Facebook Twitter GitHub Discord Gitter
  1. Home
  2. Documentation
  3. CSRF Helper
Documentation
Creating Your Application
Helpers
UserCandy Documentation - CSRF Helper
Cross Site Request Forgery Helper is used to help protect against CSRF attacks. CSRF Token is created and saved to the current session for a given period of time. During the validation it compares what was sent via POST and compares to what was stored in the SESSION. At the top of each file that this class is used with, make sure to add the following: 
Code

use Helpers\Csrf;
Just prior to creating a form, use the following function to create the CSRF token: 
Code

$data['csrfToken'] = Csrf::makeToken();
Add the following near the bottom of the form, before the submit button: 
Code

<input type="hidden" name="token_pagename" value="<?= $data['csrfToken']; ?>" />
To validate the token use the following within the form post part of your code: 
Code

/** Check if Submit Post data */
if(isset($_POST['submit'])){
    /** Check to make sure the csrf token is good */
    if (Csrf::isTokenValid('settings')) {
        // All good.  Send data to database
    }
}

0 Comments