How to protect a php page that runs something

Asked

Viewed 152 times

-1

I am developing a very basic system, just for study. During the development, I had a question. In my system I have a page called register Customer.php that when submitting a form, it will execute an sql call to register a new client. However there is nothing there protects, anyone has access to this page and can register customers, just send a post. I saw that it is possible to use httpacess to protect it, but I question myself, is this the only way? Could I use a kind of token that only authorizes users who have submitted this form from my page? or that does not allow him to access the script directly (by entering the link).

  • Edgar this is looking very much like the face of suffering SQL Injection, is it personal or professional ? If it is personal put a bullshit solution. But anti hand seems very insecure.

  • It’s personal, just for study purposes

  • 2

    @Panda think the problem is not (only) this. What it seems to want is to create an authentication system, where only "authorized persons" (by some arbitrary criterion decided by it) could register Customer. Honestly, there are several posts both on Stackoverflow and off about it. You already mention a solution ("You could use a token that only authorizes users who have submitted this form from my page"), so why didn’t you try it? If it’s for study, what will you learn if we simply deliver the ready answer?

  • All right, say I would use a token, but how could I send it safely? the form is sent by an ajax (contained on the same page).

1 answer

1

Edgar,

As the comments there is no simple and correct way to do this and what you will learn, will never be used or even harassed. The best way would be to build a consume API via REST with a token in the header in the request. Using JWT token might be a good way out, getting what you need.

It seems difficult but I’m not sure I’ll give an account I’ll send you a link with a tutorial: https://www.codeofaninja.com/2018/09/rest-api-authentication-example-php-jwt-tutorial.html

But doing it with a framework, like Laravel, Codeiginiter or any other, would be much easier. But don’t give up, I’m sure in the future you’ll see how the most complete answer to your question is to do it correctly and safely.

  • Thank you, I will study more about this REST

Browser other questions tagged

You are not signed in. Login or sign up in order to post.