How to login CSRF
1 .database
CREATE TABLE `login` (
`id` int(6) NOT NULL,
`username` varchar(40) NOT NULL,
`password` varchar(40) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
INSERT INTO `login` (`id`, `username`, `password`) VALUES
(1, 'soengsouy', 'password');
1 . indexphp
<!--include file register code-->
<?php
require 'register.php';
require 'csrf.php';
?>
<!DOCTYPE html>
<html lang="en">
<head>
<title>Login CSRF</title>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<!--===============================================================================================-->
<link rel="icon" type="image/png" href="images/icons/favicon.ico"/>
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="vendor/bootstrap/css/bootstrap.min.css">
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="fonts/font-awesome-4.7.0/css/font-awesome.min.css">
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="fonts/Linearicons-Free-v1.0.0/icon-font.min.css">
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="vendor/animate/animate.css">
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="vendor/css-hamburgers/hamburgers.min.css">
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="vendor/animsition/css/animsition.min.css">
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="vendor/select2/select2.min.css">
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="vendor/daterangepicker/daterangepicker.css">
<!--===============================================================================================-->
<link rel="stylesheet" type="text/css" href="css/util.css">
<link rel="stylesheet" type="text/css" href="css/main.css">
<!--===============================================================================================-->
</head>
<body>
<div class="limiter">
<div class="container-login100" style="background-image: url('images/bg-01.jpg');">
<div class="wrap-login100 p-t-30 p-b-50">
<span class="login100-form-title p-b-41">
Account Login CSRF
</span>
<form method="post" action="index.php">
<?= $error ; ?>
<!--file CSRF-->
<input type="hidden" name="token" value="<?=csrf_token() ;?>">
<div class="login100-form validate-form p-b-33 p-t-5">
<div class="wrap-input100 validate-input" data-validate = "Enter username">
<input class="input100" type="text" name="username" placeholder="User name">
<span class="focus-input100" data-placeholder=""></span>
</div>
<div class="wrap-input100 validate-input" data-validate="Enter password">
<input class="input100" type="password" name="password" placeholder="Password">
<span class="focus-input100" data-placeholder=""></span>
</div>
<div class="container-login100-form-btn m-t-32">
<input type="submit"name="submit" value="Login CSRF" class="login100-form-btn">
</div>
</div>
</form>
</div>
</div>
</div>
<div id="dropDownSelect1"></div>
<!--=================================================================-->
<script src="vendor/jquery/jquery-3.2.1.min.js"></script>
<!--=================================================================-->
<script src="vendor/animsition/js/animsition.min.js"></script>
<!--=================================================================-->
<script src="vendor/bootstrap/js/popper.js"></script>
<script src="vendor/bootstrap/js/bootstrap.min.js"></script>
<!--=================================================================-->
<script src="vendor/select2/select2.min.js"></script>
<!--=================================================================-->
<script src="vendor/daterangepicker/moment.min.js"></script>
<script src="vendor/daterangepicker/daterangepicker.js"></script>
<!--=================================================================-->
<script src="vendor/countdowntime/countdowntime.js"></script>
<!--=================================================================-->
<script src="js/main.js"></script>
</body>
</html>
2. connection.php
<?php
// Create connection to the database
$conn = mysqli_connect("localhost","root","","login_csrf");
//check for database connection error
if($conn->connect_errno >0)
{
die("Unable to connection to dababase
[".$conn->connect_error."]");
}
3.register.php
<?php
require 'connection.php';
// sesstion start
session_start();
$error = '';
$secess = '';
if(isset($_POST["submit"]))
{
//variables declaration
$username = $_POST["username"];
$password = $_POST["password"];
if(trim($username)!=""and trim($password)!= "")
{
//Sanitizes whatever is entered
$username=stripcslashes($username);
$password=stripcslashes($password);
$username=strip_tags($_POST["username"]);
$password=strip_tags($_POST["password"]);
$username= mysqli_real_escape_string($conn,$username);
$password= mysqli_real_escape_string($conn,$password);
//SQL Query
$query = mysqli_query($conn,"SELECT * FROM login WHERE
username='$username' AND password ='$password'");
//applay mysqli
$numrows= mysqli_num_rows($query);
if($numrows >0)
{
//session username
$_SESSION["username"]= $username;
$error = "<div class='alert alert-success text-center' role='alert'>Login is Successfull.</div>";
}
else
{
$error = "<div class='alert alert-danger text-center' role='alert'>Username/Password is incorrect.</div>";
}
}
}
?>
4.csrf.php
<?php
function csrf_token()
{
$token = bin2hex( random_bytes(32));
$_SESSION['token'] = $token;
return $token;
}
// validate token empty
if (isset($_POST['token']) && empty($_POST['token']))
{
$error .= "<div class='alert alert-danger text-center' role='alert'>CSRF token missing</div>";
}
elseif ($_POST['token'] != $_SESSION['token'])
{
$error .= "<div class='alert alert-danger text-center' role='alert'>Incorrect csrf token</div>";
}
else
{
// validate username empty
if(isset($_POST['username']) && empty($_POST['username']))
{
$error .= "<div class='alert alert-danger text-center' role='alert'>Name is invalid, please try again.</div>";
}
else
{
// validate
if(!preg_match("/^[a-zA-Z ]*$/", $_POST['username']))
{
$error .= "<div class='alert alert-success text-center' role='alert'>'Name is valid.</div>";
}
}
// validate password empty
if(isset($_POST['password']) && empty($_POST['password']))
{
$error .= "<div class='alert alert-danger text-center' role='alert'>Password is invalid, please try again.</div>";
}
else
{
// validate
if(!preg_match("/^[a-zA-Z ]*$/", $_POST['password']))
{
$error .= "<div class='alert alert-success text-center' role='alert'>'Password is valid.</div>";
}
}
}
0 Comments
CAN FEEDBACK
Emoji