This library keeps bots and unwanted humans from making requests to your website.
It offers full csrf token generation and validation, without external dependencies.
With this, a brute force attack is only possible with browser automation, hence increased cost.
composer require figleaf/figleaf
To generate a csrf token for some random use ( you decide )
<?php
use FigLeaf\FigLeaf;
$token = FigLeaf::token(true);
echo $token;36ea3cb936ea66dbe4fc50444176a84c8138f76859467b86986efb53f1d6To get the current or old token value use FigLeaf::token().
To generate a hidden input field
<?php
use FigLeaf\FigLeaf;
$input = FigLeaf::input(true);
echo $input;<input type="hidden" name="__figleaf_token" value="36ea3cb936ea66dbe4fc50444176a84c8138f76859467b86986efb53f1d6"/>Again, to get an input based on the old or current value, use FigLeaf::input().
You can then go on to add the input to your form or web request as the case may be.
After a form is submitted or a request is sent by a user, you validate it by passing an associative array based on the request medium
<?php
use FigLeaf\FigLeaf;
$validator = Figleaf::validate($_REQUEST);
if($validator->passed()){
// Do something
}
if($validator->failed()){
// Do something
}It is highly recommeded you always generate new tokens per request, otherwise, this whole 'keeping bots and unwanted humans' away thing will just be an empty promise.
Email : paul.contrib@gmail.com