How do I verify that a post request is from my website? - Phpmyadmin

BrodieDye
August 9, 2020
145 views
0 votes
2 Answers

How do I verify that a post request is from my website and not an attacker?

I currently have a php script (in xampp) which accepts a post request containing an email. The php script fetches all user information correlating to that email from a phpmyadmin database, and echos it for my script to use.

My question is, (once I publish the site) how can I authenticate who is sending the email (via post) to the server, so that anyone who knows a user’s email can’t just steal their information?

Answers

- Martin
- August 9, 2020 at 11:32 am
- 0 votes
0
You’ll need some kind of authentication mechanism.

If you don’t wanna implement an authentication (email + password), you could send an email to this address containing a link which authenticates this email and is valid for a limited time. Clicking on this link would lead the user to his user information.

Login or Signup to reply.

- Daniel
- August 9, 2020 at 3:36 pm
- 0 votes
0
Use csrf token something like this
```
if (isset($_POST['submit'])) { if (!hash_equals($_SESSION['csrf'], $_POST['csrf'])) die();
```
And inside form
```
<input name="csrf" type="hidden" value="<?php echo escape($_SESSION['csrf']); ?>">
```
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.

How do I verify that a post request is from my website? – Phpmyadmin

Answers