doowebdev / doo-csrf
Doo csrf is a simple, easy to use random token generator for PHP Scripts to prevent csrf - cross site request forgery.
Requires
- php: >=5.3.0
This package is not auto-updated.
Last update: 2024-12-17 05:07:22 UTC
README
Doo csrf is a simple random token generator for PHP Scripts to prevent csrf - cross site request forgery.
Installation -
To install the latest version of Doo csrf simply add it to your composer.json file in the require section:
"doowebdev/doo-csrf": "dev-master"
Once the package is installed, you need to initialize the Token class:
require 'vendor/autoload.php'; use DooCSRF\Token;
The static methods used to generate and check the random token:
Token::generate(); //Generates a random token string. Token::check( PLACE-$_POST-NAME-HERE );// Checks if random token is valid.
How to Use -
Assuming you are using php classes in your application (you can also use in php procedural code), use the following as an example:
In your base controller:
use DooCSRF\Token; class BaseController{ protected $data = []; // assign $data to an empty array. public function __construct(){ //assign the token static method to a varibale, in this case it's the token variable create by the data array $this->data['token'] = Token::generate(); } } class SomeclassController extends BaseController { public function someMethod(){ View::display('path/to/a/view', $this->data );//the token variable is past through to the view via the $this->data array. } }
In your view add the $token variable in a hidden input within your form, example:
<form action="/path/to/post/route/or/url" method="post"> <label> someTitle</label> <input type="text" name ="someName"> <input type="hidden" name="token" value="{{ token }}"> <!-- if you using a template engine like Twig, wrap it in the template brackets ( or whatever is given), if not use good old php <?php echo $token; ?> --> <button type="submit"></button> </form>
And in a controller method or file that will recieve the post data:
use DooCSRF\Token; if( Token::check( $_POST['token'] ) ){ //Protected area. Do somthing, database inserts etc.. }