Aplus Framework Docs
AntiCSRF
in package
Class AntiCSRF.
Tags
Table of Contents
- $enabled : bool
- $generateTokenFunction : string
- $generateTokenFunctions : array<string|int, mixed>
- $request : Request
- $tokenBytesLength : int
- $tokenName : string
- $verified : bool
- __construct() : mixed
- AntiCSRF constructor.
- disable() : static
- Disables the Anti CSRF verification.
- enable() : static
- Enables the Anti CSRF verification.
- generateToken() : string
- getGenerateTokenFunction() : string
- getToken() : string|null
- Gets the anti-csrf token from the session.
- getTokenBytesLength() : int
- getTokenName() : string
- Gets the anti-csrf token name.
- getUserToken() : string|null
- Gets the user token from the request input form.
- input() : string
- Gets the HTML form hidden input if the verification is enabled.
- isEnabled() : bool
- Tells if the verification is enabled.
- isSafeMethod() : bool
- Safe HTTP Request methods are: GET, HEAD and OPTIONS.
- setGenerateTokenFunction() : static
- setToken() : static
- Sets the anti-csrf token into the session.
- setTokenBytesLength() : static
- setTokenName() : static
- Sets the anti-csrf token name.
- validate() : bool
- Validates if a user token is equals the session token.
- verify() : bool
- Verifies the request input token, if the verification is enabled.
- isVerified() : bool
- setVerified() : static
Properties
$enabled
protected
bool
$enabled
= true
$generateTokenFunction
protected
string
$generateTokenFunction
= 'base64_encode'
$generateTokenFunctions
protected
array<string|int, mixed>
$generateTokenFunctions
= ['base64_encode', 'bin2hex', 'md5']
$request
protected
Request
$request
$tokenBytesLength
protected
int
$tokenBytesLength
= 8
$tokenName
protected
string
$tokenName
= 'csrf_token'
$verified
protected
bool
$verified
= false
Methods
__construct()
AntiCSRF constructor.
public
__construct(Request $request[, int|null $tokenBytesLength = null ][, string|null $generateTokenFunction = null ]) : mixed
Parameters
- $request : Request
- $tokenBytesLength : int|null = null
- $generateTokenFunction : string|null = null
Return values
mixed —disable()
Disables the Anti CSRF verification.
public
disable() : static
Tags
Return values
static —enable()
Enables the Anti CSRF verification.
public
enable() : static
Tags
Return values
static —generateToken()
public
generateToken() : string
Return values
string —getGenerateTokenFunction()
public
getGenerateTokenFunction() : string
Return values
string —getToken()
Gets the anti-csrf token from the session.
public
getToken() : string|null
Return values
string|null —getTokenBytesLength()
public
getTokenBytesLength() : int
Return values
int —getTokenName()
Gets the anti-csrf token name.
public
getTokenName() : string
Return values
string —getUserToken()
Gets the user token from the request input form.
public
getUserToken() : string|null
Return values
string|null —input()
Gets the HTML form hidden input if the verification is enabled.
public
input() : string
Return values
string —isEnabled()
Tells if the verification is enabled.
public
isEnabled() : bool
Tags
Return values
bool —isSafeMethod()
Safe HTTP Request methods are: GET, HEAD and OPTIONS.
public
isSafeMethod() : bool
Return values
bool —setGenerateTokenFunction()
public
setGenerateTokenFunction(string $function) : static
Parameters
- $function : string
Return values
static —setToken()
Sets the anti-csrf token into the session.
public
setToken([string|null $token = null ]) : static
Parameters
- $token : string|null = null
-
A custom anti-csrf token or null to generate one
Return values
static —setTokenBytesLength()
public
setTokenBytesLength(int $length) : static
Parameters
- $length : int
Return values
static —setTokenName()
Sets the anti-csrf token name.
public
setTokenName(string $tokenName) : static
Parameters
- $tokenName : string
Return values
static —validate()
Validates if a user token is equals the session token.
public
validate(string $userToken) : bool
This method can be used to validate tokens not received through forms. For example: Through a request header, JSON, etc.
Parameters
- $userToken : string
Return values
bool —verify()
Verifies the request input token, if the verification is enabled.
public
verify() : bool
The verification always succeed on HTTP GET, HEAD and OPTIONS methods. If verification is successful with other HTTP methods, a new token is generated.
Return values
bool —isVerified()
protected
isVerified() : bool
Return values
bool —setVerified()
protected
setVerified([bool $status = true ]) : static
Parameters
- $status : bool = true