PHPackages mmdm/sim-csrf - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. mmdm/sim-csrf ActiveLibrary[Security](/categories/security) mmdm/sim-csrf ============= A simple yet nice CSRF library v1.2.2(4y ago)137MITPHPPHP >=7.2 Since Aug 4Pushed 4y ago1 watchersCompare [ Source](https://github.com/mmdm95/sim-csrf)[ Packagist](https://packagist.org/packages/mmdm/sim-csrf)[ RSS](/packages/mmdm-sim-csrf/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependenciesVersions (7)Used By (0) Simplicity CSRF =============== [](#simplicity-csrf) A library for CSRF token management. Install ------- [](#install) **composer** ``` composer require mmdm/sim-csrf ``` Or you can simply download zip file from github and extract it, then put file to your project library and use it like other libraries. Just add line below to autoload files: ``` require_once 'path_to_library/autoloader.php'; ``` and you are good to go. How to use ---------- [](#how-to-use) ``` // to instance a csrf object $csrf = new Csrf(); // then use csrf mothods like $field = $csrf->getField(); // the output will be // ``` #### `__construct(ICsrfStorage $storage = null)` [](#__constructicsrfstorage-storage--null) You can pass custom storage if you want. Just implement `ICsrfStorage`class and pass it through constructor and you are good to go. Go to [Custom Csrf Storage](#custom-csrf-storage) section for more information about how to create custom storage. Available functions ------------------- [](#available-functions) - setStorage(ICsrfStorage $storage): ICsrf You can set storage even after construction with this method. - getStorage(): ICsrfStorage Get csrf storage. - setExpiration(int $timeout): ICsrf This method set expiration from now to a csrf token. Default expiration is 300 seconds. ``` // to set token expiration $csrf->setExpiration(10); // token is valid just for 10 seconds from now // after 10 seconds it'll be generate again ``` Note: If you plan to get token continuously if a code snipped then you should specify expiration each time before getting field or token. exp. If you don't specify expiration in any of them, it has no problem and all of them will be default expiration, but if you specify in one of them, you should speficy expiration after that in each of usage No problem example: ``` $token1 = $csrf->getToken(); // some code // ... $token2 = $csrf->getToken(); // some othe code // ... $token3 = $csrf->getToken(); ``` Problematic example: ``` $token1 = $csrf->setExpiration(20)->getToken(); // some code // ... // in this code, expiration time will be 20 seconds //according to previous codes // if you want anothe expiration, specify it then $token2 = $csrf->setExpiration(300)->getToken(); // some othe code // ... // same thing here $token3 = $csrf->getToken(); ``` - getExpiration(): int Get expiration time. ``` // an integer value in seconds like 300 $timeout = $csrf->getExpiration(); ``` - extendExpiration(bool $answer = true) By default it'll extend timeout of csrf if implemented in storage class or if you want to prevent this behavior you can send `false`to this method. > **Important Note:** If you set expiration to 7200 seconds(2 hours) and extend functionality is on, after each successful csrf validation, it'll extend the expiration. It means you have 3600 seconds left for example and a form has been submitted, now you have 7200 seconds again because you did not off extend functionality but if you turn this functionality off or you have a custom csrf stroge that did not implement any functionality in extend method, now if you have 3600 seconds expiration time and submit a form, you have 3600 seconds left and time not extended. > Added from v1.2.0 - getField(string $name = null, string $input\_name = null): string This method will return input with type hidden and value of token. The $name is an ID to generated token and $input\_name is the name of hidden input. ``` // returns filed string for form $field = $csrf->getField(); // output is // ``` - getToken(string $name = null): string This method will return token value only. Note: If we had token with $name before and it is valid, returns it. ``` // returns token string $token = $csrf->getToken(); // output is a hashed string ``` - regenerateToken(string $name = null): string This method unlike getToken, returns a new token every time. ``` // returns token string $token = $csrf->regenerateToken(); // output is a hashed string ``` - validate($token, $name = null): bool This method validate a token. ``` // returns true on valid and false otherwise $isValid = $csrf->validate(); ``` - clear(): ICsrf This method clears all generated token. ``` // to clear all tokens $csrf->clear(); ``` Custom Csrf Storage ------------------- [](#custom-csrf-storage) Just implement `ICsrfStorage` interface ``` interface ICsrfStorage { /** * @param $key * @param $value * @param $time * @return ICsrfStorage */ public function set($key, $value, $time): ICsrfStorage; /** * @param $key * @return mixed */ public function get($key); /** * @param $key * @return bool */ public function has($key): bool; /** * @param $key * @return ICsrfStorage */ public function remove($key): ICsrfStorage; /** * Extend CSRF timeout if you want to * * @param $key * @param int $expiration * @return ICsrfStorage */ public function extend($key, int $expiration): ICsrfStorage; /** * Remove all stored tokens * * @param string $prefix * @return ICsrfStorage */ public function clear($prefix): ICsrfStorage; } ``` **Important Note:** All `$key` parameters has an extra prefix that is concatenated with a dot to token's hashed name. ``` $key will be something like __simplicity_csrf_tokens_.f7ff9e8b7bb2e09b70935a5d785e0cc5d9d0abf0 as you can see [__simplicity_csrf_tokens_] is prefix and [f7ff9e8b7bb2e09b70935a5d785e0cc5d9d0abf0] is hashed of token name that is [Hello] here ``` License ======= [](#license) Under MIT license. ### Health Score 25 — LowBetter than 37% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity9 Limited adoption so far Community7 Small or concentrated contributor base Maturity54 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~68 days Recently: every ~80 days Total 6 Last Release 1771d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/d955ebaae3fe602e6ad26c16422f6ab25a61a436fd7f08425a5be5c73ef9025c?d=identicon)[mmdm95](/maintainers/mmdm95) --- Top Contributors [![mmdm95](https://avatars.githubusercontent.com/u/26489185?v=4)](https://github.com/mmdm95 "mmdm95 (19 commits)") ### Embed Badge ![Health badge](/badges/mmdm-sim-csrf/health.svg) ``` [![Health](https://phpackages.com/badges/mmdm-sim-csrf/health.svg)](https://phpackages.com/packages/mmdm-sim-csrf) ``` ### Alternatives [defuse/php-encryption Secure PHP Encryption Library 3.9k162.4M214](/packages/defuse-php-encryption)[mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k16.7M113](/packages/mews-purifier)[robrichards/xmlseclibs A PHP library for XML Security 41478.1M118](/packages/robrichards-xmlseclibs)[bjeavons/zxcvbn-php Realistic password strength estimation PHP library based on Zxcvbn JS 87117.5M63](/packages/bjeavons-zxcvbn-php)[illuminate/encryption The Illuminate Encryption package. 9229.7M280](/packages/illuminate-encryption)[paragonie/hidden-string Encapsulate strings in an object to hide them from stack traces 7410.6M39](/packages/paragonie-hidden-string) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)