PHP Classes
elePHPant
Icontem

Token: Generate and check tokens to avoid CSRF attacks

Recommend this page to a friend!
     
  Info   View files View files (3)   DownloadInstall with Composer Download .zip   Reputation   Support forum (1)   Blog    
Last Updated Ratings Unique User Downloads Download Rankings
2009-07-10 (7 years ago) RSS 2.0 feedNot enough user ratingsTotal: 1,140 This week: 2All time: 3,191 This week: 591Up
Version License PHP version Categories
token 1.0.0Public Domain5.0HTML, PHP 5, User Management, Security
Description Author

This class can be used to generate and check tokens to avoid Cross-Site Request Forgery (CSRF) attacks.

It generates random token strings and stores it as session variable associated to the time when the token was created.

The generated token be used to pass in an hidden input form for later verification against CSRF attacks.

The class can also check if the token is valid by looking at the respective session variable and verifying whether it did not pass more time than a configurable token timeout value.

Picture of Francesco Cirać
Name: Francesco Cirać <contact>
Classes: 3 packages by
Country: Italy Italy

Details
== Token
== A PHP class for CSRF preventing.

= What is Token
Token is a simple to use PHP class that implements a session token system
for web applications. The purpose is to avoid CSRF (Cross Site Request 
Forgery) attacks.

= About CSRF
The Cross Site Request Forgery is a widespread vulnerability in web 
applications.
Using CSRF an attacker can make an user to do things with his own sessions.
CSRF is an underestimate threat. It is often forget while it is more
dangerous of other attacks (who cares about a stupid XSS)?
A very good paper about CSRF is at: http://citp.princeton.edu/csrf/.

= Using Token
Token usage is very simple. It is explained in the example file.

= Token License
Token has not a license. Simply do what you want.
I just enjoyed coding Token, don't care about.

= Author contacts
Website: http://sydarex.org
Email: sydarex@gmail.com

= Credits
Token is inspired by the work of Claudio Guarnieri (nex) of PlayHack on the
Seride library (http://www.playhack.net).
  Files folder image Files  
File Role Description
Accessible without login Plain text file example.php Example Example script
Accessible without login Plain text file readme.txt Doc. Readme file
Plain text file token.class.php Class Token class file

Downloadtoken-2009-07-10.zip 3KB
Downloadtoken-2009-07-10.tar.gz 2KB
Install with ComposerInstall with Composer
 Version Control Unique User Downloads Download Rankings  
 0%
Total:1,140
This week:2
All time:3,191
This week:591Up
User Comments (1)
great work!
7 years ago (max costa)		75%StarStarStarStar
 

  Applications that use this package  
No pages of applications that use this class were specified.

Add link image If you know an application of this package, send a message to the author to add a link here.