PHPackages shadowprince/forman-csrf - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. shadowprince/forman-csrf ActiveLibrary[Security](/categories/security) shadowprince/forman-csrf ======================== CSRF protection plugin for shadowprince/forman 0.1(12y ago)04BSDPHPPHP >=5.2.0 Since Oct 24Pushed 12y ago1 watchersCompare [ Source](https://github.com/shadowprince/forman-csrf)[ Packagist](https://packagist.org/packages/shadowprince/forman-csrf)[ Docs](http://shadowprince.github.com/forman-csrf)[ RSS](/packages/shadowprince-forman-csrf/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (1)Versions (2)Used By (0) Forman-CSRF ----------- [](#forman-csrf) Forman-Recaptcha - plugin for [forman](http://github.com/shadowprince/forman), adding automatic CSRF-protection for all forms. Plugin works at background, no code needed. ### Mechanism [](#mechanism) - Generates and stores token at every form `process` - Compares token from form data and user cookies, if cookie not exist or not matches - field error will be added and `verify` (so `process` too) fails - Removes `csrf_token` from `process` result, so you'll not even notice ### You can turn it off for one form [](#you-can-turn-it-off-for-one-form) ``` \Forman\CSRFPlugin::disable(); if ($data = $form->process($_POST)) { // now there is no CSRF } \Forman\CSRFPlugin::enable(); ``` ### Or global [](#or-global) ``` // somewhere in bootstrap \Forman\CSRFPlugin::disableGlobal(); // so any enable() will not work now ``` ### Health Score 21 — LowBetter than 19% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity3 Limited adoption so far Community4 Small or concentrated contributor base Maturity48 Maturing project, gaining track record How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 4579d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/f670a13ea375c99232c8b9e8404b888ac28ea3225d02c551da4c6d27c2a17a57?d=identicon)[ShadowPrince](/maintainers/ShadowPrince) --- Tags componentcsrfFormsslimextforman ### Embed Badge ![Health badge](/badges/shadowprince-forman-csrf/health.svg) ``` [![Health](https://phpackages.com/badges/shadowprince-forman-csrf/health.svg)](https://phpackages.com/packages/shadowprince-forman-csrf) ``` ### Alternatives [msurguy/honeypot Honeypot spam prevention 4381.2M12](/packages/msurguy-honeypot)[aura/session Provides session management functionality, including lazy session starting, session segments, next-request-only ("flash") values, and CSRF tools. 2041.2M67](/packages/aura-session)[paragonie/anti-csrf Paragon Initiative's Anti-CSRF Security Library 307200.6k5](/packages/paragonie-anti-csrf)[owasp/csrf-protector-php CSRF protector php, a standalone php library for csrf mitigation in web applications. Easy to integrate in any php web app. 222348.3k3](/packages/owasp-csrf-protector-php)[kunststube/csrfp A signed token generator for cross site request forgery protection. 52209.5k1](/packages/kunststube-csrfp)[laragear/poke Keep your forms alive, avoid TokenMismatchException by gently poking your Laravel app 2211.5k](/packages/laragear-poke) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)