nas
/
todo_api
Watch 2
Star 1
Fork 0
Code Issues 1 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Improve csrf

Maurits van der Schee 8 years ago
parent
45eedc95a9
commit
20c805f09a
1 changed files with 2 additions and 2 deletions
Split View Show Diff Stats
  1. 2
    2
      api.php

+ 2
- 2
api.php View File 

@@ -2138,7 +2138,7 @@ class PHP_CRUD_API {
2138 2138 
 // 	'secret'=>'someVeryLongPassPhraseChangeMe',
2139 2139 
 // ));
2140 2140 
 // $auth->executeCommand();
2141 
-// if (empty($_SESSION['user']) || $_GET['csrf']!=sha1(session_id())) {
2141 
+// if (empty($_SESSION['user']) || $_GET['csrf']!=$_SESSION['csrf']) {
2142 2142 
 //	header('HTTP/1.0 401 Unauthorized');
2143 2143 
 //	exit(0);
2144 2144 
 // }
 
@@ -2149,7 +2149,7 @@ class PHP_CRUD_API {
2149 2149 
 // 	'authenticator'=>function($user,$pass){ $_SESSION['user']=($user=='admin' && $pass=='admin'); }
2150 2150 
 // ));
2151 2151 
 // $auth->executeCommand();
2152 
-// if (empty($_SESSION['user']) || $_GET['csrf']!=sha1(session_id())) {
2152 
+// if (empty($_SESSION['user']) || $_GET['csrf']!=$_SESSION['csrf']) {
2153 2153 
 //	header('HTTP/1.0 401 Unauthorized');
2154 2154 
 //	exit(0);
2155 2155 
 // }

Write Preview
Loading…
Cancel
Save