Instructions
Add-on Details
The CSRF Protection add-on will help prevent Cross-Site Request Forgery attacks when the user logs in, each login will require a token that will be checked with PHP sessions.
How To Add
Edit the "index.php" and "register.php" files and find the following PHP closing tag:
?>
Add above:
$_SESSION['token'] = hash('sha256', uniqid(rand(), true));
Find:
<div class="msg"></div>
Add above:
<input type="hidden" name="token" value="<?=$_SESSION['token']?>">
Edit the "authenticate.php" and "register-process.php" files and find both lines:
include 'main.php';
Add below:
if (!isset($_POST['token']) || $_POST['token'] != $_SESSION['token']) {
exit('Error: Incorrect token provided!');
}
If you encounter the error "Incorrect token provided!" then you have not added the token correctly. Make sure to add the token to the form and the session in the "index.php" and "register.php" files. Also, make sure you don't have caching enabled in your hosting provider's control panel.