jimmiw/csrf

Handle CSRF tokens in vanilla systems

Maintainers

Details

github.com/jimmiw/csrf

Source

Issues

Installs: 50

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 1

Forks: 0

Open Issues: 0

2.0.0 2023-05-31 07:29 UTC

Requires

  • php: >= 7.0

Requires (Dev)

MIT df964803d6bb6c3d30f800627d0b2ce54ab0d0c8

  • Jimmi Westerberg <jimmi.westerberg.woop@gmail.com>

This package is auto-updated.

Last update: 2024-03-30 00:38:21 UTC

README

This package will make it easy for you to handle CSRF tokens in forms, for systems that might not use fancy frameworks etc.

The idea itself comes from here: https://brightsec.com/blog/csrf-token/

Getting started

The package is availabe here on Github and on Packagist

Installing

To use the system, simply require it using composer:

composer require jimmiw/csrf

Using the component

Using the component is pretty easy, simply construct the class and call generateToken.

use Westsworld\CSRF\Generator;

// you can add a custom session handler, when creating the token handler in the construct method.
$tokenHandler = new Generator();
// the generated token is stored in the session
$token = $tokenHandler->generateToken();

<form method="post">
  <input type="hidden" name="<?php echo $token->getKey(); ?>" value="<?php echo $token->getValue(); ?>" />
  <input type="hidden" name="token-key" value="<?php echo $token->getKey(); ?>" />
  ... other form fields here
</form>

When the form is posted to your page, simply create a new token handler and call validateToken:

$tokenHandler = new Generator();
if (! $tokenHandler->validateToken($_POST['token-key'])) {
    exit('token is not valid!');
} else {
    // handle the form saving here
}