Download the PHP package ajiho/think-csrf without Composer

On this page you can find all versions of the php package ajiho/think-csrf. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Example code of ajiho/think-csrf

Informations about the package think-csrf

think-csrf

是基于thinkphp6.x封装的一个防止csrf攻击的composer包

为什么还要封装think-csrf

thinkphp官方的表单令牌其实从实际开发角度来说,它只适合用来防止表单重复提交(虽然官方文档上说可以防止csrf攻击)。 因为框架在验证表单令牌通过后会立马删除session中的token,这样对于ajax提交的方式是非常不友好的, 因为页面没有刷新而session中的表单令牌已经更新导致再次提交表单会失败, 该依赖包就是用来解决这个问题,且验证csrf的token值是长时间保存在cookie中的, 相对于官方表单令牌保存在session中有不会过期、和减轻服务端压力的特点。

防止表单重复提交和防止csrf攻击应该分开来做,你在使用think-csrf的同时也不影响你使用tp官方的表单令牌,它 们不会产生冲突

安装

配置

/config/csrf.php

使用

表单提交

下面是示例,是基于think-smarty模板引擎来定义的, 如果你是tp框架自带的模板引擎,那么调用函数的语法应该是{:csrf_field()}

AJAX提交

如果是AJAX提交的表单,可以将token设置在meta

<meta name="csrf-token" content="<{ csrf_token() }>">

或直接在视图文件中调用csrf_meta()函数也能生成上面的meta标签

然后在全局Ajax中使用这种方式设置X-CSRF-Token请求头并提交:

助手函数

csrf_field()

返回一个携带token的隐藏域

csrf_meta()

返回一个携带token的meta标签

csrf_token()

只返回token值

All versions of think-csrf with dependencies

PHP Build Version
Package Version
Requires topthink/framework Version ^6.0.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package ajiho/think-csrf contains the following files

Loading the files please wait ....