PHP code example of itrack / csrf

1. Go to this page and download the library: Download itrack/csrf library. Choose the download type require.

2. Extract the ZIP file and open the index.php.

3. Add this code to the index.php.

    
        
<?php
require_once('vendor/autoload.php');

/* Start to develop here. Best regards https://php-download.com/ */

itrack / csrf example snippets


$secret = '948thksehbf23fnoug2p4g2o...'; // well chosen secret
$signer = new \Itrack\CSRF\SignatureGenerator($secret);

if ($_POST) {
    if (!$signer->validateSignature($_POST['_token'])) {
        header('HTTP/1.0 400 Bad Request');
        exit;
    }
}


$signer->setValidityWindow(time() - 3600);
$signer->setValidityWindow('-1 hour');
$signer->setValidityWindow(new DateTime('-1 hour'));


$signer->addValue('foo');
$signer->addKeyValue('bar', 'baz');


$signer = new \Itrack\CSRF\SignatureGenerator($secret);

// including user id in signature
// 'userid' is an arbitrarily chosen key name
$signer->addKeyValue('userid', $_SESSION['User']['id']);

// including names of valid form fields in signature
$signer->addValue('_token');
$signer->addValue('firstname');
$signer->addValue('lastname');


$signer = new \Itrack\CSRF\SignatureGenerator($secret);

// including user id in signature validation
$signer->addKeyValue('userid', $_SESSION['User']['id']);

// including submitted form fields in signature validation
foreach (array_keys($_POST) as $key) {
    $signer->addValue($key);
}

if (!$signer->validateSignature($_POST['_token'])) {
    // error
}

html
<form action="" method="post">
     printf('<input type="hidden" name="_token" value="%s">', $signer->getSignature());

html
<form action="" method="post">
     printf('<input type="hidden" name="_token" value="%s">', $signer->getSignature());