dimns/simplecsrf

Simple CSRF-token class to prevent CSRF attacks. For forms and AJAX requests.

Project is deprecated.

Simple CSRF-token class to prevent CSRF attacks

, _(*1)

Requirements

• PHP 5.3 or higher is required.

Composer installation

1. Get Composer.
2. Require SimpleCSRF with php composer.phar require dimns/simplecsrf or composer require dimns/simplecsrf (if the composer is installed globally).
3. Add the following to your application's main PHP file: require 'vendor/autoload.php';.

Usage with FORM

php, _(*2)

getToken();

// Checking the token
if ($csrf->validateToken($_POST['_token'])) {
    echo 'Token correct';
} else {
    echo 'Invalid token';
}
```

html
```html

getToken();

// Checking the token
if ($csrf->validateToken($_SERVER['HTTP_X_CSRFTOKEN'])) {
    // Token correct
} else {
    // Invalid token
}
```

html
```html

    

javascript, (*4)

// jQuery
$.ajaxSetup({
    beforeSend: function (xhr, settings) {
        if (!/^(GET|HEAD|OPTIONS|TRACE)$/i.test(settings.type)) {
            xhr.setRequestHeader("X-CSRFToken", $('meta[name="_token"]').attr('content'));
        }
    }
});