PHP Classes

PHP CSRF Protection: Generate and validate tokens against CSRF attacks

Recommend this page to a friend!
     
  Info   Example   View files Files   Install with Composer Install with Composer   Download Download   Reputation   Support forum   Blog    
Last Updated Ratings Unique User Downloads Download Rankings
2024-01-09 (8 months ago) RSS 2.0 feedStarStarStar 51%Total: 464 All time: 6,055 This week: 49Up
Version License PHP version Categories
php-csrf 1.9GNU General Publi...5.0PHP 5, Validation, Security
Description 

Author

This class can generate and validate tokens against CSRF attacks.

It creates a random token based on the current user IP address, browser identification.

The generated token is stored in a session variable that may include the name of the form on which the token will be used.

The class can also validate the generated token passed via a form field or a link parameter to verify if it matches the token stored in the session variable.

Picture of Radovan Janjic
  Performance   Level  
Name: Radovan Janjic is available for providing paid consulting. Contact Radovan Janjic .
Classes: 14 packages by
Country: Serbia Serbia
Age: 36
All time rank: 2382 in Serbia Serbia
Week rank: 16 Up1 in Serbia Serbia Up
Innovation award
Innovation award
Nominee: 3x

Example

<?php
//
// Example script
//

session_start();
require
"CSRF.class.php";

if (!empty(
$_POST)){
   
    echo
'<pre>POST:', PHP_EOL, print_r($_POST, TRUE), '</pre>';
   
    if (!empty(
$_POST['submitform1'])) {
        if (
CSRF::check($_POST['csrf_token'], 'form1')) {
            echo
'<strong style="color:green">Form 1 OK.</strong>';
           
// do something
            // ...
       
} else {
            echo
'<strong style="color:red">Form 1 KO!</strong>';
        }
    }
    if (!empty(
$_POST['submitform2'])) {
        if (
CSRF::check($_POST['csrf_token'], 'form2')) {
            echo
'<strong style="color:green">Form 2 OK.</strong>';
           
// do something
            // ...
       
} else {
            echo
'<strong style="color:red">Form 2 KO!</strong>';
        }
    }
    if (!empty(
$_POST['submitform3'])) {
        if (
CSRF::check($_POST['csrf_token'], 'form3')) {
            echo
'<strong style="color:green">Form 3 OK.</strong>';
           
// do something
            // ...
       
} else {
            echo
'<strong style="color:red">Form 3 KO!</strong>';
        }
    }
}
?>

<h2>Form 1: with token.</h2>
<form name="form1" action="" method="post">
    <input type="text" name="field" value="value">
    <input type="hidden" name="csrf_token" value="<?php echo CSRF::generate('form1'); ?>">
   
    <input type="submit" name="submitform1" value="submit">
</form>

<h2>Form 2: with token.</h2>
<form name="form2" action="" method="post">
    <input type="text" name="field" value="value">
    <input type="hidden" name="csrf_token" value="<?php echo CSRF::generate('form2'); ?>">
    <input type="submit" name="submitform2" value="submit">
</form>

<h2>Form 3: without or with wrong token.</h2>
<form name="form3" action="" method="post">
    <input type="text" name="field" value="value">
    <input type="hidden" name="csrf_token" value="foobar">
    <input type="submit" name="submitform3" value="submit">
</form>


  Files folder image Files (2)  
File Role Description
Plain text file CSRF.class.php Class Class source
Accessible without login Plain text file example.php Example Example script

The PHP Classes site has supported package installation using the Composer tool since 2013, as you may verify by reading this instructions page.
Install with Composer Install with Composer
 Version Control Unique User Downloads Download Rankings  
 100%
Total:464
This week:0
All time:6,055
This week:49Up
 User Ratings  
 
 All time
Utility:75%StarStarStarStar
Consistency:66%StarStarStarStar
Documentation:-
Examples:75%StarStarStarStar
Tests:-
Videos:-
Overall:51%StarStarStar
Rank:2522