PHP Classes

PHP CSRF Token Library: Generate and validate tokens to avoid CSRF attacks

Recommend this page to a friend!
     
  Info   Example   View files Files   Install with Composer Install with Composer   Download Download   Reputation   Support forum   Blog    
Ratings Unique User Downloads Download Rankings
Not yet rated by the usersTotal: 65 All time: 10,389 This week: 206Up
Version License PHP version Categories
csrf-class 1.0GNU Lesser Genera...5HTML, PHP 5, Security
Description 

Author

This class can generate and validate tokens to avoid CSRF attacks.

It can generate a random token string and store it in a session variable that can be used as a hidden form field to ensure that the user who viewed the form is the same as the one who submitted it.

The class can also validate the token value by checking the session variable to confirm if the token is the same one generated before for the current session user.

Picture of mohammad anzawi
  Performance   Level  
Name: mohammad anzawi <contact>
Classes: 8 packages by
Country: Jordan Jordan
Age: 9
All time rank: 14322 in Jordan Jordan
Week rank: 197 Up2 in Jordan Jordan Equal
Innovation award
Innovation award
Nominee: 2x

Example

<?php

include_once("Csrf.php");

$token = Csrf::init();


if (isset(
$_GET["ok"]) && isset($_POST)) {
/**


    if($token->checkToken($_POST['token']))
    {
        // process :)
    }
    else
    {
        // error :(
    }

    ////// OR ////////

    // without send token-value -> the class has been detected automatically
    if($token->checkToken())
    {
        // process :)
    }
    else
    {
        // error :(
    }

    ///// OR /////
    */

   
$token->validOrDie(); // any error ??? then kill the page

    // process last action
}


?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Document</title>
</head>
<body>
    <form action="?ok" method="POST">
   
        <input type="text">
        <br>
        <input type="submit" value="SUBMIT">
        <?php echo $token->csrfField() ?>

    </form>
    <br>
    <hr>
    <form action="?ok" method="POST">
   
        <input type="text">
        <br>
        <input type="submit" value="SUBMIT">
        <?php echo $token->csrfField() ?>

    </form>
    <br>
    <hr>
    <form action="?ok" method="POST">
   
        <input type="text">
        <br>
        <input type="submit" value="SUBMIT">
        <?php echo $token->csrfField() ?>

    </form>
    <br>
    <hr>
    <form action="?ok" method="POST">
   
        <input type="text">
        <input type="submit" value="SUBMIT">
        <?php echo $token->csrfField() ?>

    </form>
</body>
</html>


Details

phptricks :)

CSRF-class :

its easy to use , its simple already

How to Use :

1 - include CSRF-class to your project :

<?php 

include_once("project-dir/libs/Csrf.php");

2 - initialize CSRF-class :


$token = CSRF::init();

3 - check if token its match :


// first method
if($token->checkToken())
{
    // process last action
}
else
{
    // Oops, something error (SCRF Attack)
}

// you can send token value to this method
if($token->checkToken($_POST['token']))
{
    // process last action
}
else
{
    // Oops, something error (SCRF Attack)
}


// other method :

$token->validOrDie(); // any error ??? then kill the page

// process last action

helpers ?

we have only one public helper , its :

csrfField()

this method to create token input field.


<form action="?ok" method="POST">

    <input type="text">
    <br>
    <input type="submit" value="SUBMIT">
    <?php echo $token->csrfField() ?>

</form>

in other hand you can create this field manually and pass token value


<form action="?ok" method="POST">

    <input type="text">
    <br>
    <input type="submit" value="SUBMIT">
    
    <input type="hidden" name="_token" value="<?php echo $token->getToken() ?>">
</form>

I Hope that Help You :)))

License : MIT


  Files folder image Files (3)  
File Role Description
Accessible without login Plain text file Csrf.php Class Class source
Accessible without login Plain text file README.md Doc. Read me
Accessible without login Plain text file test.php Example Example script

The PHP Classes site has supported package installation using the Composer tool since 2013, as you may verify by reading this instructions page.
Install with Composer Install with Composer
 Version Control Unique User Downloads Download Rankings  
 100%
Total:65
This week:0
All time:10,389
This week:206Up