steveclifton / phpcsrftokens
Simple PHP CSRF token generator and verifier
v1.4
2019-03-03 04:45 UTC
Requires
- php: >=5.3.0
This package is auto-updated.
Last update: 2024-10-29 05:16:50 UTC
README
PHP Csrf Tokens
PHP Csrf Tokens is a simple session & cookie based csrf token generator and verifier.
Installation
Via Composer
$ composer require steveclifton/phpcsrftokens
Usage
For ease of use, all PHP Csrf Tokens methods have been made static to make generation and verification as simple as possible.
Following the OWASP guidelines, the verifyToken()
method does not reset the tokens after each request, enabling double submission of the form.
Requires superglobal $_SESSION
to be set.
<?php require_once __DIR__ /*Path To File*/; use steveclifton\phpcsrftokens\Csrf; session_start(); if (!empty($_GET['a'])) { echo '<pre>' . print_r($_POST, true) . '</pre>'; echo 'Verification has been : ' . (Csrf::verifyToken('home') ? 'successful' : 'unsuccessful'); } ?> <!DOCTYPE html> <html> <head><title>Test Script</title></head> <body> <form action="?a=submit" method="POST"> <?php echo Csrf::getInputToken('home') ?> <input type="text" name="name" placeholder="Test Input"><br> <button>Submit!</button> </form> </body> </html>
Contributing
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.