├── .gitignore ├── composer.json ├── composer.lock ├── example ├── without-composer │ ├── get-method.php │ ├── post-method.php │ ├── all-method.php │ └── lib │ │ └── csrfhandler.php └── with-composer │ ├── get-method.php │ ├── post-method.php │ └── all-method.php ├── LICENSE ├── README.md └── src └── csrfhandler └── csrf.php /.gitignore: -------------------------------------------------------------------------------- 1 | /vendor/ 2 | .idea/ 3 | -------------------------------------------------------------------------------- /composer.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "banujan6/csrf-handler", 3 | "description": "CSRF token validator library for PHP", 4 | "license": "MIT", 5 | "authors": [ 6 | { 7 | "name": "Banujan Balendrakumar", 8 | "email": "bbalendrakumar@gmail.com" 9 | } 10 | ], 11 | "minimum-stability": "dev", 12 | "require": { 13 | "php": ">=5.5.0" 14 | }, 15 | "autoload": { 16 | "psr-0": { 17 | "csrfhandler": "src/" 18 | } 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /composer.lock: -------------------------------------------------------------------------------- 1 | { 2 | "_readme": [ 3 | "This file locks the dependencies of your project to a known state", 4 | "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", 5 | "This file is @generated automatically" 6 | ], 7 | "content-hash": "91e16d99386b1fd022f540d437a0b7d9", 8 | "packages": [], 9 | "packages-dev": [], 10 | "aliases": [], 11 | "minimum-stability": "dev", 12 | "stability-flags": [], 13 | "prefer-stable": false, 14 | "prefer-lowest": false, 15 | "platform": { 16 | "php": ">=5.5.0" 17 | }, 18 | "platform-dev": [] 19 | } 20 | -------------------------------------------------------------------------------- /example/without-composer/get-method.php: -------------------------------------------------------------------------------- 1 | 19 | 20 |

21 | 22 | 31 | 32 |

33 | 34 | -------------------------------------------------------------------------------- /example/without-composer/post-method.php: -------------------------------------------------------------------------------- 1 | 19 | 20 |

21 | 22 | 31 | 32 |

33 | 34 | -------------------------------------------------------------------------------- /example/with-composer/get-method.php: -------------------------------------------------------------------------------- 1 | 19 | 20 |

21 | 22 | 31 | 32 |

33 | 34 | -------------------------------------------------------------------------------- /example/with-composer/post-method.php: -------------------------------------------------------------------------------- 1 | 19 | 20 |

21 | 22 | 31 | 32 |

33 | 34 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 Banujan Balendrakumar 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /example/without-composer/all-method.php: -------------------------------------------------------------------------------- 1 | 19 |

20 |

GET form

21 |

22 | 23 | 32 | 33 |

34 | 35 |

36 | 37 |

POST form

38 |

39 | 40 | 49 | 50 |

51 | 52 | -------------------------------------------------------------------------------- /example/with-composer/all-method.php: -------------------------------------------------------------------------------- 1 | 20 |

21 |

GET form

22 |

23 | 24 | 33 | 34 |

35 | 36 |

37 | 38 |

POST form

39 |

40 | 41 | 50 | 51 |

52 | 53 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # [DEPRECATED] CSRF-Handler ![version](https://img.shields.io/badge/Version-2.0.1-green.svg) ![stars](https://img.shields.io/github/stars/banujan6/CSRF-handler.svg) ![commit](https://img.shields.io/badge/Commit-Verified-brightgreen.svg) 2 | CSRF protection class file for PHP.

3 | Bye Bye, Version 1.0!
4 | We released version 2 with better implementation. :) 5 | 6 | # Please Note: We no longer maintain this project. Please Consider using PHP Frameworks for better built-in security. 7 | 8 | # Functions 9 | 10 | | Function | Description | 11 | | ------------- | ------------- | 12 | | get() | Validate CSRF only for GET requests | 13 | | post() | Validate CSRF only for POST requests | 14 | | all() | Validate CSRF for GET & POST requests | 15 | | token() | Generate CSRF Token | 16 | | flushToken() | Remove all tokens | 17 | 18 | 19 | # Installation 20 | 21 |
22 | Via Composer 23 |
24 |

25 | Require the package. 26 |

27 | 28 | ```php 29 | composer require banujan6/csrf-handler 30 | ``` 31 |
32 |

Use namespace & class.

33 | 34 | ```php 35 | 40 | ``` 41 | 42 |
43 |
44 | Including File 45 |

46 |

Download the csrf.php file in directory src. Then include it in your PHP file.

47 |

48 | 49 | ```php 50 | 54 | ``` 55 | 56 | # Usages 57 | 58 |

59 | This CSRF-Handler will look for a form-data / url-parameter called _token. To verify the request, POST request need to have a _token in form-data. And GET request need to have a _token in url-parameter. 60 |

61 | 62 | 63 | ### Generating Token 64 | 65 | ```php 66 | 69 | ``` 70 | 71 | ### Validating Request 72 | 73 | GET Request Only 74 | 75 | ```php 76 | $isValid = csrf::get(); // return TRUE or FALSE 77 | 78 | if ( $isValid ) { 79 | 80 | //Do something if valid 81 | 82 | } else { 83 | 84 | //Do something if not vaid 85 | 86 | } 87 | ``` 88 | 89 | POST Request Only 90 | 91 | ```php 92 | $isValid = csrf::post(); // return TRUE or FALSE 93 | 94 | if ( $isValid ) { 95 | 96 | //Do something if valid 97 | 98 | } else { 99 | 100 | //Do something if not vaid 101 | 102 | } 103 | ``` 104 | 105 | GET & POST Request 106 | 107 | ```php 108 | $isValid = csrf::all(); // return TRUE or FALSE 109 | 110 | if ( $isValid ) { 111 | 112 | //Do something if valid 113 | 114 | } else { 115 | 116 | //Do something if not vaid 117 | 118 | } 119 | ``` 120 | 121 | 122 | ### Clear All Active Tokens 123 | 124 | ```php 125 | csrf::flushToken(); // will destroy all active tokens 126 | ``` 127 | 128 | 129 | # Examples 130 | 131 |

132 | You can find basic examples in example/ directory. 133 |

134 | 135 | # License 136 | 137 | Licensed under MIT 138 | -------------------------------------------------------------------------------- /src/csrfhandler/csrf.php: -------------------------------------------------------------------------------- 1 | "GET", 136 | "token" => (isset($_GET['_token'])) ? $_GET['_token'] : null 137 | )); 138 | } 139 | 140 | public static function post() 141 | { 142 | return self::authToken(array( 143 | "method" => "POST", 144 | "token" => (isset($_POST['_token'])) ? $_POST['_token'] : null 145 | )); 146 | } 147 | 148 | public static function all() 149 | { 150 | if(isset($_POST['_token'])) { 151 | return self::authToken(array( 152 | "method" => "ALL", 153 | "token" => $_POST['_token'] 154 | )); 155 | } else if(isset($_GET['_token'])) { 156 | return self::authToken(array( 157 | "method" => "ALL", 158 | "token" => $_GET['_token'] 159 | )); 160 | } else { 161 | return self::authToken(array( 162 | "method" => "ALL", 163 | "token" => null 164 | )); 165 | } 166 | 167 | } 168 | 169 | public static function flushToken() 170 | { 171 | self::startSession(); 172 | $_SESSION['X-CSRF-TOKEN-LIST'] = null; 173 | } 174 | } 175 | 176 | -------------------------------------------------------------------------------- /example/without-composer/lib/csrfhandler.php: -------------------------------------------------------------------------------- 1 | "GET", 136 | "token" => (isset($_GET['_token'])) ? $_GET['_token'] : null 137 | )); 138 | } 139 | 140 | public static function post() 141 | { 142 | return self::authToken(array( 143 | "method" => "POST", 144 | "token" => (isset($_POST['_token'])) ? $_POST['_token'] : null 145 | )); 146 | } 147 | 148 | public static function all() 149 | { 150 | if(isset($_POST['_token'])) { 151 | return self::authToken(array( 152 | "method" => "ALL", 153 | "token" => $_POST['_token'] 154 | )); 155 | } else if(isset($_GET['_token'])) { 156 | return self::authToken(array( 157 | "method" => "ALL", 158 | "token" => $_GET['_token'] 159 | )); 160 | } else { 161 | return self::authToken(array( 162 | "method" => "ALL", 163 | "token" => null 164 | )); 165 | } 166 | 167 | } 168 | 169 | public static function flushToken() 170 | { 171 | self::startSession(); 172 | $_SESSION['X-CSRF-TOKEN-LIST'] = null; 173 | } 174 | } 175 | 176 | --------------------------------------------------------------------------------