joefallon/phpcsrf

PhpCsrf is a simple library for cross-site request forgery prevention.

v1.0.6 2015-12-27 22:35 UTC

This package is not auto-updated.

Last update: 2021-11-27 01:47:27 UTC


README

By Joe Fallon

A simple library for cross-site request forgery (CSRF) prevention in PHP. It has the following features:

  • Full suite of unit tests.
  • It can be integrated into any existing project.
  • Can be fully understood in just a few moments.
  • Uses a cryptographically secure randomly generated token.

Installation

The easiest way to install PhpCsrf is with Composer. Create the following composer.json file and run the php composer.phar install command to install it.

{
    "require": {
        "joefallon/phpcsrf": "*"
    }
}

Usage

Create a Form Token

Create the form token.

$session = new Session();
$csrf = new CsrfGuard('form-name', $session);
$csrf->generateToken();

Then, store the form token in the form.

<input type="hidden" name="csrf" value="55517f7944ee117160414b601a15e60e1076f5b4">

Validate a Form Token

$session = new Session();
$csrf = new CsrfGuard('form-name', $session);
$csrf->isValidToken('55517f7944ee117160414b601a15e60e1076f5b4');