Class Framework\HTTP\AntiCSRF · Aplus Framework Docs

AntiCSRF
in package

http

Class AntiCSRF.

$enabled


protected
bool
$enabled
= true

$request


protected
Request
$request

$tokenName


protected
string
$tokenName
= 'csrf_token'

$verified


protected
bool
$verified
= false

__construct()

AntiCSRF constructor.


public
__construct(Request $request) : mixed

Parameters

$request : Request

Return values

mixed —

disable()

Disables the Anti CSRF verification.


public
disable() : static

Return values

static —

enable()

Enables the Anti CSRF verification.


public
enable() : static

Return values

static —

getToken()

Gets the anti-csrf token from the session.


public
getToken() : string|null

Return values

string|null —

getTokenName()

Gets the anti-csrf token name.


public
getTokenName() : string

Return values

string —

getUserToken()

Gets the user token from the request input form.


public
getUserToken() : string|null

Return values

string|null —

input()

Gets the HTML form hidden input if the verification is enabled.


public
input() : string

Return values

string —

isEnabled()

Tells if the verification is enabled.


public
isEnabled() : bool

Return values

bool —

isSafeMethod()

Safe HTTP Request methods are: GET, HEAD and OPTIONS.


public
isSafeMethod() : bool

Return values

bool —

setToken()

Sets the anti-csrf token into the session.


public
setToken([string|null $token = null ]) : static

Parameters

$token : string|null = null: A custom anti-csrf token or null to generate one

Return values

static —

setTokenName()

Sets the anti-csrf token name.


public
setTokenName(string $tokenName) : static

Parameters

$tokenName : string

Return values

static —

validate()

Validates if a user token is equals the session token.


public
validate(string $userToken) : bool

This method can be used to validate tokens not received through forms. For example: Through a request header, JSON, etc.

Parameters

$userToken : string

Return values

bool —

verify()

Verifies the request input token, if the verification is enabled.


public
verify() : bool

The verification always succeed on HTTP GET, HEAD and OPTIONS methods. If verification is successful with other HTTP methods, a new token is generated.

Return values

bool —

isVerified()


protected
isVerified() : bool

Return values

bool —

setVerified()


protected
setVerified([bool $status = true ]) : static

Parameters

$status : bool = true

Return values

static —

AntiCSRF in package http

Tags

Table of Contents

Properties

$enabled

$request

$tokenName

$verified

Methods

__construct()

Parameters

Return values

disable()

Tags

Return values

enable()

Tags

Return values

getToken()

Return values

getTokenName()

Return values

getUserToken()

Return values

input()

Return values

isEnabled()

Tags

Return values

isSafeMethod()

Return values

setToken()

Parameters

Return values

setTokenName()

Parameters

Return values

validate()

Parameters

Return values

verify()

Return values

isVerified()

Return values

setVerified()

Parameters

Return values

AntiCSRF
in package

http