CSRF protection class file for PHP.
Original: https://github.com/banujan6/CSRF-handler
| Function | Description |
|---|---|
| get() | Validate CSRF only for GET requests |
| post() | Validate CSRF only for POST requests |
| all() | Validate CSRF for GET & POST requests |
| token() | Generate CSRF Token |
| flushToken() | Remove all tokens |
Use namespace & class.
<?php
//If you are using any frameworks, It will load autoload.php automatically. So you don't need.
require_once __DIR__ . '/../../vendor/autoload.php';
use novafacile\csrf as csrf;
?>Including File
Download the csrf.php file in directory src. Then include it in your PHP file.
<?php
require_once("path/csrf.php");
use novafacile\csrf as csrf;
?>This CSRF-Handler will look for a form-data / url-parameter called _token. To verify the request, POST request need to have a _token in form-data. And GET request need to have a _token in url-parameter.
<form>
<input type="hidden" name="_token" value="<?php echo csrf::token(); ?>">
</form>GET Request Only
$isValid = csrf::get(); // return TRUE or FALSE
if ( $isValid ) {
//Do something if valid
} else {
//Do something if not vaid
}POST Request Only
$isValid = csrf::post(); // return TRUE or FALSE
if ( $isValid ) {
//Do something if valid
} else {
//Do something if not vaid
}GET & POST Request
$isValid = csrf::all(); // return TRUE or FALSE
if ( $isValid ) {
//Do something if valid
} else {
//Do something if not vaid
} csrf::flushToken(); // will destroy all active tokensYou can find basic examples in example/ directory.
Licensed under MIT