|Classes of Nicola Covolo
|PHP CSRF Protection class
Protect against CSRF attack. PHP >= 5.4
Why I should use this class?
Most of others PHP scripts require that you manually edit link and form one by one. In medium and big size application, this is not only stressful but also dangerous because as human you can do mistakes. CSRFProtector, instead, do the job automatically!
Just before the end of the scripts, it search in the output buffered each links and forms. Then, they are modified adding a speacial randomic token: tokens are then saved in sessions to create a white list. When a web request come to your server, CSFRProtector check if the associated token is in the permitted list: if yes then the script can continue, otherwise a error is shown. Not only: it also add a flag in session with the end time of script execution and you can choose when the next request is accepted.
So sum up:
First off all, download and unzip all the contents in a folder in your server. Let's suppose is libs. At the begin of your main script, add this code
That is all! Anyway it's more powerfull than what might seem.
The construct can take three optional arguments:
It's also possible to manually protect GET and POST data using fews function: