steveclifton/phpcsrftokens

Simple PHP CSRF token generator and verifier

Maintainers

Details

github.com/steveclifton/PhpCsrfTokens

Source

Issues

Installs: 1 948

Dependents: 0

Suggesters: 0

Security: 0

Stars: 9

Watchers: 3

Forks: 5

v1.4 2019-03-03 04:45 UTC

Requires

  • php: >=5.3.0

MIT fa1ac56829549e4076241a1038f14f0a71b011e8

  • Steve <steve.clifton.woop@outlook.com>

This package is auto-updated.

Last update: 2024-04-29 03:57:15 UTC

README

Latest Stable Version Total Downloads License Monthly Downloads Daily Downloads

PHP Csrf Tokens

PHP Csrf Tokens is a simple session & cookie based csrf token generator and verifier.

Installation

Via Composer

$ composer require steveclifton/phpcsrftokens

Usage

For ease of use, all PHP Csrf Tokens methods have been made static to make generation and verification as simple as possible.

Following the OWASP guidelines, the verifyToken() method does not reset the tokens after each request, enabling double submission of the form.

Requires superglobal $_SESSION to be set.

<?php

require_once __DIR__ /*Path To File*/;

use steveclifton\phpcsrftokens\Csrf;

session_start();

if (!empty($_GET['a'])) {
	echo '<pre>' . print_r($_POST, true) . '</pre>';
	echo 'Verification has been : ' . (Csrf::verifyToken('home') ? 'successful' : 'unsuccessful');
}

?>

<!DOCTYPE html>
<html>
<head><title>Test Script</title></head>
<body>
	<form action="?a=submit" method="POST">
		<?php echo Csrf::getInputToken('home') ?>
		<input type="text" name="name" placeholder="Test Input"><br>
		<button>Submit!</button>
	</form>
</body>
</html>

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

License

MIT license.