CMSimple_XH
Public Member Functions | List of all members
XH\CSRFProtection Class Reference

The CSRF protection class. More...

Public Member Functions

 __construct ($keyName='xh_csrf_token', $perRequest=false)
 Initializes a new object. More...
 
 tokenInput ()
 Returns a hidden input field with the CSRF token for inclusion in an HTML form. More...
 
 check ()
 Checks whether the submitted CSRF token matches the one stored in the session. More...
 
 store ()
 Stores the CSRF token in the session, if a self::tokenInput() was called. More...
 

Detailed Description

The CSRF protection class.

Author
The CMSimple_XH developers devs@.nosp@m.cmsi.nosp@m.mple-.nosp@m.xh.o.nosp@m.rg
Since
1.6
See also
CSRF Protection

Constructor & Destructor Documentation

◆ __construct()

XH\CSRFProtection::__construct (   $keyName = 'xh_csrf_token',
  $perRequest = false 
)

Initializes a new object.

Parameters
string$keyNameA key name.
bool$perRequestWhether a new token shall be generated for each request (otherwise once per session).

Member Function Documentation

◆ check()

XH\CSRFProtection::check ( )

Checks whether the submitted CSRF token matches the one stored in the session.

Responds with "403 Forbidden" if not.

Returns
void

◆ store()

XH\CSRFProtection::store ( )

Stores the CSRF token in the session, if a self::tokenInput() was called.

Returns
void

◆ tokenInput()

XH\CSRFProtection::tokenInput ( )

Returns a hidden input field with the CSRF token for inclusion in an HTML form.

Returns
string HTML

The documentation for this class was generated from the following file: