Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/gilbitron/EasyCSRF

A simple, standalone CSRF protection library
https://github.com/gilbitron/EasyCSRF

csrf csrf-protection php

Last synced: about 2 months ago
JSON representation

A simple, standalone CSRF protection library

Host: GitHub
URL: https://github.com/gilbitron/EasyCSRF
Owner: gilbitron
License: mit
Created: 2015-02-13T10:56:39.000Z (almost 10 years ago)
Default Branch: master
Last Pushed: 2021-12-27T14:31:46.000Z (almost 3 years ago)
Last Synced: 2024-10-15T15:39:25.284Z (2 months ago)
Topics: csrf, csrf-protection, php
Language: PHP
Homepage: https://packagist.org/packages/gilbitron/easycsrf
Size: 25.4 KB
Stars: 91
Watchers: 7
Forks: 31
Open Issues: 2
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE

Awesome Lists containing this project

awesome - gilbitron/EasyCSRF - A simple, standalone CSRF protection library (PHP)

README

        [![Build Status](https://travis-ci.org/gilbitron/EasyCSRF.svg?branch=master)](https://travis-ci.org/gilbitron/EasyCSRF) [![Packagist Downloads](https://img.shields.io/packagist/dm/gilbitron/easycsrf)](https://packagist.org/packages/gilbitron/easycsrf) ![PHP version](https://img.shields.io/travis/php-v/gilbitron/easycsrf/master) ![License](https://img.shields.io/github/license/gilbitron/easycsrf)

# EasyCSRF

EasyCSRF is a simple, standalone CSRF protection library written in PHP. It can be used to

protect your forms from [Cross Site Request Forgery](http://en.wikipedia.org/wiki/Cross-site_request_forgery) attacks.

## Requirements

* PHP 7.3+

## Install

Install via [composer](https://getcomposer.org):

```

composer require gilbitron/easycsrf

```

Run `composer install` then use as normal:

```php

require 'vendor/autoload.php';

$sessionProvider = new EasyCSRF\NativeSessionProvider();

$easyCSRF = new EasyCSRF\EasyCSRF($sessionProvider);

```

## Usage

To use EasyCSRF first you need to generate a token:

```php

$sessionProvider = new EasyCSRF\NativeSessionProvider();

$easyCSRF = new EasyCSRF\EasyCSRF($sessionProvider);

$token = $easyCSRF->generate('my_token');

```

You then include this token with any forms you create:

```html

    ...

    

    ...

```

Then before you do any data processing, you check the token is valid:

```php

use EasyCSRF\Exceptions\InvalidCsrfTokenException;

try {

    $easyCSRF->check('my_token', $_POST['token']);

} catch(InvalidCsrfTokenException $e) {

    echo $e->getMessage();

}

```

## Token Expiration

You can set a time limit on tokens by passing a timespan (in seconds) to the

check method. Tokens older than the timespan will not be valid.

```php

// Example 1 hour expiration

$easyCSRF->check('my_token', $_POST['token'], 60 * 60);

```

## Reusable Tokens

Tokens can be made reusable and not one-time only (useful for ajax-heavy requests).

```php

// Make token reusable

$easyCSRF->check('my_token', $_POST['token'], null, true);

```

## Custom SessionProvider

Your app might use a third party library for managing sessions, or you may want to store tokens somewhere other

than $_SESSION (as the `NativeSessionProvider` does). In this case you can create a custom `SessionProvider`

and use that when instantiating EasyCSRF.

```php