]> andersk Git - sql-web.git/blobdiff - main.php
andersk / sql-web.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix CSRF vulnerabilities
[sql-web.git] / main.php
diff --git a/main.php b/main.php
index 4551be7984b1b47622834156c17d0d9e1798b410..b4935afc990c2eea56302ad1bae70b25dfc48356 100644 (file)
--- a/main.php
+++ b/main.php
@@ -9,16 +9,27 @@ require_once('proc.lib.php');
 
 if (!isLoggedIn()) redirect('index');
 
+if(!isset($_SESSION['csrf_token']))
+{
+       $n = rand(10e16, 10e20);
+       $_SESSION['csrf_token'] = base_convert($n, 10, 36);
+}
+
 $err1 = $msg1 = array();
 
 $User = new User($Login->getUserID());
 
 if (isPost()) {
-       if (isset($i_newdb)) {
-               list($msg1, $err1) = proc::newdb($User, $i_newdb);
-       }
-       if (isset($i_drop)) {
-               list($msg1, $err1) = proc::drop($User, $i_drop);
+       if($_SESSION['csrf_token'] != $_POST['csrf_token'])
+       {
+               $err1[] = "CSRF token incorrect or not found. Try submitting again.";
+       } else {
+               if (isset($i_newdb)) {
+                       list($msg1, $err1) = proc::newdb($User, $i_newdb);
+               }
+               if (isset($i_drop)) {
+                       list($msg1, $err1) = proc::drop($User, $i_drop);
+               }
        }
 }
 
Unnamed repository; edit this file 'description' to name the repository.
This page took 0.026632 seconds and 4 git commands to generate.