Block login through CURL PHP

Question

Block login through CURL PHP

Navigation

#1 by (6 votes)

2

I have a login form that sends data via post and would like to block the login via curl. Is this possible?

php curl

asked by anonymous 23.07.2014 / 18:32

1 answer

Joining multiple SQL queries into a single query Make div close when clicking outside it

score 6 · Accepted Answer

It is possible if you use an engineering good for Cross-Site Request Forgery (CSRF) Prevention .

Basically, your form will have a field where you store a token which has a lifetime and is validated in the url that receives the form. CUrl will not know how to fill in the value of this field that is dynamic and generated during the%

Extremely simple example:

<?php

$token = md5(uniqid(rand(), TRUE));
$_SESSION['token'] = $token;


?>
<form action="controller.php" method="post">
<input type="hidden" name="token" value="<?php echo $token; ?>" />
<input type="submit/>
</form>

In controller.php:

<?php 
if ($_POST['token'] == $_SESSION['token']){
    /* Valid Token */
}