-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
fb5bbb3
commit 9146c88
Showing
1 changed file
with
88 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,2 +1,89 @@ | ||
| # php_basic_csrf | ||
| Simple CSRF control class with PHP | ||
| Simple CSRF control class with PHP. With this php class you can generate and validate tokens that are disposable or refreshed on every page refresh. The generated tokens are encrypted with openssl for extra security, so you need the openssl extension on your php server. | ||
|
|
||
| ## **Configuration** | ||
| The class must be configured in order to run. | ||
|
|
||
| ###### **Configuration Example** | ||
| ```php | ||
| $csrf = new Csrf([ | ||
| 'key' => 'SuperKey', // Key | ||
| 'secret' => 'SuperSecret' // Secret Key | ||
| ]); | ||
| ``` | ||
| **The Key and Secret values are used to encrypt the tokens when generating, so enter these values once and do not change them.** | ||
|
|
||
| ## **Get()** | ||
| It allows you to call the generated token so you can add it to your forms. | ||
|
|
||
| ###### **Get() Example** | ||
| ```php | ||
| $csrf->Get(); | ||
| ``` | ||
|
|
||
| ###### **Get() Example Result** | ||
| > C8/mA9vfc4ST1D8+hSVrjKOaA2Y+UcVYvIBaEbYXKTN45DQVe1+qO29ntVDqSx2p4Xp3MrjiTh8lihWSK0Uo6b2jUbWzO+8DbCIieY0wYwE= | ||
| ## **Check()** | ||
| It compares the token you have printed on your forms with the token registered in the session and checks its accuracy. Create a _csrf entry in your forms and print the value generated by the class using the Get() method. | ||
|
|
||
| ###### **Check() Example** | ||
| ```php | ||
| $csrf->Check($token); | ||
| ``` | ||
|
|
||
| ###### **Check() Result** | ||
| > true/false | ||
| ## **Reset()** | ||
| Use this method to reset and regenerate the token after verifying the token. If you want, you can increase the security a little more by creating a new token every time the page is refreshed. | ||
|
|
||
| ###### **Reset() Example** | ||
| ```php | ||
| $csrf->Reset(); | ||
| ``` | ||
|
|
||
| ###### **Reset() Result** | ||
| > true/false | ||
| ## **Example Form Usage and Controls** | ||
| ```php | ||
| <?php | ||
|
|
||
| session_start(); // Start sessions. | ||
| // Include the CSRF Class in your file. | ||
|
|
||
| // Configure the class. | ||
| $csrf = new Csrf([ | ||
| 'key' => 'SuperKey', | ||
| 'secret' => 'SuperSecret' | ||
| ]); | ||
|
|
||
| if($_POST){ | ||
|
|
||
| $firstname = $_POST['firstname']; | ||
| $_csrf = $_POST['_csrf']; // We get the _csrf value from the form. | ||
|
|
||
| // We verify the token from the form with the Check() method. | ||
| if($csrf->Check($_csrf)){ | ||
|
|
||
| $result = "Token is correct"; | ||
| $csrf->Reset(); // We reset the token. | ||
|
|
||
| }else{ | ||
|
|
||
| $result = "Token is not correct"; | ||
| $csrf->Reset(); // We reset the token. | ||
|
|
||
| } | ||
|
|
||
| } | ||
|
|
||
| ?> | ||
|
|
||
| <form method="POST" action="post.php"> | ||
| <input type="text" name="firstname"><br> | ||
| <input type="text" name="_csrf" value="<?= $csrf->Get(); ?>"><br> | ||
| <button type="submit">Submit</button> | ||
| </form> | ||
| ``` |