schnittstabil/csrf-tokenservice

无状态CSRF(跨站请求伪造)令牌服务。

维护者

详细信息

github.com/schnittstabil/csrf-tokenservice

主页

源代码

问题

安装量: 154,428

依赖者: 2

推荐者: 0

安全: 0

星标: 15

关注者: 2

分支: 2

开放问题: 0

3.1.0 2017-09-05 18:57 UTC

Requires

Requires (Dev)

MIT fab561595697c44d31dc12aebd6b7f9b93e8a7ff

  • Michael Mayer <michael.woop@schnittstabil.de>

generatorvalidatorservicetokencsrfhmacstatelessxsrfcross-site request forgerysession ridingURL-safe

This package is auto-updated.

Last update: 2024-08-26 01:40:48 UTC

README

SensioLabsInsight

无状态CSRF(跨站请求伪造)令牌服务 🍖

安装

$ composer require schnittstabil/csrf-tokenservice

用法

<?php
require __DIR__.'/vendor/autoload.php';

use Schnittstabil\Csrf\TokenService\TokenService;

// Shared secret key used for generating and validating token signatures:
$key = 'This key is not so secret - change it!';

// Time to Live in seconds; default is 1440 seconds === 24 minutes:
$ttl = 1440;

// create the TokenService
$tokenService = new TokenService($key, $ttl);

// generate a URL-safe token, using the name of the authenticated user as nonce:
$token = $tokenService->generate($_SERVER['PHP_AUTH_USER']);

// validate the token - stateless; no session needed
if (!$tokenService->validate($_SERVER['PHP_AUTH_USER'], $token)) {
    http_response_code(403);
    echo '<h2>403 Access Forbidden, bad CSRF token</h2>';
    exit();
}

相关

许可协议

MIT © Michael Mayer