joefallon/phpcsrf

PhpCsrf is a simple library for cross-site request forgery prevention.

Maintainers

Details

github.com/joefallon/phpcsrf

Homepage

Source

Issues

Installs: 17

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 1

Forks: 0

Open Issues: 0

v1.0.6 2015-12-27 22:35 UTC

Requires

Requires (Dev)

MIT 3f2af1a857c1c3576c4d3f11d69f70d2caacf39c

Authentication

This package is auto-updated.

Last update: 2024-04-25 22:16:09 UTC

README

By Joe Fallon

A simple library for cross-site request forgery (CSRF) prevention in PHP. It has the following features:

  • Full suite of unit tests.
  • It can be integrated into any existing project.
  • Can be fully understood in just a few moments.
  • Uses a cryptographically secure randomly generated token.

Installation

The easiest way to install PhpCsrf is with Composer. Create the following composer.json file and run the php composer.phar install command to install it.

{
    "require": {
        "joefallon/phpcsrf": "*"
    }
}

Usage

Create a Form Token

Create the form token.

$session = new Session();
$csrf = new CsrfGuard('form-name', $session);
$csrf->generateToken();

Then, store the form token in the form.

<input type="hidden" name="csrf" value="55517f7944ee117160414b601a15e60e1076f5b4">

Validate a Form Token

$session = new Session();
$csrf = new CsrfGuard('form-name', $session);
$csrf->isValidToken('55517f7944ee117160414b601a15e60e1076f5b4');