doowebdev/doo-csrf

Doo csrf is a simple, easy to use random token generator for PHP Scripts to prevent csrf - cross site request forgery.

Doo-CSRF -

Doo csrf is a simple random token generator for PHP Scripts to prevent csrf - cross site request forgery., _(*1)

Installation -

To install the latest version of Doo csrf simply add it to your composer.json file in the require section:, _(*2)

"doowebdev/doo-csrf": "dev-master"

Once the package is installed, you need to initialize the Token class:, _(*3)

require 'vendor/autoload.php';

use DooCSRF\Token;

The static methods used to generate and check the random token:, _(*4)

Token::generate(); //Generates a random token string.

Token::check( PLACE-$_POST-NAME-HERE );// Checks if random token is valid.

How to Use -

Assuming you are using php classes in your application (you can also use in php procedural code), use the following as an example:, _(*5)

In your base controller:, _(*6)

use DooCSRF\Token;

class BaseController{

      protected $data = []; // assign $data to an empty array.

      public function __construct(){

          //assign the token static method to a varibale, in this case it's the token variable create by the data array
           $this->data['token'] = Token::generate();

      }

}


class SomeclassController extends BaseController {


     public function someMethod(){

           View::display('path/to/a/view', $this->data );//the token variable is past through to the view via the $this->data array.
     }


}

In your view add the $token variable in a hidden input within your form, example:, _(*7)

And in a controller method or file that will recieve the post data:, _(*8)

use DooCSRF\Token; 

if( Token::check( $_POST['token'] ) ){

     //Protected area. Do somthing,  database inserts etc..
}

Thats it, nice and easy!