PHP Classes

PHP CSRF Protection: Generate and validate tokens against CSRF attacks

Recommend this page to a friend!
  Info   View files Example   View files View files (2)   DownloadInstall with Composer Download .zip   Reputation   Support forum   Blog    
Last Updated Ratings Unique User Downloads Download Rankings
2024-01-09 (3 days ago) RSS 2.0 feedNot enough user ratingsTotal: 460 This week: 4All time: 6,072 This week: 89Up
Version License PHP version Categories
php-csrf 1.9GNU General Publi...5.0PHP 5, Validation, Security
Description 

Author

This class can generate and validate tokens against CSRF attacks.

It creates a random token based on the current user IP address, browser identification.

The generated token is stored in a session variable that may include the name of the form on which the token will be used.

The class can also validate the generated token passed via a form field or a link parameter to verify if it matches the token stored in the session variable.

Picture of Radovan Janjic
  Performance   Level  
Name: Radovan Janjic <contact>
Classes: 14 packages by
Country: Serbia Serbia
Innovation award
Innovation award
Nominee: 3x

Example

<?php
//
// Example script
//

session_start();
require
"CSRF.class.php";

if (!empty(
$_POST)){
   
    echo
'<pre>POST:', PHP_EOL, print_r($_POST, TRUE), '</pre>';
   
    if (!empty(
$_POST['submitform1'])) {
        if (
CSRF::check($_POST['csrf_token'], 'form1')) {
            echo
'<strong style="color:green">Form 1 OK.</strong>';
           
// do something
            // ...
       
} else {
            echo
'<strong style="color:red">Form 1 KO!</strong>';
        }
    }
    if (!empty(
$_POST['submitform2'])) {
        if (
CSRF::check($_POST['csrf_token'], 'form2')) {
            echo
'<strong style="color:green">Form 2 OK.</strong>';
           
// do something
            // ...
       
} else {
            echo
'<strong style="color:red">Form 2 KO!</strong>';
        }
    }
    if (!empty(
$_POST['submitform3'])) {
        if (
CSRF::check($_POST['csrf_token'], 'form3')) {
            echo
'<strong style="color:green">Form 3 OK.</strong>';
           
// do something
            // ...
       
} else {
            echo
'<strong style="color:red">Form 3 KO!</strong>';
        }
    }
}
?>

<h2>Form 1: with token.</h2>
<form name="form1" action="" method="post">
    <input type="text" name="field" value="value">
    <input type="hidden" name="csrf_token" value="<?php echo CSRF::generate('form1'); ?>">
   
    <input type="submit" name="submitform1" value="submit">
</form>

<h2>Form 2: with token.</h2>
<form name="form2" action="" method="post">
    <input type="text" name="field" value="value">
    <input type="hidden" name="csrf_token" value="<?php echo CSRF::generate('form2'); ?>">
    <input type="submit" name="submitform2" value="submit">
</form>

<h2>Form 3: without or with wrong token.</h2>
<form name="form3" action="" method="post">
    <input type="text" name="field" value="value">
    <input type="hidden" name="csrf_token" value="foobar">
    <input type="submit" name="submitform3" value="submit">
</form>


  Files folder image Files  
File Role Description
Plain text file CSRF.class.php Class Class source
Accessible without login Plain text file example.php Example Example script

 Version Control Unique User Downloads Download Rankings  
 100%
Total:460
This week:4
All time:6,072
This week:89Up