Emi is building a login form, which I might be trying to create as a hatchet, Using the Strike Rule, which suspends the login for 3 minutes, when it is wrong to stop the claims of penalties and it has been used till sha256, as far as I know that the fake Do not use random salt and pepper techniques.
The password is randomly divided
I have created a form that sends the hidden form field with a random session token which changes every time If the token does not match the current session on the user browser, then it rejects the form.
The problem is that for some reason this form does not match if it is sent, even if it should be.
I do not know why ...
This is my code:
Creating session:
$ formsession = $ Session-> Set session ('RANDOM_FORM_SESSION,'. $ Normal- & gt; RAND omString ()); I have done the session class: Public function set session ($ key = '') {if (is_array ($ key)) {foreach ($ Of $ as of $) {catalog ($ session name, $ result) = explosion (',', $ k); $ _SESSION [$ sessionname] = $ Result; }} And {list ($ session name, $ result) = explosion (',', $ key); $ _SESSION [$ sessionname] = $ Result; }}
I created the form class:
public function createHiddenPosts ($ value, $ name, $ id = '') {if (! ($ Id)) {$ id = 'id = "'. $ Id '' ';';} return '& lt; input type =" hidden "value ="' $ Value '' '. $ Id.'name = "'. $ Name." "Gt;'; }
From frontend:
resonance $ login-> Create unread post ($ _ session ['RANDOM_FORM_SESSION'], 'pointless'); The code at the end, which checks that the session is equal to token: if (! $ Errors) {if (isset ($ _ POST [' Nonsense ']) & amp; $ _POST [' nonsense '] == $ _SESSION [' RANDOM_FORM_SESSION ']) {$ form = true; } Else {$ errors [] = 'Our site only accepts forms submitted from our website and only users accept cookies!'; }}
For my life, I can not see why it is not matching. No light will be much appreciated :)
Comments
Post a Comment