CSRF protection class file for PHP.
Bye Bye, Version 1.0!
We released version 2 with better implementation. :)
Please Note: We no longer maintain this project. Please Consider using PHP Frameworks for better built-in security.
| Function | Description |
|---|---|
| get() | Validate CSRF only for GET requests |
| post() | Validate CSRF only for POST requests |
| all() | Validate CSRF for GET & POST requests |
| token() | Generate CSRF Token |
| flushToken() | Remove all tokens |
Via Composer
Require the package.
composer require banujan6/csrf-handlerUse namespace & class.
<?php
//If you are using any frameworks, It will load autoload.php automatically. So you don't need.
require_once __DIR__ . '/../../vendor/autoload.php';
use csrfhandler\csrf as csrf;
?>Including File
Download the csrf.php file in directory src. Then include it in your PHP file.
<?php
require_once("path/csrf.php");
use csrfhandler\csrf as csrf;
?>This CSRF-Handler will look for a form-data / url-parameter called _token. To verify the request, POST request need to have a _token in form-data. And GET request need to have a _token in url-parameter.
<form>
<input type="hidden" name="_token" value="<?php echo csrf::token(); ?>">
</form>GET Request Only
$isValid = csrf::get(); // return TRUE or FALSE
if ( $isValid ) {
//Do something if valid
} else {
//Do something if not vaid
}POST Request Only
$isValid = csrf::post(); // return TRUE or FALSE
if ( $isValid ) {
//Do something if valid
} else {
//Do something if not vaid
}GET & POST Request
$isValid = csrf::all(); // return TRUE or FALSE
if ( $isValid ) {
//Do something if valid
} else {
//Do something if not vaid
} csrf::flushToken(); // will destroy all active tokensYou can find basic examples in example/ directory.
Licensed under MIT