CSRF protection class file for Core-PHP.
CSRF - Cross Site Request forgery is a common and dangerous vulnerability in Web Sites/Applications.
But we can fix it simply using tokens. This is simple PHP class file to help you to generate random tokens and verify it!
This class has just 3 functions called setToken(), checkToken(), flushKeys().
setToken() function is used to generate random token.
Example
<?php
include("csrfhandler.lib.php");
?>
<form action="" method="post">
<input type="hidden" name="_token" value="<?php echo csrf::setToken();?>"/>
</form>
checkToken() function is used to check the incoming random token.
If the token valid, It will return true, Otherwise It will return false
Example
<?php
include("csrfhandler.lib.php");
$token = $_POST["_token"];
$isValid = csrf::checkToken($token);
if($isValid == true){
//your code if valid
}else{
//your code if not-valid
}
?>
flushKeys() function is used to delete all active CSRF Token Keys from Session.
Example
<?php
include("csrfhandler.lib.php");
csrf::flushKeys();
?>