modulework/csrfwork

A simple way of protecting forms regarding to CSRF

Maintainers

Package info

github.com/MODULEWork/CSRFWork

Type:modulework-module

pkg:composer/modulework/csrfwork

Statistics

Installs: 26

Dependents: 0

Suggesters: 0

Stars: 2

Open Issues: 0

Security

Advisories: 0

Aikido package health analysis

v1.0 2013-06-07 14:15 UTC

Requires

  • php: >=5.3.0

Apache 2.0 846a4004e6dae1faf14917637c320355732cb338

  • Christian Gärtner <christiangaertner.film.woop@googlemail.com>

This package is not auto-updated.

Last update: 2026-03-09 20:45:18 UTC

README

A simple way of protecting forms regarding to CSRF

Installation:

  • Place the csrf.php file into your application folder
  • Include it include_once 'csrf.php';
  • and initate it: CSRF::init();

HowTo

There are 2 methods available for you to interact with your cache.

  • token()
  • check($token)

TOKEN

token()

This method will return the token for the current and next request.

Example usage:

<input type="hidden" value="<?php echo CSRF::token(); ?>" name="csrf_token" />

This will add a hidden input field to you form with the name csrf_token and the value is the token itself. How we can use we' ll see in the check() part.

CHECK

check($token)

This method will check if a string matches the token generated in the previous request.

  • $token: string: the string to check

Example usage:

if (CSRF::check($_POST['csrf_token'])) {   
    // Everything' s fine   
} else {   
    // The post request was not submited by the form on your site.   
    die('DIE STUPID ATTACKER'); //Take 'em down...   
}

You can always have a look at the PHP doc for a brief explanation.