Saturn
Saturn 1.0.0
HomeSaturn ServicesSaturn 1.0.0
Saturn 1.0.0
HomeSaturn ServicesSaturn 1.0.0
  • Saturn 1.0.0
  • 😁User Guide
    • Settings
      • Maintenance Mode
      • Website Environment
    • Security
      • Good security practices
      • Security Notice
    • System Requirements and Support
    • Update your Server
  • ⚠️Troubleshooting
    • Errors
      • Database Errors
      • Saturn Errors
      • Checksum Issues
  • 🧩Plugins
    • Plugins in Saturn
    • Official Plugins
      • Control Panel
        • User Guide
        • Developer Guide
          • Control Panel Hooks
    • Marketplace Plugins
  • 💻Developer Documentation
    • Getting Started
    • Libraries and Functions
      • AccountManager
        • Permissions
        • UUID
      • DatabaseManager
        • DBMS
          • Sending Database Requests
          • Query Information
          • Database Security
        • Database Actions
      • HookManager
        • Actions
        • Runners
      • HTTP
      • LanguageManager
      • PluginManager
        • Manage Plugin Content
        • Plugin Compatability
        • Check if a plugin is loaded.
        • Fetch Manifest
      • RouteManager
      • SecurityManager
        • Cross-site Request Forgery
        • Cross-site Scripting
      • SessionManager
        • Start and End Sessions
        • Validate Sessions
        • Session Data
      • TestManager
    • Security
    • Plugins
      • How to structure a plugin
      • Manifest
      • APIs
      • Checking for Dependencies
      • Power Features
        • 💤Hibernate
    • Hooks
    • Tests and Profiling
    • Global Variables
Powered by GitBook
On this page
  • About CSRF Attacks
  • Preventing CSRF Attacks
  1. Developer Documentation
  2. Libraries and Functions
  3. SecurityManager

Cross-site Request Forgery

PreviousSecurityManagerNextCross-site Scripting

Last updated 1 year ago

About CSRF Attacks

Cross-site Request Forgery (CSRF) is a type of malicious exploit of a web application where unauthorized commands are submitted from a user that the the web application trusts.

Wikipedia ()

This type of attack is not limited to Saturn, but it is possible unless steps are taken to prevent it.

Preventing CSRF Attacks

form.php
<?php
    use Saturn\SecurityManager\CSRF
    $CSRF = new CSRF();
?>
<!DOCTYPE html>
<html lang="<?= SATURN_LANGUAGE; ?>">
    <head>
        <title>Login form</title>
    </head>
    <body>
        <form action="login.php' method="POST">
            <?php $CSRF->Set(); ?>
            ...
        </form>
    </body>
</html>
login.php
use Saturn\SecurityManager\CSRF
$CSRF = new CSRF();

if ($CSRF->Check()) {
    // It's safe to proceed.
} else {
    // Possible CSRF attack!
}
💻
https://en.wikipedia.org/wiki/Cross-site_request_forgery