Knowledgebase: Esvon Classifieds Q&A
Is there a built-in CSRF tokens mechanism to use with the forms?
Posted by Esvon Support on 13 July 2021 10:33 PM

CSRF means cross-site request forgery. It is a security risk where an attacker can trick a visitor into making a malicious request to your site from another, entirely unrelated site in their control.

Yes, for CSRF tokens in HTML template you can use hidden form field

<input type=hidden name=token value="##TOKEN##">

and hwIsTokenOK() function in corresponding PHP file, e.g.

if($_POST['go'] && hwIsTokenOK()){

  // valid form submission


Help Desk Software by Kayako Fusion