shadowprince / forman-csrf
CSRF protection plugin for shadowprince/forman
0.1
2013-10-24 18:30 UTC
Requires
- php: >=5.2.0
- shadowprince/forman: >=0.2
This package is not auto-updated.
Last update: 2024-11-19 05:34:06 UTC
README
Forman-Recaptcha - plugin for forman, adding automatic CSRF-protection for all forms. Plugin works at background, no code needed.
Mechanism
- Generates and stores token at every form
process
- Compares token from form data and user cookies, if cookie not exist or not matches - field error will be added and
verify
(soprocess
too) fails - Removes
csrf_token
fromprocess
result, so you'll not even notice
You can turn it off for one form
\Forman\CSRFPlugin::disable(); if ($data = $form->process($_POST)) { // now there is no CSRF } \Forman\CSRFPlugin::enable();
Or global
// somewhere in bootstrap \Forman\CSRFPlugin::disableGlobal(); // so any enable() will not work now