {
+                    $response = array('status'=>'0','msg'=>'failed','data'=>'nonces error');
+                    echo json_encode($response);
+                  }
             }else {
                 $response = array('status'=>'0','msg'=>'failed','data'=>'pwd or email error');
                 echo json_encode($response);

application/controllers/ProductAPI.php

@@ -54,12 +54,12 @@ public function AddProduct() {
 			'catid' => $post['catid'],
 			'description' => $post['description']
 		);
-		$nonces = $_SESSION['nonces'];
-		$this->load->model('Product_model');
-		$product_list = $this->Product_model->add_product($data,$nonces);
-		echo json_encode($product_list);
-		// var_dump($post);
-		// echo $post->;
+		if ($_SESSION['nonces']==$post['nonces']) {
+			$this->load->model('Product_model');
+			$product_list = $this->Product_model->add_product($data);
+			echo json_encode($product_list);
+		}
+
 	}
 
 	public function DeleteProduct() {

application/models/Category_model.php

@@ -7,20 +7,16 @@ public function __construct()
   }
 
 
-  public function add_category($data, $nonces){
+  public function add_category($data){
     $response = array('status'=>'0','msg'=>'failed','data'=>'');
     try{
         // 防止 sql 注入。
         // $dataEscape = $this->db->escape($data);
-        if(isset($nonces) && $nonces == $_SESSION['nonces']){
-            $query = $this->db->insert( 'categories' , $data );
-            // $response['data'] = $query;
-            $response['status'] = '2';
-            $response['msg'] = 'success';
-            return $response;
-        }else {
-            echo 'error';
-        }
+        $query = $this->db->insert( 'categories' , $data );
+        // $response['data'] = $query;
+        $response['status'] = '2';
+        $response['msg'] = 'success';
+        return $response;
     }catch(PDOEXCEPTION $e){
         echo $e->getMessage();
     }

application/models/Product_model.php

@@ -18,22 +18,17 @@ public function get_product_detail($productid){
     }
   }
 
-  public function add_product($data, $nonces){
+  public function add_product($data){
     // session_start();
     $response = array('status'=>'0','msg'=>'failed','id'=>'');
     try{
         // 防止 sql 注入。 需要每个字段单独拿出来判断。
         // $dataEscape = $this->db->escape($data);
-        // Apply and validate secret nonces for every form
-        if(isset($nonces) && $nonces == $_SESSION['nonces']){
-          $query = $this->db->insert( 'products' , $data );
-          $response['id'] = $this->db->insert_id();
-          $response['status'] = '2';
-          $response['msg'] = 'success';
-          return $response;
-        }else {
-          echo 'error';
-        }
+        $query = $this->db->insert( 'products' , $data );
+        $response['id'] = $this->db->insert_id();
+        $response['status'] = '2';
+        $response['msg'] = 'success';
+        return $response;
     }catch(PDOEXCEPTION $e){
         echo $e->getMessage();
     }

application/views/admin.php

@@ -45,6 +45,7 @@
 						<input type="file" name="file" class="form-control-file" accept="image/jpeg, image/jpg, image/png" id="prod_img"  required="true">
 						<!-- <button type="button" class="upload-file">upload-pid:3</button> -->
 					</div>
+					<input id="nonces" type="hidden" name="nonces" value="<?=$_SESSION['nonces']?>">
 					<button type="button" class="btn btn-primary btn-product" name="reg_prod" value="Submit">Submit</button>
 				</form>
 			</div>
@@ -57,6 +58,7 @@
 						<label>Category Name</label>
 						<input id="cat_name" type="text" class="form-control" name="cat_name" pattern="^[\w\- ]+$" required>
 					</div>
+					<input id="nonces" type="hidden" name="nonces" value="<?=$_SESSION['nonces']?>">
 					<button type="button" class="btn btn-primary btn-category" name="reg_prod" value="Submit">Submit</button>
 				</form>
 			</div>

application/views/login.php

@@ -12,6 +12,7 @@
                 <label>Pwd</label>
                 <input id="pwd" type="password" class="form-control" name="pwd">
             </div>
+            <input id="nonces" type="hidden" name="nonces" value="<?=$_SESSION['nonces']?>">
             <button type="button" class="btn btn-primary btn-login" >Login</button>
             <button type="button" class="btn btn-primary btn-signUp" >SignUp</button>
         </form>