-
Notifications
You must be signed in to change notification settings - Fork 0
/
home.php
83 lines (71 loc) · 2.65 KB
/
home.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
<?php
session_start();
if(!isset($_SESSION['login_user']) || !isset($_COOKIE['session_id'])){
header("location: index.php");
}
?>
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width,initial-scale=1">
<title>home</title>
<link rel="shortcut icon" href="img/logo.png" />
<link rel="stylesheet" type="text/css" href="bootstrap/css/bootstrap.min.css">
</head>
<body>
<div class="jumbotron">
<h1 class="display-4">Hello, <?php echo $_SESSION['login_user']; ?></h1>
<p class="lead">This is a simple application for Double Submit Cookies Patterns in CSRF Protection.</p>
<a href="logout.php" class="btn btn-outline-primary">logout</a>
<hr class="my-4">
</div>
<div class="container col-md-6">
<h1>Contact Form</h1>
<p class="lead">Please fill in the information and submit the form.</p>
<form method="POST" action="result.php">
<div class="form-group">
<label for="firstName">First Name</label>
<input id="firstName" type="text" class="form-control" name="firstName" placeholder="Your first name..." required autofocus>
</div>
<div class="form-group">
<label for="lastName">Last Name</label>
<input id="lastName" type="text" class="form-control" name="lastName" placeholder="Your last name..." required>
</div>
<div class="form-group">
<label for="subject">Subject</label>
<input id="subject" type="text" class="form-control" name="subject" placeholder="Your subject..." required>
</div>
<div class="form-group">
<label for="message">Message</label>
<textarea class="form-control" id="message" name="message" rows="5" placeholder="Your message..." required></textarea>
</div>
<div class="form-group no-margin">
<input type="hidden" name="csrf_token" value="" id="csrf_token">
<button type="submit" name="submit" class="btn btn-primary btn-block">
Submit
</button>
</div>
</form>
</div>
<script src="js/jquery.min.js"></script>
<script src="bootstrap/js/bootstrap.min.js"></script>
<script>
$(document).ready(function(){
var name = "csrf_token" + "=";
var cookie_value = "";
var decodedCookie = decodeURIComponent(document.cookie);
var dc = decodedCookie.split(';');
for(var i = 0; i < dc.length; i++) {
var c = dc[i];
while (c.charAt(0) == ' ') {
c = c.substring(1);
}
if (c.indexOf(name) == 0) {
cookie_value = c.substring(name.length, c.length);
document.getElementById("csrf_token").setAttribute('value', cookie_value) ;
}
}
});
</script>
</body>
</html>