Ratings | | Unique User Downloads | | Download Rankings |
Not enough user ratings | | Total: 238 | | All time: 8,054 This week: 53 |
|
Description | | Author |
This package can generate tokens to protect against CSRF attacks.
It can create a string that is stored in a session variable and will be used to identify a real user that submits a form in the script that handles the form submission.
The package can verify whether the user really submitted the form checking the token string by comparing the string passed via an URL parameter or an hidden form input.
Tokens are valid for a configurable amount of time and are deleted after they expire. | |
|
|
Innovation award
Nominee: 6x |
|
Example
<?php require_once 'start.php'; ?>
<head>
<title>PHP Security class example 1</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js"></script>
</head>
<div class="container">
<form action='start.php' method="post">
<div class="form-group">
<input type='hidden' name='token' value="<?= $security->GenerateTokens(3, 20); ?>" />
<label for="comment">Comment:</label>
<textarea class="form-control" rows="5" name='q'></textarea>
<br>
<input type='submit' name='submit' class="btn btn-success" value='Submit' />
</div>
</form>
</div>
|
Details
PHP CSRF Class
This package can generate token for csrf security in forms and add token to url
features
1. Generate new token on refresh/reload/open
2. Delete expire tokens automatically
3. Set time ( for tokens after how many time expire)
4. Delete current token (that passed in url)
5. Debug support
6. Verify tokens is exists or not
7. Count tokens
8. Delete unnecessary tokens.
Description
This package can generate tokens to protect against CSRF attacks.
It can create a string that is stored in a session variable and will be used to identify a real user that submits a form in the script that handles the form submission.
The package can verify whether the user really submitted the form checking the token string by comparing the string passed via an URL parameter or an hidden form input.
Tokens are valid for a configurable amount of time and are deleted after they expire.
Input class
get form https://github.com/Lablnet/PHP-Input-Class
|
Applications that use this package |
|
No pages of applications that use this class were specified.
If you know an application of this package, send a message to the author to add a link here.