csrf_token in PHP for Secure Post Transfer

csrf_token in PHP for Secure Post Transfer

To secure the sensitive parameters (e.g., user_id, dob, birth_time, birth_place, gender, etc.) being passed via URL query strings in the <a> tags, you need to prevent sensitive data from being exposed in the browser's address bar, history, or logs, and protect against potential tampering or unauthorized access. Below, I'll outline the steps to make these links secure by avoiding sensitive data in query strings and implementing a more secure approach.

Security Concerns with Current Approach

1. Sensitive Data Exposure: Parameters like dob, birth_time, and birth_place are personally identifiable information (PII) visible in the URL, which can be logged in browser history, server logs, or intercepted by intermediaries.
2. Tampering Risk: Query parameters can be modified by users, potentially leading to unauthorized access or incorrect data processing.
3. Lack of Confidentiality: URLs are not encrypted in transit (unless using HTTPS, which only protects during transmission, not in logs or history).
4. Replay Attacks: URLs can be copied and reused, potentially allowing unauthorized access to restricted data.

Secure Solution

To secure the links, you can:

1. Use POST Requests Instead of GET: Move sensitive data to form submissions via POST, which sends data in the request body, not the URL.
2. Use Encrypted Tokens: Replace sensitive parameters with an encrypted token or temporary ID that maps to the data on the server.
3. Implement Session-Based Data Storage: Store sensitive data in the session or a temporary database table and pass only a reference ID.
4. Add CSRF Protection: Include a CSRF token to prevent cross-site request forgery when using forms.
5. Validate and Authorize Access: Ensure the target pages (horoscope_charts.php and horoscope_matching.php) validate user permissions and data integrity.

Below, I'll implement the POST request with session-based data storage approach, as it balances security and simplicity while completely avoiding sensitive data in URLs.

Updated PHP and HTML

<?php // Generate unique tokens for horoscope and matching data $horoscope_token = bin2hex(random_bytes(16)); // Unique token for horoscope $matching_token = bin2hex(random_bytes(16)); // Unique token for matching // Store horoscope data in session $_SESSION['horoscope_data'][$horoscope_token] = [ 'user_id' => $user_id, 'profile_id' => $profile_id, 'created_at' => time() // For expiration check ]; // Store matching data in session $_SESSION['matching_data'][$matching_token] = [ 'user_id' => $user_id, 'profile_id' => $profile_id, 'user_gender' => $current_user['gender'] ?: '', 'profile_dob' => $profile['dob'] ?: '', 'created_at' => time() ]; // Generate CSRF token if (!isset($_SESSION['csrf_token'])) { $_SESSION['csrf_token'] = bin2hex(random_bytes(32)); } $csrf_token = $_SESSION['csrf_token']; ?> <div class="side-buttons"> <?php if ($membership_plan === 'Free'): ?> <form action="page1.php" method="POST"> <input type="hidden" name="token" value="<?php echo htmlspecialchars($horoscope_token); ?>"> <input type="hidden" name="csrf_token" value="<?php echo htmlspecialchars($csrf_token); ?>"> <button type="submit" id="horoscopeButton">View Horoscope</button> </form> <form action="page1=2.php" method="POST"> <input type="hidden" name="token" value="<?php echo htmlspecialchars($matching_token); ?>"> <input type="hidden" name="csrf_token" value="<?php echo htmlspecialchars($csrf_token); ?>"> <button type="submit" id="matchingButton">Horoscope Matching</button> </form> <?php else: ?> <?php endif; ?> </div>

page1.php 

<?php

session_start();

require_once 'includes/db.php';

require_once 'includes/functions.php';

if (!isset($_SESSION['user_id'])) {

    header("Location: login.php");

    exit;

}

// Validate CSRF token

if (!isset($_POST['csrf_token']) || $_POST['csrf_token'] !== $_SESSION['csrf_token']) {

    $_SESSION['errors'] = ["Invalid CSRF token."];

    header("Location: error.php");

    exit;

}

// Validate token

if (!isset($_POST['token']) || !isset($_SESSION['horoscope_data'][$_POST['token']])) {

    $_SESSION['errors'] = ["Invalid or expired token."];

    header("Location: error.php");

    exit;

}

// Retrieve data from session

$data = $_SESSION['horoscope_data'][$_POST['token']];

// Check token expiration (e.g., 5 minutes)

if (time() - $data['created_at'] > 300) {

    unset($_SESSION['horoscope_data'][$_POST['token']]);

    $_SESSION['errors'] = ["Token expired."];

    header("Location: error.php");

    exit;

}

// Verify user membership

$stmt = $conn->prepare("SELECT * FROM tablename WHERE id = ?");

$stmt->execute([$_SESSION['user_id']]);

$user = $stmt->fetch(PDO::FETCH_ASSOC);

if (!$user || !in_array($user['membership_plan'], ['Gold', 'Platinum', 'Diamond'])) {

    $_SESSION['errors'] = ["Please upgrade ."];

    header("Location: plans.php");

    exit;

}

// Extract data

$user_id = $data['user_id'];

$profile_id = $data['profile_id'];

// Clean up session data

unset($_SESSION['horoscope_data'][$_POST['token']]);

// Your horoscope generation logic here

?>

<!DOCTYPE html>

<html lang="en">

<head>

    <meta charset="UTF-8">

    <meta name="viewport" content="width=device-width, initial-scale=1.0">

    <title>Chart</title>

</head>

<body>

    <?php require_once 'includes/header.php'; ?>

    <div class="container mx-auto p-4">

        <h2 class="text-2xl font-bold">Chart</h2>

        <p>Date of Birth: <?php echo htmlspecialchars($dob); ?></p>

        <!-- Add chart rendering logic here -->

    </div>

    <?php require_once 'includes/footer.php'; ?>

</body>

</html>