PHP Classes

PHP CSRF Protection: Generate and validate tokens against CSRF attacks

Recommend this page to a friend!
     
  Info   View files Example   View files View files (2)   DownloadInstall with Composer Download .zip   Reputation   Support forum   Blog    
Last Updated Ratings Unique User Downloads Download Rankings
2024-01-09 (3 days ago) RSS 2.0 feedNot enough user ratingsTotal: 460 This week: 4All time: 6,072 This week: 89Up
Version License PHP version Categories
php-csrf 1.9GNU General Publi...5.0PHP 5, Validation, Security
Description 

Author

Radovan Janjic

This class can generate and validate tokens against CSRF attacks.

It creates a random token based on the current user IP address, browser identification.

The generated token is stored in a session variable that may include the name of the form on which the token will be used.

The class can also validate the generated token passed via a form field or a link parameter to verify if it matches the token stored in the session variable.

Picture of Radovan Janjic
  Performance   Level  
Name: Radovan Janjic <contact>
Classes: 14 packages by
Country: Serbia Serbia

Level 5 StarStarStarStarStar

 Innovation award
Innovation award
Nominee: 3x

Example

<?php
//
// Example script
//

session_start();
require "CSRF.class.php";

if (!empty($_POST)){
   
    echo '<pre>POST:', PHP_EOL, print_r($_POST, TRUE), '</pre>';
   
    if (!empty($_POST['submitform1'])) {
        if (CSRF::check($_POST['csrf_token'], 'form1')) {
            echo '<strong style="color:green">Form 1 OK.</strong>';
            // do something
            // ...
        } else {
            echo '<strong style="color:red">Form 1 KO!</strong>';
        }
    }
    if (!empty($_POST['submitform2'])) {
        if (CSRF::check($_POST['csrf_token'], 'form2')) {
            echo '<strong style="color:green">Form 2 OK.</strong>';
            // do something
            // ...
        } else {
            echo '<strong style="color:red">Form 2 KO!</strong>';
        }
    }
    if (!empty($_POST['submitform3'])) {
        if (CSRF::check($_POST['csrf_token'], 'form3')) {
            echo '<strong style="color:green">Form 3 OK.</strong>';
            // do something
            // ...
        } else {
            echo '<strong style="color:red">Form 3 KO!</strong>';
        }
    }
}
?>

<h2>Form 1: with token.</h2>
<form name="form1" action="" method="post">
    <input type="text" name="field" value="value">
    <input type="hidden" name="csrf_token" value="<?php echo CSRF::generate('form1'); ?>">
   
    <input type="submit" name="submitform1" value="submit">
</form>

<h2>Form 2: with token.</h2>
<form name="form2" action="" method="post">
    <input type="text" name="field" value="value">
    <input type="hidden" name="csrf_token" value="<?php echo CSRF::generate('form2'); ?>">
    <input type="submit" name="submitform2" value="submit">
</form>

<h2>Form 3: without or with wrong token.</h2>
<form name="form3" action="" method="post">
    <input type="text" name="field" value="value">
    <input type="hidden" name="csrf_token" value="foobar">
    <input type="submit" name="submitform3" value="submit">
</form>

  Files folder image Files  
File Role Description
Plain text file CSRF.class.php Class Class source
Accessible without login Plain text file example.php Example Example script

Downloadphp-csrf-2024-01-09.zip 1KB
Downloadphp-csrf-2024-01-09.tar.gz
Install with ComposerInstall with Composer
 Version Control Unique User Downloads Download Rankings  
 100%
Total:460
This week:4
All time:6,072
This week:89Up

  Applications that use this package  
No pages of applications that use this class were specified.

Add link image If you know an application of this package, send a message to the author to add a link here.