crodas/csrf-token

Easier way to generate CSRF tokens

Maintainers

Details

github.com/crodas/CSRFToken

Source

Issues

Installs: 18

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 3

Forks: 0

Open Issues: 0

v1.0.0 2015-12-25 21:42 UTC

BSD-4-Clause 47d934b7bc53a74651f5c3ac3b732d345e131439

  • César Rodas <crodas.woop@php.net>

This package is auto-updated.

Last update: 2024-10-12 19:28:12 UTC

README

Stateless CSRF-token generation and verification.

Instalation

composer require crodas/csrf-token:"^1.0"

Properties

  1. Hashes are unique per IP
  2. They require a site secret, so hashes are impossible to forge.
  3. Hashes expires after a certain amount of time (Default: 1 hour)

How to use it

Initialize the library:

require __DIR__ . '/vendor/autoload.php';

CSRF::setSecret($strong_secret_key);

Add it to your forms

<input type="hidden" name="_csrf" value="<?php echo CSRF::generate() ?>" />

And then verify the hashes are legit and still valid:

if (empty($_POST['_csrf']) || !CSRF::verify($_POST['_csrf'])) {
  throw new Exception("CSRF Token is invalid");
}