Live Chat Software by Kayako |
Knowledgebase: Esvon Classifieds Q&A
Is there a built-in CSRF tokens mechanism to use with the forms?
Posted by Esvon Support on 13 July 2021 10:33 PM
|
|
CSRF means cross-site request forgery. It is a security risk where an attacker can trick a visitor into making a malicious request to your site from another, entirely unrelated site in their control. Yes, for CSRF tokens in HTML template you can use hidden form field <input type=hidden name=token value="##TOKEN##"> and hwIsTokenOK() function in corresponding PHP file, e.g. if($_POST['go'] && hwIsTokenOK()){ // valid form submission } | |
|