laswitchtech/php-csrf
最新稳定版本:v1.1.5
Composer 安装命令:
composer require laswitchtech/php-csrf
包简介
CSRF Protection Library for PHP Applications
README 文档
README
phpCSRF - [DEPRECATED] - Use coreCSRF instead
Description
This class is a PHP implementation of a CSRF token generation and validation system. CSRF (Cross-Site Request Forgery) is an attack in which an attacker tricks a user into performing an unwanted action on a website, by sending a forged request on behalf of the user.
Features
- Generates a CSRF token using a cryptographically secure random number generator.
- Uses the default field name 'csrf' for retrieving and validating the token, but allows a custom field name to be set through the constructor.
- Supports setting the length of the token through the generate method, with a default length of 32 bytes.
- Logs error messages to a file using the phpLogger class, with IP address information included in the log entries.
- Configures cookie security settings to help prevent cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks.
Why you might need it?
This class provides a simple implementation of a CSRF token generator and validator in PHP. It is designed to be easy to use, while still providing adequate security measures to prevent CSRF attacks.
CSRF attacks occur when a malicious user tricks an authenticated user into performing an unintended action on a web application. To prevent these attacks, a CSRF token is generated and added to the form that is being submitted. When the form is submitted, the token is validated to ensure that it matches the expected value. If the token is invalid, the request is rejected.
Can I use this?
Sure!
License
This software is distributed under the GNU General Public License v3.0 license. Please read LICENSE for information on the software availability and distribution.
Requirements
- PHP >= 7.0.0
Security
Please disclose any vulnerabilities found responsibly – report security issues to the maintainers privately.
Installation
Using Composer:
composer require laswitchtech/php-csrf
How do I use it?
Example
Initiate CSRF
//Import CSRF class into the global namespace //These must be at the top of your script, not inside a function use LaswitchTech\phpCSRF\phpCSRF; //Load Composer's autoloader require 'vendor/autoload.php'; //Initiate CSRF $phpCSRF = new phpCSRF();
Validate Token
//Import CSRF class into the global namespace //These must be at the top of your script, not inside a function use LaswitchTech\phpCSRF\phpCSRF; //Load Composer's autoloader require 'vendor/autoload.php'; //Initiate CSRF $phpCSRF = new phpCSRF(); //Validation $phpCSRF->validate(); // Returns Boolean
Retrieve CSRF Token
//Import CSRF class into the global namespace //These must be at the top of your script, not inside a function use LaswitchTech\phpCSRF\phpCSRF; //Load Composer's autoloader require 'vendor/autoload.php'; //Initiate CSRF $phpCSRF = new phpCSRF(); //Token $phpCSRF->token(); // Returns Token
统计信息
- 总下载量: 134
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 1
- 依赖项目数: 1
- 推荐数: 0
其他信息
- 授权协议: GPL-3.0-only
- 更新时间: 2022-12-22