webiik/csrf
Composer 安装命令:
composer require webiik/csrf
包简介
The Csrf provides CSRF protection.
关键字:
README 文档
README
Csrf
The Csrf provides CSRF protection.
Installation
composer require webiik/csrf
Example
$csrf = new \Webiik\Csrf\Csrf($token, $session); $token = $csrf->create(); // Now send the $token to the next request, e.g. using $_POST...
In the next request validate token:
$csrf = new \Webiik\Csrf\Csrf($token, $session); if ($csrf->validate($_POST[$csrf->getName()])) { // CSRF token is valid }
Configuration
setName
setName(string $name): void
setName() sets custom CSRF token name, the default name is 'csrf-token'. It is also the session key of CSRF token.
$csrf->setName('my-csrf-token');
setMax
setMax(int $max): void
setMax() sets the maximum number of simultaneous CSRF tokens that can be stored in the session. The default number is 5. It means, for example, that user can open up to 5 CSRF protected forms at once. If this limit is exceeded, the method create() does not generate new CSRF token, but it returns the lastly generated token.
$csrf->setMax(5);
Save resources and never set too big number.
Generating
create
create(bool $safe = false): string
create() returns 16 characters long CSRF token and stores it in the session. If you want to generate safe tokens, set the $safe parameter to true.
$csrfToken = $csrf->create();
Safe tokens are slower to generate and require more resources.
Validation
validate
validate(string $token, bool $safe): bool
$validate() validates $token to the all CSRF tokens stored in session. If $token is valid, it returns true and deletes valid token from session. If you want to use the timing-attack safe validation, set the $safe parameter to true.
$csrf->validate($token);
Timing-attack safe validation is slower and requires more resources.
Resources
统计信息
- 总下载量: 67
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 10
- 依赖项目数: 1
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2019-03-04