jimmiw / csrf
Handle CSRF tokens in vanilla systems
2.0.0
2023-05-31 07:29 UTC
Requires
- php: >= 7.0
Requires (Dev)
- phpunit/phpunit: ^10.1
README
This package will make it easy for you to handle CSRF tokens in forms, for systems that might not use fancy frameworks etc.
The idea itself comes from here: https://brightsec.com/blog/csrf-token/
Getting started
The package is availabe here on Github and on Packagist
Installing
To use the system, simply require it using composer:
composer require jimmiw/csrf
Using the component
Using the component is pretty easy, simply construct the class and call generateToken.
use Westsworld\CSRF\Generator;
// you can add a custom session handler, when creating the token handler in the construct method.
$tokenHandler = new Generator();
// the generated token is stored in the session
$token = $tokenHandler->generateToken();
<form method="post">
<input type="hidden" name="<?php echo $token->getKey(); ?>" value="<?php echo $token->getValue(); ?>" />
<input type="hidden" name="token-key" value="<?php echo $token->getKey(); ?>" />
... other form fields here
</form>
When the form is posted to your page, simply create a new token handler and call validateToken:
$tokenHandler = new Generator();
if (! $tokenHandler->validateToken($_POST['token-key'])) {
exit('token is not valid!');
} else {
// handle the form saving here
}