Skip to content

A simple CSRF Token protection library for PHP. I t will help you to generate the random unique token and validate it to prevent CSRF attack.

License

Notifications You must be signed in to change notification settings

novafacile/CSRF-handler

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

CSRF-Handler

CSRF protection class file for PHP.

Original: https://github.com/banujan6/CSRF-handler

Functions

Function Description
get() Validate CSRF only for GET requests
post() Validate CSRF only for POST requests
all() Validate CSRF for GET & POST requests
token() Generate CSRF Token
flushToken() Remove all tokens

Installation

Use namespace & class.

	<?php
		//If you are using any frameworks, It will load autoload.php automatically. So you don't need.
		require_once __DIR__ . '/../../vendor/autoload.php';
		use novafacile\csrf as csrf;
	?>


Including File

Download the csrf.php file in directory src. Then include it in your PHP file.



<?php 
  require_once("path/csrf.php");
  use novafacile\csrf as csrf;
?>

Usages

This CSRF-Handler will look for a form-data / url-parameter called _token. To verify the request, POST request need to have a _token in form-data. And GET request need to have a _token in url-parameter.

Generating Token

<form>
  <input type="hidden" name="_token" value="<?php echo csrf::token(); ?>">
</form>

Validating Request

GET Request Only

  $isValid = csrf::get(); // return TRUE or FALSE
  
  if ( $isValid ) {
  
    //Do something if valid
  
  } else {
  
    //Do something if not vaid
  
  }

POST Request Only

  $isValid = csrf::post(); // return TRUE or FALSE
  
  if ( $isValid ) {
  
    //Do something if valid
  
  } else {
  
    //Do something if not vaid
  
  }

GET & POST Request

  $isValid = csrf::all(); // return TRUE or FALSE
  
  if ( $isValid ) {
  
    //Do something if valid
  
  } else {
  
    //Do something if not vaid
  
  }

Clear All Active Tokens

  csrf::flushToken(); // will destroy all active tokens

Examples

You can find basic examples in example/ directory.

License

Licensed under MIT

About

A simple CSRF Token protection library for PHP. I t will help you to generate the random unique token and validate it to prevent CSRF attack.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • PHP 100.0%