注销后如何正确设置CSRF跨站点请求伪造?

编程问答 2022-06-14

问题描述

我做了一个博客,并试图在上面添加一些安全表单。认标识是管理员。在顶部,有一个csrftoken在顶部生成并存储在会话中。 (reference)我也将其放入删除表单。因此,单击“删除”时,应将其删除(在PHPmyadmin中将“ is_deleted设置为1”)。但是,当我注销并进入此页面时,我仍然可以删除项目。有人可以提供任何建议吗?如何延长上一个会话的过期时间,以便在下一个请求到来时,它知道新的csrftoken与上一个不同?

<?PHP
  session_start();
  require_once('./conn.PHP');
  require_once('./utils.PHP');

  // Generate csrf token
  if (empty($_SESSION['csrftoken'])) {
    $_SESSION['csrftoken'] = bin2hex(random_bytes(32));
  }
  $token = $_SESSION['csrftoken'];
  
?>

<!DOCTYPE html>
<html lang="en">
<head>
  <Meta charset="UTF-8">
  <Meta name="viewport" content="width=device-width,initial-scale=1.0">
  <link rel="stylesheet" href="./style.css" />
  <title>Easy Blog</title>
</head>
<body>
  <div class="wrapper">
    <section class="manage_section">
      <div class="manage_table">
        <table>
          <caption class="table_title">Post Management</caption>
          <thead>
            <tr class="table_header">
              <th>ID</th>
              <th>Ttile</th>
              <th>Category</th>
              <th>Edit</th>
              <th>Delete</th>
            </tr>
          </thead>
          <tbody>
            <?PHP while($row = $result->fetch_assoc()) {?>
            <tr class="table_content">
              <td><?PHP echo escape($row['article_id'])?></td>
              <td><?PHP echo escape($row['title'])?></td>
              <td><?PHP echo escape($row['category_title'])?></td>
              <td><a href="./update_post.PHP?id=<?PHP echo escape($row['article_id'])?>">Edit</a></td>
              <td><form action="./handle_delete_post.PHP" method="POST">
                <input type="hidden" name="csrftoken" value="<?PHP echo escape($token)?>" />
                <input type="hidden" name="id" value="<?PHP echo escape($row['article_id'])?>" />
                <input type="submit" value="Delete" name="delete_btn">
              </form></td>
            </tr>
            <?PHP }?>
          </tbody>
        </table>
      </div>
    </section>
  </div>
</body>
</html>

PHP删除页面

<?PHP
  session_start();
  require_once('./conn.PHP');
  require_once('./utils.PHP');

  if(isset($_POST['delete_btn'])) {
    if(empty($_POST['csrftoken']) || empty($_POST['id'])) {
      header("Location: ./admin.PHP");
      die();
    }
    $id = $_POST['id'];
    if(!empty($_POST['csrftoken'])) {
      if(hash_equals($_SESSION['csrftoken'],$_POST['csrftoken'])) {
        $sql = "UPDATE oscar_articles SET is_deleted = 1 WHERE article_id = ?";
        $stmt = $conn->prepare($sql);
        $stmt->bind_param('i',$id);
        $result = $stmt->execute();
        if(!$result) {
          die("Fail to delete the post");
        }
        header("Location: ./admin.PHP");
      }
    }
  }
?>

解决方法

暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!

如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。

小编邮箱:dio#foxmail.com (将#修改为@)

csrflogoutsecurity