PHP Classes

PHP CSRF Protection: Generate and validate tokens against CSRF attacks

Recommend this page to a friend!
  Info   View files Example   View files View files (2)   DownloadInstall with Composer Download .zip   Reputation   Support forum   Blog    
Last Updated Ratings Unique User Downloads Download Rankings
2024-01-09 (4 months ago) RSS 2.0 feedStarStarStar 51%Total: 463 All time: 6,061 This week: 71Up
Version License PHP version Categories
php-csrf 1.9GNU General Publi...5.0PHP 5, Validation, Security
Description 

Author

This class can generate and validate tokens against CSRF attacks.

It creates a random token based on the current user IP address, browser identification.

The generated token is stored in a session variable that may include the name of the form on which the token will be used.

The class can also validate the generated token passed via a form field or a link parameter to verify if it matches the token stored in the session variable.

Picture of Radovan Janjic
  Performance   Level  
Name: Radovan Janjic is available for providing paid consulting. Contact Radovan Janjic .
Classes: 14 packages by
Country: Serbia Serbia
Age: 36
All time rank: 2382 in Serbia Serbia
Week rank: 35 Up1 in Serbia Serbia Up
Innovation award
Innovation award
Nominee: 3x

Example

<?php
//
// Example script
//

session_start();
require
"CSRF.class.php";

if (!empty(
$_POST)){
   
    echo
'<pre>POST:', PHP_EOL, print_r($_POST, TRUE), '</pre>';
   
    if (!empty(
$_POST['submitform1'])) {
        if (
CSRF::check($_POST['csrf_token'], 'form1')) {
            echo
'<strong style="color:green">Form 1 OK.</strong>';
           
// do something
            // ...
       
} else {
            echo
'<strong style="color:red">Form 1 KO!</strong>';
        }
    }
    if (!empty(
$_POST['submitform2'])) {
        if (
CSRF::check($_POST['csrf_token'], 'form2')) {
            echo
'<strong style="color:green">Form 2 OK.</strong>';
           
// do something
            // ...
       
} else {
            echo
'<strong style="color:red">Form 2 KO!</strong>';
        }
    }
    if (!empty(
$_POST['submitform3'])) {
        if (
CSRF::check($_POST['csrf_token'], 'form3')) {
            echo
'<strong style="color:green">Form 3 OK.</strong>';
           
// do something
            // ...
       
} else {
            echo
'<strong style="color:red">Form 3 KO!</strong>';
        }
    }
}
?>

<h2>Form 1: with token.</h2>
<form name="form1" action="" method="post">
    <input type="text" name="field" value="value">
    <input type="hidden" name="csrf_token" value="<?php echo CSRF::generate('form1'); ?>">
   
    <input type="submit" name="submitform1" value="submit">
</form>

<h2>Form 2: with token.</h2>
<form name="form2" action="" method="post">
    <input type="text" name="field" value="value">
    <input type="hidden" name="csrf_token" value="<?php echo CSRF::generate('form2'); ?>">
    <input type="submit" name="submitform2" value="submit">
</form>

<h2>Form 3: without or with wrong token.</h2>
<form name="form3" action="" method="post">
    <input type="text" name="field" value="value">
    <input type="hidden" name="csrf_token" value="foobar">
    <input type="submit" name="submitform3" value="submit">
</form>


  Files folder image Files  
File Role Description
Plain text file CSRF.class.php Class Class source
Accessible without login Plain text file example.php Example Example script

 Version Control Unique User Downloads Download Rankings  
 100%
Total:463
This week:0
All time:6,061
This week:71Up
 User Ratings  
 
 All time
Utility:75%StarStarStarStar
Consistency:66%StarStarStarStar
Documentation:-
Examples:75%StarStarStarStar
Tests:-
Videos:-
Overall:51%StarStarStar
Rank:2518