Search by 
joefallon / phpcsrf
PhpCsrf is a simple library for cross-site request forgery prevention.
v1.0.6
2015-12-27 22:35 UTC
Requires
- php: >=5.3.0
- joefallon/phpsession: ^4.0
Requires (Dev)
- joefallon/kisstest: ^2.0
- joefallon/phpautoloader: ^2.0
This package is auto-updated.
Last update: 2024-12-25 23:36:25 UTC
README
By Joe Fallon
A simple library for cross-site request forgery (CSRF) prevention in PHP. It has the following features:
- Full suite of unit tests.
- It can be integrated into any existing project.
- Can be fully understood in just a few moments.
- Uses a cryptographically secure randomly generated token.
Installation
The easiest way to install PhpCsrf is with
Composer. Create the following composer.json file
and run the php composer.phar install command to install it.
{
"require": {
"joefallon/phpcsrf": "*"
}
}
Usage
Create a Form Token
Create the form token.
$session = new Session(); $csrf = new CsrfGuard('form-name', $session); $csrf->generateToken();
Then, store the form token in the form.
<input type="hidden" name="csrf" value="55517f7944ee117160414b601a15e60e1076f5b4">
Validate a Form Token
$session = new Session(); $csrf = new CsrfGuard('form-name', $session); $csrf->isValidToken('55517f7944ee117160414b601a15e60e1076f5b4');