VELOX API Docs

CSRF
in package

A class that offers a simple interface to protect against Cross-Site Request Forgery.

Example:

// create, store, and return a token
$csrf = new CSRF();
$token = $csrf->token();

// render a hidden input field containing the token
$html = $csrf->html();

// check if the token is valid
$csrf->check();

// validate if request token matches the stored token
$status = $csrf->isValid();
Tags
since
1.5.4

Table of Contents

$name  : string
$token  : string
__construct()  : mixed
Class constructor.
__toString()  : mixed
Returns the HTML input element containing the CSRF token.
check()  : bool
Checks whether the request token matches the token stored in the session.
fail()  : void
Renders 403 error page.
html()  : string
Returns an HTML input element containing a CSRF token after storing it in the session.
isValid()  : bool
Validate the request token with the token stored in the session.
token()  : string
Generates a CSRF token, stores it in the session and returns it.
isIdentical()  : bool
isWhitelisted()  : bool

Properties

$name

private string $name

$token

private string $token

Methods

__construct()

Class constructor.

public __construct([string|null $name = null ]) : mixed
Parameters
$name : string|null = null

The name of the CSRF token (input field).

Return values
mixed

__toString()

Returns the HTML input element containing the CSRF token.

public __toString() : mixed
Return values
mixed

check()

Checks whether the request token matches the token stored in the session.

public check() : bool
Return values
bool

fail()

Renders 403 error page.

public static fail() : void
Tags
codeCoverageIgnore

Can't test methods that send headers.

Return values
void

html()

Returns an HTML input element containing a CSRF token after storing it in the session.

public html() : string

This method will be called automatically if the object is casted to a string.

Return values
string

isValid()

Validate the request token with the token stored in the session.

public isValid() : bool
Return values
bool

Whether the request token matches the stored one or not.

token()

Generates a CSRF token, stores it in the session and returns it.

public token() : string
Return values
string

The CSRF token.

isIdentical()

private isIdentical() : bool
Return values
bool

isWhitelisted()

private isWhitelisted() : bool
Return values
bool

Search results