hadi/csrf

CSRF protection - PHP security classes to avoid vulnerabilities

Maintainers

Details

github.com/im4aLL/csrf

Source

Issues

Installs: 16

Dependents: 0

Suggesters: 0

Security: 0

Stars: 3

Watchers: 4

Forks: 0

Open Issues: 0

Type:package

1.0.0 2018-01-17 07:46 UTC

This package is auto-updated.

Last update: 2024-10-18 21:14:01 UTC


README

CSRF protection - PHP security classes to avoid vulnerabilities

Installation

composer require hadi/csrf

Usage

Add CSRF token to form

<?php
session_start();
require_once __DIR__ . '/PATH_TO_YOUR_AUTOLOAD/vendor/autoload.php';

$csrf = new \Hadi\Csrf();
?>
<form action="" method="post">
    <label for="name">Name</label>
    <input type="text" name="name" id="name">

    <label for="age">Age</label>
    <input type="text" name="age" id="age">
    
    <input type="hidden" name="_token" value="<?= $csrf->token() ?>">
    <button type="submit" name="submit">Submit</button>
</form>

Then check CSRF token in your form submission area -

session_start();
require_once __DIR__ . '/PATH_TO_YOUR_AUTOLOAD/vendor/autoload.php';

$csrf = new \Hadi\Csrf();

if(isset($_POST['submit'])) {
    if($csrf->validRequest()) {
        // Valid request
    }
    else {
        // invalid request
    }
}

$csrf->reset(); // or $csrf->deleteToken();

Have fun!