README

CSRF protection class file for PHP.

Bye Bye, Version 1.0!
We released version 2 with better implementation. :)

Please Note: We no longer maintain this project. Please Consider using PHP Frameworks for better built-in security.

Functions

Function	Description
get()	Validate CSRF only for GET requests
post()	Validate CSRF only for POST requests
all()	Validate CSRF for GET & POST requests
token()	Generate CSRF Token
flushToken()	Remove all tokens

Installation

Via Composer

Require the package.

	composer require banujan6/csrf-handler

Use namespace & class.

	<?php
		//If you are using any frameworks, It will load autoload.php automatically. So you don't need.
		require_once __DIR__ . '/../../vendor/autoload.php';
		use csrfhandler\csrf as csrf;
	?>

Including File

Download the csrf.php file in directory src. Then include it in your PHP file.

<?php 
  require_once("path/csrf.php");
  use csrfhandler\csrf as csrf;
?>

Usages

This CSRF-Handler will look for a form-data / url-parameter called _token. To verify the request, POST request need to have a _token in form-data. And GET request need to have a _token in url-parameter.

Generating Token

<form>
  <input type="hidden" name="_token" value="<?php echo csrf::token(); ?>">
</form>

Validating Request

GET Request Only

  $isValid = csrf::get(); // return TRUE or FALSE
  
  if ( $isValid ) {
  
    //Do something if valid
  
  } else {
  
    //Do something if not vaid
  
  }

POST Request Only

  $isValid = csrf::post(); // return TRUE or FALSE
  
  if ( $isValid ) {
  
    //Do something if valid
  
  } else {
  
    //Do something if not vaid
  
  }

GET & POST Request

  $isValid = csrf::all(); // return TRUE or FALSE
  
  if ( $isValid ) {
  
    //Do something if valid
  
  } else {
  
    //Do something if not vaid
  
  }

Clear All Active Tokens

  csrf::flushToken(); // will destroy all active tokens

Examples

You can find basic examples in example/ directory.

License

Licensed under MIT

banujan6/csrf-handler

包简介

README 文档