README

CSRF protection class file for PHP.

Bye Bye, Version 1.0!
We released version 2 with better implementation. :)

Please Note: We no longer maintain this project. Please Consider using PHP Frameworks for better built-in security.

Functions

Installation

Require the package.

	composer require banujan6/csrf-handler

Use namespace & class.

	<?php
		//If you are using any frameworks, It will load autoload.php automatically. So you don't need.
		require_once __DIR__ . '/../../vendor/autoload.php';
		use csrfhandler\csrf as csrf;
	?>

Download the csrf.php file in directory src. Then include it in your PHP file.

<?php 
  require_once("path/csrf.php");
  use csrfhandler\csrf as csrf;
?>

Usages

This CSRF-Handler will look for a form-data / url-parameter called _token. To verify the request, POST request need to have a _token in form-data. And GET request need to have a _token in url-parameter.

Generating Token

<form>
  <input type="hidden" name="_token" value="<?php echo csrf::token(); ?>">
</form>

Validating Request

GET Request Only

  $isValid = csrf::get(); // return TRUE or FALSE
  
  if ( $isValid ) {
  
    //Do something if valid
  
  } else {
  
    //Do something if not vaid
  
  }

POST Request Only

  $isValid = csrf::post(); // return TRUE or FALSE
  
  if ( $isValid ) {
  
    //Do something if valid
  
  } else {
  
    //Do something if not vaid
  
  }

GET & POST Request

  $isValid = csrf::all(); // return TRUE or FALSE
  
  if ( $isValid ) {
  
    //Do something if valid
  
  } else {
  
    //Do something if not vaid
  
  }

Clear All Active Tokens

  csrf::flushToken(); // will destroy all active tokens

Examples

You can find basic examples in example/ directory.

License

Licensed under MIT