ahmed ahmed - 4 years ago 196
PHP Question

Fatal error: Uncaught RuntimeException: CSRF attack in C:\xampp\htdocs\travian\login.php:27 Stack trace: #0 {main}

if ( $_SERVER[ 'REQUEST_METHOD' ] == 'POST' ) {
if ( !isset( $_SESSION[ 'csrf' ] ) || $_SESSION[ 'csrf' ] !== $_POST[ 'csrf' ])
throw new RuntimeException( 'CSRF attack' );
}
$key = sha1( microtime() );
$_SESSION[ 'csrf' ] = $key;


This message appears when trying to log in how can I fix it ??

I tried removing the whole code but I became unable to log in at all (the page reloads but nothing happens)

Answer Source

Generate a unique key and in every form of the token is inserted. If you send the form again with the old token will be an error.

More details here : http://www.acunetix.com/websitesecurity/csrf-attacks/

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download