modulework / csrfwork
A simple way of protecting forms regarding to CSRF
Installs: 25
Dependents: 0
Suggesters: 0
Security: 0
Stars: 2
Watchers: 2
Forks: 0
Open Issues: 0
Type:modulework-module
Requires
- php: >=5.3.0
This package is not auto-updated.
Last update: 2024-12-16 15:00:07 UTC
README
A simple way of protecting forms regarding to CSRF
Installation:
- Place the csrf.php file into your application folder
- Include it
include_once 'csrf.php'; - and initate it:
CSRF::init();
HowTo
There are 2 methods available for you to interact with your cache.
token()check($token)
TOKEN
token()
This method will return the token for the current and next request.
Example usage:
<input type="hidden" value="<?php echo CSRF::token(); ?>" name="csrf_token" />
This will add a hidden input field to you form with the name csrf_token and the value is the token itself. How we can use we' ll see in the check() part.
CHECK
check($token)
This method will check if a string matches the token generated in the previous request.
$token: string: the string to check
Example usage:
if (CSRF::check($_POST['csrf_token'])) {
// Everything' s fine
} else {
// The post request was not submited by the form on your site.
die('DIE STUPID ATTACKER'); //Take 'em down...
}
You can always have a look at the PHP doc for a brief explanation.