PHP code example of julfiker / csrf-php

1. Go to this page and download the library: Download julfiker/csrf-php library. Choose the download type require.

2. Extract the ZIP file and open the index.php.

3. Add this code to the index.php.

    
        
<?php
require_once('vendor/autoload.php');

/* Start to develop here. Best regards https://php-download.com/ */

julfiker / csrf-php example snippets



use Julfiker\Service\CsrfManager as Csrf;
$csrf = new Csrf();
$csrf->setExpiredAt(10); //10 minutes; But default it has 30 minutes
$token = $csrf->getCSRFToken();
$tokenFieldName = $csrf->getTokenFieldName();



use Julfiker\Service\CsrfManager as Csrf;


$csrf = new Csrf();
if (!$csrf->isValidToken()) { //Is not valid token
    echo "Invalid token!";
    exit;
}
echo "Token was valid and saving the information";


/**
 * Action helper checking csrf from action, it can be used in controller action like
 *
 * $this->_helper->csrf->validateToken()->ifInvalid()->gotoReferer();
 * OR
 * $this->_helper->csrf->validateToken()->ifInvalid()->gotoUrl('url_str');
 * OR
 * $csrf = $this->_helper->csrf->validateToken();
 * if ($csrf->isInvalidToken())
 *  $csrf->gotoUrl('url_string');
 *
 * @author: Julfiker <[email protected]>
 */
class ProjectNameSpace_Zend_Controller_Action_Helper_Csrf extends  Zend_Controller_Action_Helper_Redirector
{
    /** @var \Julfiker\Service\CsrfManager  */
    protected $csrfManager;

    /** @var bool  */
    protected $isValidToken = false;

    /** @var \Zend_Controller_Action_Helper_FlashMessenger  */
    protected $flashMessenger;

    public function __construct() {
        //Dependency injecting
        $this->csrfManager = new \Julfiker\Service\CsrfManager();
        $this->flashMessenger =  \Zend_Controller_Action_HelperBroker::getStaticHelper('FlashMessenger');
    }

    /**
     * Checking csrf token valid or not
     * @return $this
     */
    public function validateToken() {
        $this->isValidToken = $this->getCsrfManager()->isValidToken();
        return $this;
    }

    /**
     * @return $this
     */
    public function ifInvalid() {
        return $this;
    }

    /**
     * Redirecting to referer url
     */
    public function goToReferer() {
         if ($this->isInvalidToken()) {
             $this->flashMessenger->addMessage(array('error' => "Invalid token!"));
             return $this->gotoUrl($_SERVER['HTTP_REFERER']);
         }

        return $this->isValidToken;
    }

    /**
     * Redirecting to specific url
     * @param string $url
     * @param array $options
     * @return redirect|bool
     */
    public function gotoUrl($url, array $options = array()) {
        if ($this->isInvalidToken()) {
            return parent::gotoUrl($url, $options);
        }
        return $this->isValidToken;
    }

    /**
     * Get Csrf manager instance
     */
    public function getCsrfManager() {
        return $this->csrfManager;
    }

    /**
     * @return bool
     */
    public function isValidToken() {
        return $this->isValidToken;
    }

    /**
     * @return bool
     */
    public function isInvalidToken() {
        return !$this->isValidToken;
    }
}


//Checking csrf protection
$this->_helper->csrf->validateToken()
    ->ifInvalid()
    ->gotoReferer();
//Or
$csrf = $this->_helper->csrf->validateToken(); 
if ($csrf->isInvalidToken())
$csrf->gotoUrl(‘url_string’);


$csrf = new \Julfiker\Service\CsrfManager();
if (!$csrf->isValidToken()) {
    echo "Invalid token!";
    exit;
}


/**
 * Class ProjectNameSpace_Zend_Controller_Plugin_Csrf
 */
class ProjectNameSpace_Zend_Controller_Plugin_Csrf extends Zend_Controller_Plugin_Abstract
{
    /**
     * @param Zend_Controller_Request_Abstract $request
     */
    public function preDispatch(Zend_Controller_Request_Abstract $request)
    {
       if ($request->isPost() || $request->isPut() || $request->isDelete()) {
         $csrf = new \Julfiker\Service\CsrfManager();
            if (!$csrf->isValidToken()) {
                //Redirect logic
                //Set flash error message here
                if ($referer = $request->getHeader('referer')) {                    
                    $this->_response->setRedirect($referer); 
                }
                else {
                    $this->_response->setRedirect("/"); 
                }
            }
       }
    }
}


/**
 * Csrf token view helper used to render token
 *
 * @author: Julfiker <[email protected]>
 */
class ProjectNameSpace_Zend_View_Helper_CsrfToken extends Zend_View_Helper_Abstract
{
    /** @var  \Julfiker\Service\CsrfManager */
    private $csrfManager;

    /**
     * View to helper to render csrf token
     */
    public function csrfToken() {
        $this->csrfManager = new \Julfiker\Service\CsrfManager();
        //$this->csrfManager->setExpiredAt(30); //Set expired at, Default 30 MINUTES
        return $this;
    }

    /**
     * Render token field in html format
     * in the template or view page
     * @return string as html
     */
    public function render() {
       return "<input type='hidden' name='".$this->getCsrfManager()->getTokenFieldName()."' value='".$this->getCsrfManager()->getCSRFToken()."' />";
    }

    /**
     * @return \managers\CSRFManager
     */
    public function getCsrfManager() {
        return $this->csrfManager;
    }

    /**
     * Get token element for the form object, get specific element object with token value
     * @return \Zend_Form_Element_Hidden;
     */
    public function getElement() {
        $token = new Zend_Form_Element_Hidden($this->getCsrfManager()->getTokenFieldName());
        $token->setValue($this->csrfManager->getCSRFToken());
        return $token;
    }
}


$csrfToken = $this->getView()->csrfToken()->getElement(); 
$this->addElement($csrfToken);

html
<!-- view html template page -->
<form action="post.php" method="post">
    <label>Subscribes email</label>
    <input type="text" name="email" />
    <input type="hidden" value=" echo $token

html
 echo $this->csrfToken()->render();