--php opening--
$tempPswd = rand(2593, 4999);
$newPswd = "cimb".$tempPswd;
$memObj = $_mxPub->factory(null,MX_OBJECT_MEMBER);
$memArc = $memObj->getAll(array('username' => $username));
foreach ($memArc as $member) {
$usrMail = $member->email;
$usrName = $member->username;
echo "Your new password had been send to your email ".$member->email;
$member->resetUsernamePassword($member->username,$newPswd);
}
--php closing--
Setiap kali membuat projek yang membuka aksesnya kepada orang awam, pasti akan "terdedah" dengan pelbagai jenis serangan siber. Antaranya; Cross-site scripting dan Cross Site Request Forgery (CSRF) Entri ini lebih kepada penyelesaian CSRF. Hasil carian di internet, beberapa penyelesaian ini (dan penduan untuk pemahaman) mungkin sesuai untuk dirujuk. http://shiflett.org/articles/cross-site-request-forgeries https://gist.github.com/ziadoz/3454607 http://resources.infosecinstitute.com/fixing-csrf-vulnerability-in-php-application/ https://www.sitepoint.com/preventing-cross-site-request-forgeries/ http://stackoverflow.com/questions/6287903/how-to-properly-add-csrf-token-using-php
Comments
Post a Comment