What is the best method to stop other websites from sending data to my website in PHP?
I googled it and found I need to use Hash. But there are different Hashes, which one to use? Let's say, I pick sha1
Now, how exactly can I prevent other websites from sending post data to my website with sha1
I am bit confused, can someone show me a little demo code.
This is the code, I thought, but it is not flawless..
Index.php page:
$password = sha1("toby123");
<form method="post" action="insert.php" />
<input type="text" name="username"/>
<input type="password" name="password"/>
<input type="hidden" name="hiddenpass" value=" ".$password." "/>
</form>
Insert Into Database PHP Page:
$hiddenpass = "toby123"
if ( $_POST["hiddenpass"] == "sha1($hiddenpass )" )
{
// INSERT THE DATA
}
But the problem here is, hash
code in the form will be visiable to everyone. What if someone crack it?
I mean, by using a Hit & Trial method???
Is my method 100% safe??
Edit:
This is my new code after looking at one of the answer, but the If condition is always false.
Index.php Page
<?php
// Start the session
session_start();
$token = bin2hex(random_bytes(32));
if (!isset($_SESSION['token'])) {
$_SESSION['token'] = $token;
}
?>
Insert.php Page:
session_start();
echo $_SESSION['token'];
echo '<br/>';
echo $_POST['token'];
if ( ( isset($_SESSION['token']) ) && ( $_POST['token'] == $_SESSION['token'] ) )
{
// Insert Data
}
else
echo "<br/>Something went wrong";
unset($_SESSION['token']);
Output:
055442be59701631db6ed88dc341027ebf2238507bb9a72f1caefd6d3b126a4b
055442be59701631db6ed88dc341027ebf2238507bb9a72f1caefd6d3b126a4b
Something went wrong