Instructions

Add-on Details

The CSRF Protection add-on will help prevent Cross-Site Request Forgery attacks when the user logs in, each login will require a token that will be checked with PHP sessions.

How To Add

Edit the "index.php" and "register.php" files and find both lines:

?>

Add above:

$_SESSION['token'] = md5(uniqid(rand(), true));

Find:

<div class="msg"></div>

Add above:

<input type="hidden" name="token" value="<?=$_SESSION['token']?>">

Edit the "authenticate.php" and "register-process.php" files and find both lines:

include 'main.php';

Add below:

if (!isset($_POST['token']) || $_POST['token'] != $_SESSION['token']) {
	exit('Incorrect token provided!');
}