ThinkChat2.0新版上线,更智能更精彩,支持会话、画图、阅读、搜索等,送10W Token,即刻开启你的AI之旅 广告
防CSRF跨站请求伪造攻击: ``` <?php //start a session session_start(); //create a key for hash_hmac function if (empty($_SESSION['key'])) $_SESSION['key'] = bin2hex(random_bytes(32)); //create CSRF token $csrf = hash_hmac('sha256', 'this is some string: index.php', $_SESSION['key']); //validate token if (isset($_POST['submit'])) { if (hash_equals($csrf, $_POST['csrf'])) { echo "Your name is: " . $_POST['username']; } else echo 'CSRF Token Failed!'; } ?> <html> <head> <title>CSRF Tutorial by CPI</title> </head> <body> <form method="POST" action="csrf.php"> <input type="text" name="username" placeholder="What is your name?" > <input type="hidden" name="csrf" value="<?php echo $csrf ?>"> <input type="submit" name="submit" value="SUBMIT"> </form> </body> </html> ```