dimns/simplecsrf
Composer 安装命令:
composer require dimns/simplecsrf
包简介
Simple CSRF-token class to prevent CSRF attacks. For forms and AJAX requests.
README 文档
README
Simple CSRF-token class to prevent CSRF attacks
Requirements
- PHP 5.3 or higher is required.
Composer installation
- Get Composer.
- Require SimpleCSRF with
php composer.phar require dimns/simplecsrforcomposer require dimns/simplecsrf(if the composer is installed globally). - Add the following to your application's main PHP file:
require 'vendor/autoload.php';.
Usage with FORM
php
<?php require 'vendor/autoload.php'; session_start(); // Init class $csrf = new \DimNS\SimpleCSRF(); // Default session name: csrf_token // Init class with other session name $csrf = new \DimNS\SimpleCSRF('my_session_name'); // Getting a token for forms $csrf_token = $csrf->getToken(); // Checking the token if ($csrf->validateToken($_POST['_token'])) { echo 'Token correct'; } else { echo 'Invalid token'; }
html
<form action="index.php" method="post"> <input type="text" name="login"> <input type="password" name="password"> <input type="hidden" name="_token" value="<?=$csrf_token?>"> <input type="submit" value="GO!"> </form>
Usage with AJAX
php
<?php require 'vendor/autoload.php'; session_start(); // Init class $csrf = new \DimNS\SimpleCSRF(); // Default session name: csrf_token // Init class with other session name $csrf = new \DimNS\SimpleCSRF('my_session_name'); // Generate a token for forms $csrf_token = $csrf->getToken(); // Checking the token if ($csrf->validateToken($_SERVER['HTTP_X_CSRFTOKEN'])) { // Token correct } else { // Invalid token }
html
<head> <meta name="_token" content="<?=$csrf_token?>"> </head>
javascript
// jQuery $.ajaxSetup({ beforeSend: function (xhr, settings) { if (!/^(GET|HEAD|OPTIONS|TRACE)$/i.test(settings.type)) { xhr.setRequestHeader("X-CSRFToken", $('meta[name="_token"]').attr('content')); } } });
统计信息
- 总下载量: 436
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 2
- 点击次数: 17
- 依赖项目数: 1
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2016-06-28