2017 © Pedro Peláez
 

library csrf-token

Easier way to generate CSRF tokens

image

crodas/csrf-token

Easier way to generate CSRF tokens

  • Friday, December 25, 2015
  • by crodas
  • Repository
  • 1 Watchers
  • 0 Stars
  • 9 Installations
  • PHP
  • 0 Dependents
  • 0 Suggesters
  • 0 Forks
  • 0 Open issues
  • 3 Versions
  • 0 % Grown

The README.md

CSRF (Cross-Site Request Forgery) stateless tokens.

Stateless CSRF-token generation and verification., (*1)

Instalation

composer require crodas/csrf-token:"^1.0"

Properties

  1. Hashes are unique per IP
  2. They require a site secret, so hashes are impossible to forge.
  3. Hashes expires after a certain amount of time (Default: 1 hour)

How to use it

Initialize the library:, (*2)

require __DIR__ . '/vendor/autoload.php';

CSRF::setSecret($strong_secret_key);

Add it to your forms, (*3)

<input type="hidden" name="_csrf" value="<?php echo CSRF::generate() ?>" />

And then verify the hashes are legit and still valid:, (*4)

if (empty($_POST['_csrf']) || !CSRF::verify($_POST['_csrf'])) {
  throw new Exception("CSRF Token is invalid");
}

The Versions

25/12 2015

dev-develop

dev-develop

Easier way to generate CSRF tokens

  Sources   Download

BSD-4-Clause

by Cesar Rodas

25/12 2015

dev-master

9999999-dev

Easier way to generate CSRF tokens

  Sources   Download

BSD-4-Clause

by Cesar Rodas

25/12 2015

v1.0.0

1.0.0.0

Easier way to generate CSRF tokens

  Sources   Download

BSD-4-Clause

by Cesar Rodas